Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider disabling zcash: URI scheme #1096

Closed
daira opened this issue Mar 1, 2024 · 3 comments · Fixed by #1105
Closed

Consider disabling zcash: URI scheme #1096

daira opened this issue Mar 1, 2024 · 3 comments · Fixed by #1105
Labels
I-SECURITY Problems and improvements related to security.
Milestone
iOS Zashi 1.0

Comments

@daira
Copy link
Contributor

daira commented Mar 1, 2024

This is @defuse's suggested mitigation for #1093 and #1094.
@daira daira added the I-SECURITY Problems and improvements related to security. label Mar 1, 2024
@daira daira added this to the iOS Zashi 1.0 milestone Mar 1, 2024
@LukasKorba
Copy link
Collaborator

LukasKorba commented Mar 3, 2024
edited by daira

Support for deplinks was impemented very long time ago, I think around mid 2022 because at that time it was a regular requirement but nobody defined actual and useful deeplinks. So the implementation is still in (nowadays) Zashi, doing:

  • registering the URI
  • parsing any URL that starts with zcash://

As a debug example sending some amount to a specific address URL was used but it's no longer valid because the infrastructure of (nowadays) Zashi changed.

We have 2 options:

  1. Disable the whole feature, it would mean delete the URI support but I would leave at least the deeplink TCA dependency module in place for possible future re-open of the feature.
  2. Make a use of deeplinks, define some useful URLs.

Please NOTE, I agree that definition of the URI automatically allows some other apps to discover Zashi but we can't do anything about it, it's how iOS designed.

Title of this issue says Consider disabling like it's a solution for Zashi 1.0 but it's only postponing the issue to some other day in the future. Only ultimate solution is to never use URI and deeplinks on iOS and that I can't decide, I don't know if product/leadership will ever make such call.

@LukasKorba LukasKorba mentioned this issue Mar 6, 2024
Merged
15 tasks
@daira
Copy link
Contributor Author

daira commented Mar 6, 2024

Title of this issue says Consider disabling like it's a solution for Zashi 1.0 but it's only postponing the issue to some other day in the future. Only ultimate solution is to never use URI and deeplinks on iOS and that I can't decide, I don't know if product/leadership will ever make such call.

Yes it sucks. It would basically mean abandoning ZIP 321. But I want everyone to know that I am very serious about deprecating/removing features that can't in practice be made secure, even if we have expended a lot of work on them.

@pacu
Copy link
Contributor

pacu commented Mar 6, 2024
edited

It would basically mean abandoning ZIP 321

Not actually. The Zashi app can choose not to tell the OS that it can handle the URI, but in fact handle it internally when scanning it from a QR or receiving a share item that contains a payment URI in the form of text. The UX wouldn't be "automagical" like Apple likes it but Zcash's mission is not to be super lean at any cost.

But I want everyone to know that I am very serious about deprecating/removing features that can't in practice be made secure, even if we have expended a lot of work on them.

I agree with this. It's the right thing to do

@pacu pacu mentioned this issue Mar 6, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
I-SECURITY Problems and improvements related to security.
Projects
None yet
Milestone
iOS Zashi 1.0
Development

Successfully merging a pull request may close this issue.

[#1093] Zashi-iOS audit Issue B LukasKorba/secant-ios-wallet
3 participants
@pacu @daira @LukasKorba