Can We Trust Bubba’s Wallet?

Imagine that, for instance, Bubba’s Wallet is ranked #1 in the app store. But can we trust Bubba’s Wallet?

The short answer is maybe

We need to figure out how to sign an app (Bubba’s Wallet) digitally – so that we know that when we run it, we aren’t running a hacked version. We also need to be able to trust Bubba’s Wallet.

Many pieces of the app need to be certified so we can know that our Digital Wallet is safe to use:

  • the application developer;
  • libraries used that are core to Digital Wallets; and
  • any certifications the developer holds

Furthermore, the groups (e.g. banks, government) that we share information with and get information from also need to know that our digital wallet is trustworthy.

Generally, digital signatures of an app are acceptable for use. But a Digital Wallet will need a lot more behind it than “I, the developer of this beast, used my app store key to submit it.” Said developer could very easily be monitoring inputs and outputs for nefarious reasons. Obviously we need assurance that applications haven’t been tampered with and don’t do bad things with our information.

​Certifying Bubba’s Wallet

But how do we do that and trust Bubba’s Wallet? That’s where things get ugly potentially. We need to get into some pretty hard-core certification and accreditation. Some trusted third-party needs to run through the application and ensure, to some high level, that it isn’t doing nefarious (or stupid) things. But that’s going to cost money – a fair bit.

Is that fair, though? Is it OK to ask Bubba, the masterful developer of Bubba’s Wallet, to pay a third party $5,000 to certify his application? What if the amount is $50,000? $250,000? or Higher?

Regardless of the cost, there will be some certification regime – a “certified by ____” logo that must go beyond the cosmetics. It will need to provide real-time “not tampered with” certification. Many areas require thinking:

  • Is there a way to tie Bubba’s Wallet into a smartphone’s trusted execution environment to generate this “not tampered with” certification?
  • Who are the players that can help get this kind of real-time certification done? The operating system providers, hardware manufacturers, banking networks and telecommunication providers will likely need to step in. They provide infrastructure and business services that will require highly trusted Digital Wallet technology.
  • When does the certification cost get high enough that we start to stifle the innovation needed in the Digital Wallet community?
  • Which Organizations should be doing the certification? Do they need government approval? (Yes. Government approval in a decentralized world is a concept that needs to be considered.)
  • How do we provide a digital “seal of approval” and know that the Wallet’s software hasn’t been tampered with?

Ontario 2022 Election Results

Ontario 2022 Election Results by Christine Martin It would be an understatement if I said that I was disappointed with the Ontario 2022 election results, and I’m not talking about the winning party – I’m talking about the turnout. All to say, it’s discouraging to see...

The State of Digital Wallets Series

The State of Digital Wallets Series The Digital Wallet market is quickly evolving, with many providers and increasing consumer adoption. They are critical to the evolving digital landscape, yet Digital Wallets can still be poorly understood. In 2018 we published a...

Exploring Digital identity

Exploring Digital Identity Christine and Darrell would like to thank everyone who participated in the Exploring Digital Identity webinar on April 27th, 2022. This was an excellent opportunity to learn more about how Self-sovereign identity (digital id) will affect our...

Floss Weekly Podcast

Floss Weekly Podcast Darrell is thrilled to have been invited to the Floss weekly TWiT Tech podcast with Doc Searls and Shawn Powers to talk about Digital Identity and SSI. The three discuss why Digital ID and SSI are becoming more relevant and what essential things...

Digital Identity Trends Webinar Recording

Digital Identity Trends To Watch Thanks to all for participating in the Digital Identity Trends To Watch & 2021 Redux webinar on January 19th, 2022. For the attendees, and those folks that couldn’t make it, we’ve put together a breakdown and some key items for...

Digital Wallet Report Update

Digital Wallet Report Update Darrell and Drummond would like to thank those that attended The Digital Wallet Report Update. For the attendees and those folks that couldn’t make it, here's a breakdown for you.Link to the recording The Digital Wallet Report - 2019 The...

Also published on Medium.

%d bloggers like this: