Mobile App

From Nxt Wiki
Jump to: navigation, search

Work in Progress ...

1 About the Mobile App

Starting from release 1.11.0e the NXT client is also released as a mobile app for Android and iOS.

The mobile app is based on the existing web wallet packaged as an Apache Cordova application

2 Usability

The following usability enhancements were implemented for both the mobile app and web wallet

Lock screen has been reworked to support QR code scanning for both the account id and passphrase

Account id, passphrase and QR code scanning now use a button group to switch between input modes

The remember account and remember passphrase checkboxes has been merged into a single "Remember Me" checkbox. Choosing the "Remember Me" option when in passphrase entry mode will save the passphrase on the device itself so that next time the user enters the app it will load automatically the main menu. Choosing logout will delete the passphrase.

All data entry modals now support scanning the account id and passphrase using the device QR code scanner

The mobile app works as a light client, it will never download the blockchain to the mobile device and can therefore start to operate instantly after installation

3 Security

Upon startup, the mobile device, randomly selects a remote node to connect to from a list of bootstrap nodes hard-coded into the app based on the available remote nodes at the time of the app release

As usual, transactions are signed locally so that the passphrase never leaves the device

Functions which require the passphrase to be submitted to a remote node are disabled for the mobile device

In order to mitigate data manipulation attack by remote nodes, data returned by the remote node is validated against other remote nodes. In case of a difference a visual indication is displayed on the toolbar to warn the user that the data returned by the remote node may not be consistent. The same mechanism is also used when working as light client or as roaming client while the blockchain downloads

All communication with remote nodes is transmitted over insecure Http connection since most remote nodes which support Https use a self signed certificate which cannot be used by the mobile app. In order to use Https communication, one can configure the app to connect to a specific remote node as explained in the configuration section

4 New Widgets

When running the mobile app, a link to the "Mobile Settings" menu is displayed on the lockup screen and welcome screen. The "Mobile Settings" menu is also accessible from the cogwheel menu

5 Configuration

The mobile settings modal allows the user to select the following configurations

Check Remember Me Checkbox - determines the default state of the "Remember Me" checkbox (this setting was present in the account settings previously but did not work since version 1.5)

Simulate Mobile App - allows a web wallet to simulate a mobile app with respect to peer selection and other functions. This setting should only be used for development and troubleshooting and it is not displayed when running a mobile app

Connect to Testnet - when checked, the mobile device will connect to testnet nodes instead of mainnent node. This mode is useful for testing and demonstration purposes

Remote Node Address, Remote Node Port and Use Https - when relying on random public nodes is not good enough for your purpose, and in case you know of a trusted public node you can use, you can configure the address, port and protocol selection of this node using these settings. This will also allow you to communicate with the remote node over Https but only in case the remote node support CA approved SSL certificate.

Number of Data Validators - number of nodes with which to compare each response from the connected remote node. By default the client will use 3 such random nodes, this value can be reduced to 0 in case you are connected to a trusted remote node

Number of Bootstrap Nodes - number of random nodes from which to select the connected node and the data validators nodes. These nodes will be further queried to obtain additional remote nodes

6 Data Validation

In order to make sure that a random remote node to which the app is connected, does not feed the app with false or malicious data, each request sent to a remote node is further confirmed with up to 3 additional remote nodes. The status of the confirmations is displayed as an icon with Green/Yellow/Red colors to the right of the "Mobile Client" status button. In case the indicator consistently displays Red values, this may hint that the connected remote node has been compromised

Click on the "Mobile Client" link, to see a list of the latest requests from the remote node and their validation status

In some cases, a temporary validation failure is normal, for example, while a new transaction propagates through the network, therefore use your best judgement

7 Testing the mobile app

At the moment, the mobile app is not deployed to the Google and Apple app stores

Users who wish to use the app has the following options:

1. Manually deploy the app bundle uploaded to BitBucket to their mobile device

2. Register an account at Ionic using your email, then install the Ionic View application on your mobile device, send me your email address so that I share the app with you, then from the ionic view options menu, select "Preview an app" and enter app id ec170f70