As a developer, Leo Wandersleb is passionate about the way Android wallets work. In his quest to evaluate myCelium's main competitors, he has established a methodology of rating mobile wallets. That's why he created WalletScrutiny.com, a website where you can find information about how open source and transparent your mobile wallet of choice really is.
If the wallet that you download from Google Play Store is not the same as the binaries you clone from the public GitHub repositories, then a red flag quickly gets waved and the wallet is not reproducible. This means that the developers are not entirely transparent about their code, do not maintain the repositories in a congruent way, and may just become malevolent if the users don't pay attention.
Another interesting fact presented by Wandersleb concerns Samourai Wallet's dishonest marketing: though the developers of Samourai talk about open sourceness, their builds are not verifiable and there are great differences between the code on GitHub and the application that can be downloaded from the Play Store.
Wandersleb provides interesting insights about the amount of trust that we should have in developers, explains how and when reputation matters, and ultimately helps all users to use better mobile wallets.
Time Stamps Leo Wandersleb
00:46 – Introduction
02:15 – Categorization of mobile wallets on WalletScrutiny.com
3:50 – What verifiability means for wallets, and why verifiable does not mean verified
6:40 – Why verifiability matters to make sure that the wallet developers are not hacking you
9:40 – Which wallets are listed as verifiable on WalletScrutiny.com?
12:20 – Why Coinomi wallet is not open source
13:05 – Coinbase is custodial and should be avoided
15:21 – Some of the most popular mobile wallets also happen to be the worst
18:25 – Wallets that are popular, open-source, but not verifiable
19:08 – Samourai Wallet is not verifiable
22:10 – How reproducibility works at MyCelium to prevent abuses by release managers
24:20 – More arguments against Samourai
29:20 – Android’s interesting security
31:27 – Google Play vs F-Droid
33:55 – What about iOS wallets, are they verifiable?
35:20 – Blockstream Green and why it’s great
37:20 – Coinbase vs Samourai for the average user
40:30 – Why it’s better to be careful with mobile wallet updates
45:40 – In the “Don’t trust, verify” issue, what can the average user actually verify?
48:40 – Leo fails at marketing his own project
50:40 – Why builders are the best
51:10 – Companies exploiting the ignorance of newbies
53:00 – Satoshi was honest about Bitcoin’s limitations
55:30 – Why MyCelium’s iOS wallet is terrible and not recommended, but the Android version is better
59:10 – MyCelium vs Blockstream Green
1:00:30 – Collecting fees from routing Lightning Network transactions
1:02:48 – Lightning Network Routing
1:06:00 – Best mobile wallet for ease of use and open source verifiability
1:09:00 – Wallet Scrutiny [dot] com and its methodology
1:10:30 – How much does reputation matter in the Bitcoin space?