Nighthawk Wallet Design & Development Grant

With the release of Nighthawk iOS v1.21 on App Store & Nighthawk Android v1.0.20 on Play Store, we have successfully reached the first Milestone. We would like to share our achievements, which are well received by end users on both Android & iPhone.

The status will be updated regularly and published at https://nighthawkwallet.com/changelog/

Additionally, we:

  • Resolved several user support requests via Emails, DMs and GitHub issues.
  • Proactively participated in mobile design discussions for NU5 & Unified Address UX with ECC.
  • Engaged with end users, product walkthrough and noted shortcomings to improve upon.
  • Obtained necessary hardware & software towards meeting milestone deliverables.
  • Renewed the App Store Developer subscription with Apple.
  • Updated the app landing page at https://nighthawkwallet.com
  • Regularly attended development meetings with the LCWG.
  • Setup continuous integration via Bitrise and enabled test-net build variants for ease of testing.
  • Transitioned from relying on existing lightwalletd server to https://lightwalletd.com with 0 service interruption for our end users.
  • Fixed a vulnerability reported to us via our Disclosure Policy.
  • Reported a vulnerability upstream and acted immediately releasing a fix to prod. Privacy-leak bug discovered in Nighthawk and ECC wallets - Electric Coin Company
  • Followed the strict no logging/tracking policy.
  • Kept app dependencies updated with the latest fixes from ECC & native Apple/Android eco-system.

Android specific:

  • Enabled language configuration to prepare for auto-translations to multiple languages.
  • Increased number of supported devices for Nighthawk on Android to 14,579 devices(per Play Console) with minimum supported version of API 23/Android 6.0
  • Focussed on improving layouts & accessibility for supporting a broad variety of form-factors.
  • Enabled screen density configuration to generate optimized APKs for each screen density.
  • Switched to ABI configuration for releases instead of APKs for a smaller app download for users by removing the libraries of the ABIs their device will not load.
  • Reduced app download size to ~9MB after stripping out un-necessary Play Services components, also preparing the build towards a F-Droid release.

Developer community related updates:

  • Engaged with contributors and rewarded them for their contributions from our consulting budget.
  • Intro with ARTI developers and plan to provide them with mobile device requirements for running Tor by default on thin clients.
  • Attended Google I/O 2021 & Apple WWDC21 to keep up to date with the latest APIs, cryptography & security related updates on the Android & iOS platform.

Zcash users feature demands which we will R&D on as per bandwidth:

  • Passcode/Pin protected app start.
  • Contacts management with Z-addresses.
  • Deep linking for interacting with ZECpages.

Things to improve on:

  • Provide updates on Zcash Forums: As per the grant, we promised to post updates following every Milestone on Zcash Forums, especially after an observation of the forum activity slowing down. So we focussed on connecting with the end users directly for updates and troubleshooting. In the future, we will try to post updates to the forum alongside our alternate channels.
  • Investigate optimizing of sync times while maintaining maximum privacy & reducing information leakage. As for the scanning optimizations, once the faster community algorithms are verified and gotten thumbs up from @str4d , we can have those pulled in to Nighthawk for all the efficiency gains.The priority for the next milestone is still NU5 compatibility.
  • Improve regression testing to stop vulnerabilities from seeping in to production versions.

We thank @ZOMG for funding us and believing in our vision to ship Nighthawk Wallet on App Store, Play Store & soon F-Droid Store with regular updates.

7 Likes

Nighthawk Wallet on Android v1.0.20 is live on the Play Store https://play.google.com/store/apps/details?id=com.nighthawkapps.wallet.android

  • A whole better Nighthawk with T-address support + Auto-Shielding of funds after Transparent funds cross 1 ZEC.
  • Sending of ZEC is possible from Z-address only for preserving privacy.
  • Wallet History gets a new look too!

T-address → Z-address Shielding in action Nighthawk Android v1.0.20 - Album on Imgur








11 Likes

With the delay in NU5 on main-net, Nighthawk Wallet team would need to adjust the Milestone and deliverables. As promised in our last update, we have been maintaining the live status of development at https://nighthawkwallet.com/changelog/

In April this year, in line with the prospective July/August launch of NU5, we had planned the launch for UAs to be undertaken in Milestone 2/3, but it is clear now that only the Test-net will be available in Q4 2021 with Main-net launch in Q1 2022. While this delay would give us extra time to refine on UA support and testing before the Q1 readiness, but it will delay our final deliverable flowing in to Q1 22’.

