When I first got in to crypto about six months ago, the first thing I did was buy a Trezor, and a Ledger. In my naivety, I assumed that both devices would have native, Store Apps that I could download from trusted sources like Google Play, or Windows Store. I was mortified when I realized that the only way to access these devices was in a browser window. ‘You mean I gotta access sensitive data via Chrome like an animal?’ . I started convulsing at this point.
Hardfolio is a completely native app and is deployed from the Google Play Store and the Windows Store.
What’s Wrong with Browser Apps?
Websites or browser apps are not inherently secure. We’ve all heard about phishing and man-in-the-middle, and DNS Hijacking attacks. They are a very real threat in browser apps. See Ledger’s Man In the Middle Flaw. See, the Trezor Phishing Scam. See MyEtherWallet’s DNS Hijacking Incident. These attacks are a lot easier in browser apps because anyone can set up a website that claims to be the legitimate vendor of a product, and it is very hard to get these websites pulled down. Google and so on can remove phishing sites from their search engine, but if the website is hosted in a country where authorities have no jurisdiction, there’s not a lot that can be done (Monitoring and Takedown).
This isn’t to say that native, or store apps eliminate this issue. Far from it. Some phishing scams are enabled by store apps. But, the main problem relates to how users can tell if the app they are using is legit. Users are frequently bamboozled by crypto tech, and when they are confronted with a website, they need to remember to do all kinds of things like check the domain name, check the SSL certificate, check the address they are sending to, and so on. When there are chances that users could forget to do these things, there are opportunities for attacks.
Why Native, Store Apps?
Native apps have the native look and feel of the platform. They don’t look like web pages, they look like they are integrated in to the operating system properly. This gives users a sense of familiarity because a button in the app looks like a button in all their other apps. Text entry works the same in a native app as it does in every other app on their phone, so it’s comfortable for the user.
But, there’s another problem. Apps like Ledger Live need to be downloaded from a website and installed by the user. This introduces a big problem. The user may accidentally download a hacked version of the app and install malware by mistake. User should never trust manually downloaded apps. If they do, they need to verify that the are downloading from the correct location, and they also need to verify that the downloaded file is not infected with malware after the download is completed. This is too much to ask from the average user. Even tech savvy people like me find this laborious and it makes me feel uncomfortable.
Store apps are better because installing from the store guarantees that you are installing an app published by the vendor itself. As long as the user checks the vendor of the app before installing, they can guarantee that the code they are running is authentic because it is signed with a unique signature from the store. If the code is altered by malware, the operating system will know about it, and stop the app from running.
C# is not the only language or technology to empower developers to build and deploy native, store apps, but, it is one of the more common, and more supported ones. C# has been around since 2000. It is fully backed by Microsoft, and is a very mature language. It allows you to compile to native code on iOS, and to the Mono runtime on Android which interfaces with Android’s native Java platform. On Windows 10, C# is compiled to native code. C# apps can be deployed to the Apple Store, Windows Store, and Google Play Store, but it also runs on several other platforms like Linux, and MacOS.
Xamarin is a Microsoft owned C# technology that puts a layer over all the main OS platforms and allows code sharing for these platforms. Xamarin Forms is a library that puts a further UI layer over the top of Xamarin. You can write your UI in one markup language (XAML), and this UI is translated in to each platform’s native look and feel. Hardfolio is Xamarin Forms based with tweaks on each platform to make it a more tight fit on each platform.
Here are some alternatives to C# and Xamarin. In the long run, some of these technologies may become better and more usable, but for the time being, C# gives the developer the easiest path toward creating native apps for multiple platforms without writing the code again and again. Of course there is always the option of writing a native app in Java, Swift, .NET, and so on, but this comes at a heavy development cost. My personal experience is that while Xamarin can be frustrating at times, it is comprehensive, and anyone who has experience with XAML and C# can build very high quality apps with it.