Can We Trust Bubba’s Wallet?

Imagine that, for instance, Bubba’s Wallet is ranked #1 in the app store. But can we trust Bubba’s Wallet?

The short answer is maybe

We need to figure out how to sign an app (Bubba’s Wallet) digitally – so that we know that when we run it, we aren’t running a hacked version. We also need to be able to trust Bubba’s Wallet.

Many pieces of the app need to be certified so we can know that our Digital Wallet is safe to use:

  • the application developer;
  • libraries used that are core to Digital Wallets; and
  • any certifications the developer holds

Furthermore, the groups (e.g. banks, government) that we share information with and get information from also need to know that our digital wallet is trustworthy.

Generally, digital signatures of an app are acceptable for use. But a Digital Wallet will need a lot more behind it than “I, the developer of this beast, used my app store key to submit it.” Said developer could very easily be monitoring inputs and outputs for nefarious reasons. Obviously we need assurance that applications haven’t been tampered with and don’t do bad things with our information.

​Certifying Bubba’s Wallet

But how do we do that and trust Bubba’s Wallet? That’s where things get ugly potentially. We need to get into some pretty hard-core certification and accreditation. Some trusted third-party needs to run through the application and ensure, to some high level, that it isn’t doing nefarious (or stupid) things. But that’s going to cost money – a fair bit.

Is that fair, though? Is it OK to ask Bubba, the masterful developer of Bubba’s Wallet, to pay a third party $5,000 to certify his application? What if the amount is $50,000? $250,000? or Higher?

Regardless of the cost, there will be some certification regime – a “certified by ____” logo that must go beyond the cosmetics. It will need to provide real-time “not tampered with” certification. Many areas require thinking:

  • Is there a way to tie Bubba’s Wallet into a smartphone’s trusted execution environment to generate this “not tampered with” certification?
  • Who are the players that can help get this kind of real-time certification done? The operating system providers, hardware manufacturers, banking networks and telecommunication providers will likely need to step in. They provide infrastructure and business services that will require highly trusted Digital Wallet technology.
  • When does the certification cost get high enough that we start to stifle the innovation needed in the Digital Wallet community?
  • Which Organizations should be doing the certification? Do they need government approval? (Yes. Government approval in a decentralized world is a concept that needs to be considered.)
  • How do we provide a digital “seal of approval” and know that the Wallet’s software hasn’t been tampered with?

SSI Orbit Podcast – Trust Registries

Check out the latest episode of Northern Block's SSI Orbit Podcast! In this episode, Mathieu Glaude welcomes our own Darrell O'Donnell to discuss the importance of Trust Registries. In SSI ecosystems, a Trust Registry is a valuable tool that tells you where to go to...

Trust Registries – Beyond the Basics

Thank you to everyone who attended our Trust Registries - Beyond the Basics Webinar, where we answered some questions, discussed the basics of Trust Registries, the current protocol specification, and what's next.  We have a few things to share for attendees and those...

Trust Registries in the Real World

In a world where we rely increasingly on digital information, we need to know that the credentials we share are accurate. Trust Registries (or Trust Hubs) will help us verify the authenticity of the information we share by storing digital certificates that can verify...

Trust and Reputation via Trust Registries

“Who can be trusted to establish, sustain, and approve registry members?” There are many potential answers to this question, and it's essential to consider when determining who will be responsible for creating, maintaining, and validating the registry. Managing Trust...

Ontario 2022 Election Results

It would be an understatement if I said that I was disappointed with the Ontario 2022 election results, and I’m not talking about the winning party – I’m talking about the turnout. All to say, it’s discouraging to see such low participation. Elections Ontario reported...

The State of Digital Wallets Series

The Digital Wallet market is quickly evolving, with many providers and increasing consumer adoption. They are critical to the evolving digital landscape, yet Digital Wallets can still be poorly understood. In 2018 we published a report, The Current and Future State of...

Also published on Medium.

%d bloggers like this: