You are viewing a single comment's thread from:

RE: Introducing Steemia - A new mobile app to access the Steem Blockchain!

in #steem7 years ago

I have not and will not give out my owner key due to the near quarter million I have in my account. Well over a million will be there if the price goes near where it was pre-crash.

I can't change the main key if someone decides to peak in the server and power me down/ lock me out of my own account. Steemconnect needs to show how the key is transmitted, who can access it and how we are supposed to trust them when our accounts are holding lots of crypto.

Pardon my skepticism. I would put my keys out there if it were $5,000

Sort:  

SteemConnect code is I believe thoroughly reviewed and trusted. The problem I have with this app is the built in browser to sign with SteemConnect. It should launch an external browser which we can trust.

I agree it should be usable with a posting key only.

The browser launched by the app is owned by Android device. It actually uses the native browser engine in order to render the website inside the app. In addition, the url is shown for security purposes so users can confirm that they are really at SteemConnect.

While it is possible to open the browser in an extra app, it will be less intuitive and will add more steps to the UI. In addition, is nearly not possible to have a callback from the native browser application. The way that SteemConnect works is by using callbacks. In our case, our callback will redirecgt back to a dummy localhost address which is used to capture the accesss token and close the browser renderer at the app.

While for websites it is suitable to open another tab with SteemConnect because you can use the callback, it is impossible on phones since the callback cannot redirect you to the app.

Also, all the source code is there for audition. The plugin used to launch the browser in the app is itself a component of each Android device.