We read the The Next Web article and want to provide an official response to the issues it raised. The app in question, BlastChat, was recently accepted into the Kin Developer Program. They are actively developing their app. When security issues became apparent, they removed their app from the app stores.
First, Kin data was never compromised at any point. Because Kin has not yet been integrated into the app, there is simply no vulnerability exposed for any Kin wallets.
Second (this is important), even had Kin been integrated into the app, users’ Kin Wallets would not have been compromised. Kin Wallet security is managed at the SDK level, and is therefore secure regardless of the security practices of the app. So, while Blastchat users’ app-specific data may have been vulnerable, the Kin SDK does not allow extraction of private keys from the device, which means your Kin is secure even in the event of an app-specific security breach.
Third, even though we believe that users’ Kin is secure in any case, we still reserve the right to remove any app from the Developer Program that does not employ industry standard security practices. We are reviewing our Terms of Service, and ensuring that all apps abide by them.
What’s next for the Developer Program?
Kin integrations are presented on Oct. 2. Following this, development teams that receive the “green light” from the program’s selection committee will submit their apps — with the Kin integration — to Google Play and the App Store. It is imperative that developers in the program place an emphasis on creating secure and protected experiences for their users, and that they abide by our Terms of Service.
If you are a current Blastchat user, you can take these recommended precautions to help protect your information.
A final note on security. As always, on the internet and in life, caveat emptor. End-users should always follow their own security best practices with passwords and personally identifiable information. Here are some helpful tips.