With the extra cycles available in Q4, I have requested @ZOMG to review us undertake working on much needed areas to improve on the wallet:

  1. Improve automated & manual testing across various devices and
  2. Adding easy ZEC purchase support. I have started communication with moonpay.io which can process KYC & Payments so the purchases will be taken care by them, supporting many countries, but not US per their policy :frowning:
  3. Additionally, we can focus on developing the designs with Matt for faster iterations and implementation starting with Android. iOS app redesign update might take longer as the Swift UI framework is very new and it would require diligent coding to bring Matt’s designs to life.

Additionally, I would like to share a short retro for Milestone 2:

What went well

  • F-Droid launch with no anti-features, setting up automated release publishing. Great feedback from the Unlocked Droid community to have a dedicated, Google-free wallet for Zcash.
  • We even got a mention by a Professor from Germany when comparing privacy coins.

And Naomi Brockwell’s feature on Zcash!

  • Purchase of devices & computers for the team to improve security when developing software and improve debugging.
  • Shipped a bonus feature on Android to export wallet seed words to a password protected PDF for easy backup.
  • Shipped Android URI DeepLink & QR code scan for easy of UX when interacting with ZecPages or ZIP-321 compatible services.
  • Fixed test-net variant breakage in zcash-android-wallet-sdk repo upstream.
  • Increase in testing and review for shipping bug free native apps.
  • Got introduced to a research opportunity of building a privacy preserving retrieval of transaction info, this is fresh research and sounds very promising for the future of privacy in light clients.
  • Reviewing possibility of Thorchain integration in Nighthawk wallet for easy to use swaps.
  • With several bug fixes and support for Android 12 & iOS 15, our users are happier, require less support - we went from 4-5 support requests per week in July to 0/1 per week at the end of September while app downloads keep increasing beyond 1000 for both Google Play & Apple App Store each. Nighthawk users contact us via a combination of twitter, protonmail & z2z messages.
  • Take active part in code reviews of upstream wallet & SDK repos.
  • The bi-weekly Native Mobile Light Client Working Group calls have been going well with transparent updates available at GitHub - zcash/lcwg: Light Client Working Group project management repository (Thanks to following Hudson’s model from ETH cat herders calls)

What didn’t go well

  • Both iOS devs were down with COVID-19 causing a slippage of feature deliverables of Deep Linking/QR code scan & PIN code for app entry for Nighthawk on iPhone. These features were successfully shipped on the Android version to both Play Store & F-Droid.
  • Delays in the fast syncing algorithm integration - we are in close contact with ECC who are exploring an optimal solution for faster sync.
  • Translations work is delayed to Milestone 3 as the Lingohub rates for languages we plan to support increased by 3 times, which was out of our budget and not practical as the service package is a monthly payment in to perpetuity. We are now in the process of shifting to using crowdin.com platform for crowdsourced translations.
  • Flexa SDK integration work is also on a back burner as Flexa team is focussing on their own app and roadmap while delaying the release of their Spend SDK. Spend SDK · Flexa Developer
4 Likes

Thanks for the update. Btw, was this feature reviewed by a security expert?

AFAIK, pdf security isn’t very good and there are pdf password crackers that claim they can break it in seconds.

1 Like

What’s the time period for the 1000+ downloads of Nighthawk wallet?

True, PDF security is weak generally, hence we chose integrating iText Core 7 which makes libraries meeting Digital signature standards for PDF encryption iText 7 Core: an open-source PDF development library for Java and .NET.

It still creates pdf and these aren’t very secure, are they?

Let us know if you can crack the password protected PDFs generated via Nighthawk (via our Disclosure Policy https://nighthawkwallet.com/disclosure/)

And maybe even contribute to the public upstream repo: GitHub - itext/itext7: iText 7 for Java represents the next level of SDKs for developers that want to take advantage of the benefits PDF can bring. Equipped with a better document engine, high and low-level programming capabilities and the ability to create, edit and enhance PDF documents, iText 7 can be a boon to nearly every workflow.

Hey, it’s not about iText 7. It creates encrypted PDF but encrypted PDF aren’t very secure.

I’m not a security expert, but maybe you should consult one? Maybe @daira @str4d ?

AFAIK, pdf encryption is good as long as the passwords are good but they don’t do key stretching to slow down brute force attacks.