Add Simple Bitcoin Wallet

[btcontract]

Simple Bitcoin Wallet is a refined version of an original app I've proposed to add a few months ago: #1108

After some fair use and user feedback I've decided to remove all the features which proved to be too confusing or irrelevant, hence the name change.

Website: https://btcontract.com/
Play Store: https://play.google.com/store/apps/details?id=com.btcontract.wallet
F-Droid: https://f-droid.org/repository/browse/?fdfilter=simple+bitcoin+wallet&fdid=com.btcontract.wallet
Reddit discussion: https://www.reddit.com/r/Bitcoin/comments/3ws2td/visual_bitcoin_wallet/
Repo: https://github.com/btcontract/wallet

[crwatkins]

I have reviewed Simple Bitcoin Wallet based on the current wallet requirements criteria and my evaluation is below. Last year this wallet was reviewed as Visual Bitcoin Wallet and I recommended another review after more usage was identified. The summary is that the wallet passes on security and overall design, and only one concerning issue was found last year which was immediately fixed. The wallet behaved well, met functional criteria, and was completely stable. I gladly recommend Simple Bitcoin Wallet for listing.

I concur with the scoring in the pull request.

Simple Bitcoin Wallet

v1.07

Review Version 2016052301

The wallet list is based on the personal evaluation of the maintainer(s) and regular contributors of this site, according to the criteria detailed below.

These requirements are meant to be updated and strengthened over time. Innovative wallets are exciting and encouraged, so if your wallet has a good reason for not following some of the rules below, please submit it anyway and we'll consider updating the rules.

NOTE This wallet was previously named "Visual Bitcoin Wallet" and was previously submitted for listing under that name. This wallet is from the same code base with UI changes.

Basic requirements:

• Sufficient users and/or developers feedback can be found without concerning issues, or independent security audit(s) is available

NOTE No independent security audit is available

PASS Sufficient users and feedback found:

1. Reddit discusion: https://www.reddit.com/r/Bitcoin/comments/3ws2td/visual_bitcoin_wallet/
2. Google Play: 10,000-50,000 installs, over 100 ratings
3. F-Droid discussion https://f-droid.org/forums/topic/visual-bitcoin-wallet/
4. bitcointalk.org discussion: https://bitcointalk.org/index.php?topic=1432390.0

• No indication that users have been harmed considerably by any issue in relation to the wallet

PASS No indication found

• No indication that security issues have been concealed, ignored, or not addressed correctly in order to prevent new or similar issues from happening in the future

PASS No indication found

• No indication that the wallet uses unstable or unsecure libraries

PASS Uses bitcoinj

• No indication that changes to the code are not properly tested

PASS No indication found

• Wallet was publicly announced and released since at least 3 months

PASS Reviews found on Google Play from August 2015

• No concerning bug is found when testing the wallet

NOTE When reviewed last year under the name Visual Bitcoin Wallet, a concerning rounding math error was discovered both while sending and requesting funds

PASS This was reported and immediately fixed

• Website supports HTTPS and 301 redirects HTTP requests

PASS Website at http://btcontract.com and http://www.btcontract.com redirects to HTTPS

• SSL certificate passes Qualys SSL Labs SSL test

PASS https://btcontract.com/ has an A+ rating

• Website serving executable code or requiring authentication uses HSTS with a max-age of at least 180 days

PASS Executable code is available on Google Play and https://btcontract.com has a max-age of 365 days

• The identity of CEOs and/or developers is public

PASS The developer, github user btcontract, Anton Kumaigorodski, maintains the source and his email is listed on https://btcontract.com and Google Play page

• Avoid address reuse by using a new change address for each transaction

PASS A new change address is used for each transaction

• Refuses weak passwords (short passwords and/or common passwords) used to secure access to any funds, or provides an aggressive account lock-out feature in response to failed login attempts along with a strict account recovery process.

NOTE Encryption keys are stored on the mobile device protected by a password

PASS Passwords must be 6 characters or longer

NOTE Poor passwords such as "123456" or "password" are accepted. A password complexity check or meter should be considered.

• Allows backup of the wallet

PASS Backups are made by recording the BIP39 seed phrase available at setup or from wallet settings

• Restoring wallet from backup is working

PASS Funds can be restored by erasing app data from the Android Settings app and starting over by entering the saved phrase. The BIP39 phrase was also successfully used to restore funds to a MultiBit HD wallet.

• Source code is public and kept up to date under version control system

PASS https://github.com/btcontract/wallet is kept up to date

Optional criteria (some could become requirements):

• Received independent security audit(s)

NOTE No independent security audits are available

• Avoid address reuse by displaying a new receiving address for each transaction in the wallet UI

PASS Displays an unused address for each receive

NOTE A receive address may be re-displayed if it has not yet received a transaction

• Does not show "received from" Bitcoin addresses in the UI

PASS Does not show "received from" addresses

• Uses deterministic ECDSA nonces (RFC 6979)

PASS A transaction generated by the wallet was signed with pybitcointools and the same RFC 6979 signature with low S was generated

• Provides a bug reporting policy on the website

PASS Website links to github issue reporting and provides the developer's email address

• Supports HD wallets (BIP32)

PASS Supports BIP32 with standard m/0'/c/i BIP32 path

• Provides users with step to print or write their wallet seed on setup

PASS Provides users with an option to view the seed along with an option to read documentation explaining the importance

• Uses a strong KDF and key stretching for wallet storage and backups

PASS Scrypt (N=65536) is used for key generation with AES 256 bit encryption for storage