Introduction of Tokennet App Wallet: Safe Secret Seed
Written by BlockchainOS Dev Team
April 26 2018
We introduce new mobile wallet, “Tokennet App Wallet” for BOSCoin Tokennet. We created the “Tokennet App
Wallet” because of the various feedback regarding our web wallet, both internal and externally. After
reviewing all the requests, we discovered a major issue related to the current web wallet
(https://wallet.boscoin.io) regarding the “Secret Seed”. We
received a lot of feedback about people
losing their “Secret Seed” and wanting to recover it; and also the user-unfriendliness of a member
needing to enter the “Secret Seed” in order to view their transaction history. Therefore in creation of
our new wallet, we targeted to improve on our “Secret Seed” management (from the web wallet) as well as
some other functions described below. During the design, our team reviewed various concepts focusing on
the security and user friendliness of the wallet; which after a number of discussions, we arrived to the
solution of having a “Recovery Key” and Password to back-up “Secret Seed”, and incorporated it into our
first prototype of the “Tokennet App Wallet”.
It is our pleasure to welcome the release of the first prototype of the “Tokennet App Wallet” to the global community. This release, we invite the community to view and test our “Tokennet App Wallet” via the source code. The next section will provide an overview of our current features to date; which will be then followed by further information on what can be tested. Instructions on the test procedures are available on our github link at the bottom of this article
Note: Although there were many requests for an One-time password (OTP), after some internal discussions, we decided not include it into our the new wallet as the chance of losing the OTP itself was still at a similar risk.
What are the features of the Tokennet App Wallet?
The Basic Features
At a high level, the new wallet allows the user to:
- Create an account / wallet;
- Conduct transactions (sending payment); and
- User friendly transaction history view function
With the introduction of our new wallet, we wish to build on the limitations of our current web wallet to deliver a better experience to the end users. During our design process we reviewed the various limitations with the currently available web wallet and found 3 major elements to its current functionality, which heavily affected the ease of usability of the wallet as below:
“Secret Seed” Management
With our release of the web wallet at the Tokennet launch back in October 2017, we have since
many issues related to users losing their “Secret Seed” – as you may be aware, once you have lost
“Secret Seed”, it is practically impossible to recover it – hence we have developed a “Secret Seed”
management package which includes a Password and a “Recovery Key”.
Having the “Secret Seed”, “Recovery Key” and Password enhances the security as, when using the wallet (importing a wallet or making transactions), you do not expose the “Secret Seed”; in addition, third parties are unable to use the wallet without knowing the Password.
The Password can be set by the user in accordance to certain conditions being met. It is necessary to create the Password in order to decrypt the “Recovery Key”. The “Recovery Key” has “Secret Seed” inside with encrypted form. Users are able to benefit from the “Recovery Key” and Password feature (unlike the current design of the web wallet) as the “Recovery Key” provides extra security as even if you lose your “Secret Seed”, so no one can take your coins away; in addition, you can always recover your “Secret Seed” using Password and “Recovery Key”.
Now with the “Secret Seed” management package built into our new wallet, users will now be able to recover their wallets.
Multi-Public Address Management
Currently in the web wallet, a user is required to manage each individual Public Address separately – we have created a package in the new wallet to allow the wallet to manage multiple “Public Address”es
Better Transaction History Viewing
Our current web wallet allows the user to view their transaction history only when they provide
“Secret Seed”. We have received feedback from the community on the inconvenience this is process –
with our aim to improve user friendliness of our product, our new wallet now allows the user to view
their transaction history without the need for them to input their “Secret Seed”.
Note: Although there were many requests for an OTP, after discussion we decided not include it into our product as the chance of losing the OTP itself was still at a similar risk.
What functions can be tested?
Testing of our first prototype of the new wallet is now available using our source code – this includes testing of the following functions:
- Creating wallet
- Importing wallet
- Sending payment
IMPORTANT: Currently, the new wallet will use the test network of BOSCoin Tokennet(aka. testnet), not public network.
The following informs the scenarios that can be tested.
- Wallet creation, setting the wallet name, setting the password, wallet creation confirmation step
- “Recovery key” generation and confirmation
- Verification that the wallet has been created in the application
1. First, on the first page clicking the ‘Create Wallet’ button will lead to setting the
name & Password, which then will lead to clicking the ‘OK’ button.
2. Second, confirmation of the “Recovery Key”, then writing down the “Recovery Key” in a separate memo or making a screenshot of it, as it will be used when importing the wallet. After recording, clicking ‘OK’.
3. Third, confirmation on whether the wallet is created and in the user’s wallet list.
- Import wallet, “Recovery Key” input, QR Code import
- Password input, Wallet renaming
- Verification that the wallet has been imported in the application
1. First, on the first page clicking ‘Import Wallet’ and entering “Recovery Key” (the key
from ‘Creating Wallet’) or importing the QR code.
2. Second, entering the Password that was already set up. The ability to set a new wallet name.
3. Third, confirmation on whether the wallet is listed on the user’s wallet application.
As we are still maturing the new wallet and the security concerns, importing a wallet using a “Secret Seed” is unavailable at the current testing of this prototype; however we will have this ready by when we release the finalized product.
- Send function
- Public Address input (Note: QR input not available at this prototype)
- Amount to send input
- Password input
1. First, clicking the ‘Send’ button on the wallet list.
2. Second, entering ‘Public Address’ (QR code input is not available on this prototype)
3. Third, entering the amount.
4. Fourth, clicking the ‘send’ button.
5. Lastly, entering the password.
The development of other features are ongoing, and we will share these with the community once they are
at an appropriate level. Our ongoing work to mature the new wallet requires further planning, design,
development and quality control – however we wish to inform the community that to ensure a stable
wallet, this will require us to allocate more resource during the quality control phase. Once the new
wallet is finalized and complete, we will upload it onto Google Play for us all to enjoy!
To view the source code of our new wallet, please visit our github, https://github.com/bosnet/tokennet-wallet-android
We invite our community members to view and test the source code of our new wallet via the Github link: https://github.com/bosnet/tokennet-wallet-android
The development of this “Tokennet App Wallet” is, as mentioned above, showcases our willingness to open
our ears to the public and we welcome future feedback to help improve our ecosystem.
We would like to reiterate our sincere dedication to creating the best platform and applications for the world.
Thank you for the continued support for our BOS ecosystem!