When I first got in to crypto about six months ago, the first thing I did was buy a Trezor, and a Ledger. In my naivety, I assumed that both devices would have native, Store Apps that I could download from trusted sources like Google Play, or Windows Store. I was mortified when I realized that the only way to access these devices was in a browser window. ‘You mean I gotta access sensitive data via Chrome like an animal?’ . I started convulsing at this point.

Crypto grew up on the web. It’s an internet phenomenon, so it’s not surprising that to gain maximum coverage, most apps were built in a browser with HTML, and JavaScript. HTML and JavaScript runs everywhere and is mostly compatible with all browsers. Furthermore, most of the developers on the planet are HTML/JavaScript developers. But, there’s several catches. Browser apps are clearly not fit for purpose when it comes to crypto, and the crypto sphere is starting to adjust accordingly. Ledger Live is a step in the right direction, but it still doesn’t go far enough.

Hardfolio is a completely native app and is deployed from the Google Play Store and the Windows Store.

What’s Wrong with Browser Apps?

Websites or browser apps are not inherently secure. We’ve all heard about phishing and man-in-the-middle, and DNS Hijacking attacks. They are a very real threat in browser apps. See Ledger’s Man In the Middle Flaw. See, the Trezor Phishing Scam.  See MyEtherWallet’s DNS Hijacking Incident. These attacks are a lot easier in browser apps because anyone can set up a website that claims to be the legitimate vendor of a product, and it is very hard to get these websites pulled down. Google and so on can remove phishing sites from their search engine, but if the website is hosted in a country where authorities have no jurisdiction, there’s not a lot that can be done (Monitoring and Takedown).

This isn’t to say that native, or store apps eliminate this issue. Far from it. Some phishing scams are enabled by store apps. But, the main problem relates to how users can tell if the app they are using is legit. Users are frequently bamboozled by crypto tech, and when they are confronted with a website, they need to remember to do all kinds of things like check the domain name, check the SSL certificate, check the address they are sending to, and so on. When there are chances that users could forget to do these things, there are opportunities for attacks.

Aside from this, browser apps are just plain clunky and do not have a native look and feel. iPhone users expect apps to look like iPhone apps. Android users expect apps to look like Android apps. A native app is usually represented by an icon on the desktop while in a browser you have to navigate to a bookmark, or type a Url in which is always subject to the possibility of being led to a phishing site. JavaScript runs far more slowly than native code. Also, browsers needlessly distract the user with extra widgets so browser apps will always provide a poorer user experience than native apps.

Why Native, Store Apps?

Native apps have the native look and feel of the platform. They don’t look like web pages, they look like they are integrated in to the operating system properly. This gives users a sense of familiarity because a button in the app looks like a button in all their other apps. Text entry works the same in a native app as it does in every other app on their phone, so it’s comfortable for the user.

Native apps are as fast as they can be. JavaScript is slow. This is not really a criticism of JavaScript, but it’s not a subjective point. Here is a benchmark comparing native vs. JavaScript apps. JavaScript is an interpreted language, and is parsed on the fly, so there’s no conceivable way that it will ever be as fast as native code. It serves its purpose, but HTML and JavaScript were only ever created to fulfill basic needs inside a browser. The original intentions of this pair didn’t include full fledged applications.

But, there’s another problem. Apps like Ledger Live need to be downloaded from a website and installed by the user. This introduces a big problem. The user may accidentally download a hacked version of the app and install malware by mistake. User should never trust manually downloaded apps. If they do, they need to verify that the are downloading from the correct location, and they also need to verify that the downloaded file is not infected with malware after the download is completed. This is too much to ask from the average user. Even tech savvy people like me find this laborious and it makes me feel uncomfortable.

Store apps are better because installing from the store guarantees that you are installing an app published by the vendor itself. As long as the user checks the vendor of the app before installing, they can guarantee that the code they are running is authentic because it is signed with a unique signature from the store. If the code is altered by malware, the operating system will know about it, and stop the app from running.

Why C#?

C# is not the only language or technology to empower developers to build and deploy native, store apps, but, it is one of the more common, and more supported ones. C# has been around since 2000. It is fully backed by Microsoft, and is a very mature language. It allows you to compile to native code on iOS, and to the Mono runtime on Android which interfaces with Android’s native Java platform. On Windows 10, C# is compiled to native code. C# apps can be deployed to the Apple Store, Windows Store, and Google Play Store, but it also runs on several other platforms like Linux, and MacOS.

Xamarin is a Microsoft owned C# technology that puts a layer over all the main OS platforms and allows code sharing for these platforms. Xamarin Forms is a library that puts a further UI layer over the top of Xamarin. You can write your UI in one markup language (XAML), and this UI is translated in to each platform’s native look and feel. Hardfolio is Xamarin Forms based with tweaks on each platform to make it a more tight fit on each platform.

Here are some alternatives to C# and Xamarin. In the long run, some of these technologies may become better and more usable, but for the time being, C# gives the developer the easiest path toward creating native apps for multiple platforms without writing the code again and again. Of course there is always the option of writing a native app in Java, Swift, .NET, and so on, but this comes at a heavy development cost. My personal experience is that while Xamarin can be frustrating at times, it is comprehensive, and anyone who has experience with XAML and C# can build very high quality apps with it.

Conclusion

Crypto is moving toward native apps as opposed to browser based apps. However, native apps do not yet make make up the majority of existing crypto apps, and many of the native apps are still written in HTML/Javascript and packaged in downloadable installers. This won’t cut it in future. The future is store apps. C# is a good way to reach this end goal on many platforms. Hardfolio embraces this paradigm, and the hope is that apps like Hardfolio will lead the away toward independence from browsers.

 

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s