You are viewing a single comment's thread from:

RE: [Introducing Steemy] - Fully Native iOS/Android apps for STEEM

in #steemit8 years ago (edited)

You bring up interesting points - all of which we've put thought into. On one hand steemit.com is a "browser" of the blockchain... a very good one I might add. The blockchain behind steemit is what's really interesting to us. Getting official approval of the app from Ned, Dan and others? Not sure that's possible.. and I'm actually not sure they even want to be a part of officially "endorsing" 3rd party apps. I've reached out during development at various times to keep them posted on what we've been building and they haven't ignored us. While we'd love to get a shout out from Ned or Dan (*crosses fingers), that's definitely not our focus. Our focus is to bring our mobile expertise to STEEM in order to push it in mainstream's face! We need STEEM to be a compelling experience on mobile regardless of endorsement. Mobile is a major barrier in our opinion. Thanks for the great comment @cryptos!

Sort:  

@steemapp: regarding security, as raised by @cryptos, are you asking for the master password that controls the account or only the posting key? Mobile phones aren't the safest platform around and there are plenty of apps that contain malware. For security reasons, it would be better if Steemy was working exclusively with the posting key / password and active key / password of users so that no matter what, it wouldn't be able to hijack Steem accounts even if it tried to. That's the best way to stay clear from most of the liability that comes with running a crypto-currency app for mobile phone. Of course, there is the problem of how understanding users are about the difference between master password / key and more specific access keys, but there is a way to make that pretty transparent for users. See below.

@dantheman: it would be good to have in the protocol something like "access requests" that would allow anyone to ask for a specific public key to be added as authenticating key of another users account. These requests would just sit there waiting to be approved or denied by a client that has control of the target user account. Typically all that the target account client will have to do is read the requests, display a pop-up "do you want this key to have <posting/trading> access to your account (yes/no)" and perform a update_accout_auth_key call to add the key to authorized keys for the specific type of permission. For security / foolproof-ness, this third party request mechanism shouldn't apply to "owner" permission. The point of doing that is that app developers can have their app request for permissions very much in the same way as third party Google apps or Google Drive apps are requesting the authorization to access one's Google account. Doing so, the user never needs to input his master password / key in the (somewhat untrusted) third party app: all she needs to do is tell the app what is her Steem account, then go to Steemit.com, authenticate with her master key, and approve the app's request. That way there is no way for any third party apps to hijack accounts. So long as users are careful about what specific authorization they give to the app, in the very worst case the app may post / vote on their behalf (and get spotted very quick) or steal some liquid Steem / SBD but most of the funds in the form of vests would be safe and can be easily protected by terminating the app's access / removing its keys.

Hey @recursive, sorry for the late response, things have been crazy over here for us and we've been nose to the grindstone so we can get this into people's hands asap.

We will give the user the option to use whichever password they are most comfortable with, whether that is their master password, or one of their other keys. The exact user flow for the final product is something we are still working on, but our intention is to create a user flow that recommends the user login with their posting key only.

@steemapp: I'm referring to the debate there was in steemit.chat . Understand that allowing people to use their master password is raising a huge red flag. You don't need the master password for posting. Why ask for it or even allow people to give it and at the same time jeopardize the security of their entire account (you know smartphones are unsafe, don't you?). I'll personally (and this won't be only me) will be putting disclaimers in each and every of your posts reminding people of the security risk of using their master password on their smartphone, of the fact there is no way to really know what you app does, and of the fact they could lose entirely their account. But if you don't ask for the master password and instead encourage people to manage intelligently the security of their account, I won't have any reason to make all that noise.

Beside, if you ask for the master password, many people will be challenging you for opensource release. I know opensource in meaningless in the case of smartphone apps which are anyway built and released on app stores that don't allow users to check signatures and checksums. But I know people will still ask you. You can easily avoid that, again, by opposing to them that you only ask for the posting key that can be replaced in a finger snap should people feel that the application is misusing their key.

For everyone's peace of mind, and to avoid you trouble, questions and accusations, please DO NOT "offer" the possibility for people to use their master password. There is now a "permission" tab in Steemit. If need be make a quick tutorial animation to show people how to get their posting key and put it in your app.

