Can We Trust Bubba’s Wallet?

Imagine that, for instance, Bubba’s Wallet is ranked #1 in the app store. But can we trust Bubba’s Wallet?

The short answer is maybe

We need to figure out how to sign an app (Bubba’s Wallet) digitally – so that we know that when we run it, we aren’t running a hacked version. We also need to be able to trust Bubba’s Wallet.

Many pieces of the app need to be certified so we can know that our Digital Wallet is safe to use:

  • the application developer;
  • libraries used that are core to Digital Wallets; and
  • any certifications the developer holds

Furthermore, the groups (e.g. banks, government) that we share information with and get information from also need to know that our digital wallet is trustworthy.

Generally, digital signatures of an app are acceptable for use. But a Digital Wallet will need a lot more behind it than “I, the developer of this beast, used my app store key to submit it.” Said developer could very easily be monitoring inputs and outputs for nefarious reasons. Obviously we need assurance that applications haven’t been tampered with and don’t do bad things with our information.

​Certifying Bubba’s Wallet

But how do we do that and trust Bubba’s Wallet? That’s where things get ugly potentially. We need to get into some pretty hard-core certification and accreditation. Some trusted third-party needs to run through the application and ensure, to some high level, that it isn’t doing nefarious (or stupid) things. But that’s going to cost money – a fair bit.

Is that fair, though? Is it OK to ask Bubba, the masterful developer of Bubba’s Wallet, to pay a third party $5,000 to certify his application? What if the amount is $50,000? $250,000? or Higher?

Regardless of the cost, there will be some certification regime – a “certified by ____” logo that must go beyond the cosmetics. It will need to provide real-time “not tampered with” certification. Many areas require thinking:

  • Is there a way to tie Bubba’s Wallet into a smartphone’s trusted execution environment to generate this “not tampered with” certification?
  • Who are the players that can help get this kind of real-time certification done? The operating system providers, hardware manufacturers, banking networks and telecommunication providers will likely need to step in. They provide infrastructure and business services that will require highly trusted Digital Wallet technology.
  • When does the certification cost get high enough that we start to stifle the innovation needed in the Digital Wallet community?
  • Which Organizations should be doing the certification? Do they need government approval? (Yes. Government approval in a decentralized world is a concept that needs to be considered.)
  • How do we provide a digital “seal of approval” and know that the Wallet’s software hasn’t been tampered with?

Digital Wallet Interoperability: Overcoming Challenges

Digital Wallet Interoperability: Overcoming Challenges & Embracing Ecosystem-Level CollaborationLet's start by acknowledging a fundamental truth - most digital identity wallets lack interoperability. While there is some degree of interoperability in specific...

Digital Technology and Personal Identity

The Intersection of Digital Technology and Personal Identity  Share this Post:Digital wallets are a vital part of the digital technology revolution. To gain clarity in this space, it's essential to understand the...

Digital Wallets are the Future of Identification

Digital Wallets Are The Future Of IdentificationIn a recent article, and podcast appearance, David Birch, an internationally-recognized thought leader in digital identity and currencies, pointed out that digital wallets are the future of identification - their rise...

ToIP Joining OWF as an Associate Member

Announcement: ToIP Joins the OWF as an Associate MemberWe are excited to announce that the Trust over IP Foundation (ToIP) is joining the OpenWallet Foundation (OWF) as an associate member. Share this Post:As a...

Wallet Wars

The Wallet WarsShare this Post:By now, it's clear that the digital wallet space is heating up. With the formation of the OpenWallet Foundation and major players like Apple, Amazon, and Google developing their...

2022 Year in Review

2022 Year in ReviewShare this Post:Thank you to everyone who attended our 2022 Year in Review Webinar. We had a great time reflecting on the past year and discussing what's to come in 2023. Christine did a great job...