@michele has develop this cool feature in our wallet lite, that upon a tap of the card:
If status is not installed: opens playstore status download page. Video.
If status is already installed : opens status app. Video.
We see two options:
- We implement features 1 and 2
In this case, we’ll have the factory load up our software package, because in order to have feature 1, our software must be here on the card before status app is downloaded on the mobile
We’ll thus make the installation process a bit faster. However the rest of the initialization remains the same, in particular pairing and PUK secrets are being provided to the user by the app, and he has write them down.
We provide in this case better ease of use, but we also widen our attack surface, because the following attack becomes possible. A malveillant attacker could forge fake status card, and these cards would point out to a fake status app (e.g Status.in) on the playstore. If the user is fooled, his mnemonic either created or imported will be in danger.
- We implement only feature 2
In this case, we won’t have necessarily to load the app at the factory, and more importantly the user will still need to download status app by going manually to the playstore.
We need to weigh in the increased ease of use with regards to increased security risk. What do you guys think ? cc @petty
I personally think we can keep both features for our cards, for the main reason that what ever we chose between the two options, an attacker could forge a fake status card with a fake status app, that could launch with NFC to show-up a fake Status playstore page.