This is the one and only issue that makes your app cross my alert threshold. And again that's not only me annoying you, you'll get heat from every direction if what you do risks compromising Steem users account security.

Great work on the app! We have our hands full with the protocol and steemit.com so are very happy to see you take this space and profit as much as you can from it.

We cannot endorse your app for security and liability reasons, but are nevertheless happy to see it.

Thanks @dantheman! We are blushing here at the office. I completely understand on the endorsement thing which is why we've never asked. Plus, we sleep better knowing you guys are manning the protocol layer and foundation that makes our work possible. I'm proud to be a part of this so early on.

Awesome to see you comment to this.. thank you so much for the confidence :D

I am eagerly awaiting an app for both iOS and android. What I have seen so far is nowhere near as good as your proposal.

I've noticed on my phone (still rocking the 4s I know time for an upgrade) that when there are a lot of comments the scrolling feature gets somewhat "jumpy" for a lack of a better term. That may be due to the processor of my ancient phone, but would be interested to have others weigh in.

Push notifications are a must as you noted already, and whether steemit chat it the best for mobile or if you wanted to come up with something more similar to fb chat that would be a pretty nice edition.

Maybe instead of clicking on the little reply button when you go to make a comment something like this would be helpful.

unnamedcff3c.jpg

So if you clicked anywhere inside one of those rectangles (the rectangles are just for reference) it would open a reply text box.

Also to the best of my knowledge the little // inside the square at the bottom right of the text boxes for comments and posting blog posts does not allow you to drag and make it larger so you do not have to scroll up and down to edit comments.

I love all the work you put into this @steemapp maybe we could has out some ideas for a decentralized radio app. Streemit Radio - Decentralized Music

Untitled-671e50b.jpg

Thanks @olivianakano I appreciate you looking at it.

Just to be sure they haven't ignored us you meant have and not haven't, right?

It is one thing to offer a passive "browser" of the Steem blockchain that only reads data, but if you want to add an active access that would allow users to add data then security becomes a concern.

People use steemit.com as the official access point to the Steem blockchain for reading and writing data to it and many other tools that just read data from the blockchain without concerns.

What matters most is that the open-source gets audited and only posting WIF passphrase gets used in the app.

As long as the Active or Owner keys aren't entered, I can't imagine any major risk.

Being able to build on top of the Steem blockchain without permission is a huge value proposition for the ecosystem.

Nope, I mean they haven't ignored us. Ned responded with enthusiasm weeks ago to an email I sent. He even asked how they could help. Point taken on "browser". I certainly didn't mean to suggest it is simply a browser. I just wanted to note that steemit.com is the first client to interact with the blockchain (in the ways you mention), but we think there will be many as time goes on.

YES!
Steemit has the potential to be Revolutionary and I am going full in, Investing my valuable time and knowledge in curating content for this community, to make the community as a whole, even MORE valuable.
I have already written multiple articles including one on "Why steemit is so important and revolutionary."
Though I have always been a cutting edge guy, the MASSES have no clue about steemit and even if they did, would not use it because the user interface is far to uncomfortable for them. In order for this truly awesome platform to make its way into "mainstream" then there will need to be a huge upgrade in user interface and that obviously includes a mobile app. Over 60% of internet access is via mobile phones now and that will likely only increase as smartphones become more and more powerful and integrated into every day life.
So Steemit MUST have a mobile app. The question is will they develop one them selfs or will others?
Obviously there are a LOT of factors involved, including security. Though I am not a coder or a tech guy, so I won't even try and get into any debate about that aspect.
What I can say is that I love the Steemit community. I TRUST the people who are behind it and that we NEED a mobile app. So if this is not the one then let it be soon. If it is then THANK you for helping this community to the NEXT level!

You are absolutely right! As i've mentioned in my post, Steem is the next generation App Store, and steemit.com is just a official prototype. Everyone can benefit from Steem and build their own Apps.
https://steemit.com/steemit/@facer/a-guide-to-steem-world