Google Policy Change Forces Bitcoin Wallet to Remove Security Features

shutterstock_692659063
11 January 2019

The team behind Samourai, the privacy-focused bitcoin wallet, has removed a series of key security-related features from a version of its app as a result of “extremely restrictive policies” by Google.

Having released version 0.99.04 of its app Tuesday on the digital distribution service run by Google, called Google Play, Samourai explained in a blog post that three features – stealth mode, SIM switch defense, and remote SMS commands – have been removed as a result of Google’s push to “become more of a ‘walled garden’ experience.”

A version that contains those features is available, but not through Google’s app service. Google did not respond to a request for comment.

“Walled garden” is a term synonymous with closed-platform or closed ecosystem, referring to a software system where the service provider takes on holistic control over all operations in the system including applications, content and media. However, this is not a new trend taken on by Google, but rather one that has been proliferating for years among big technology companies even outside of Google, including Facebook and Amazon.

Speaking to CoinDesk, co-founder of Samourai who goes by the pseudonym “SW” explained that the walled garden remark was in reference to a series of policy changes carried out over the last year by Google towards all Play store application developers.

“Users of Samourai might have noticed that they are no longer getting notifications on when they receive bitcoin. That’s because if you want to use notification services you have to route everything through Google services,” said SW.

The accumulation of “little things like that” according to SW is pushing Samourai developers to opt-out of more features when releasing new wallet versions to the application.

What’s more, SW is hopeful that a compromise can be drawn between Samourai and Google Play to reintroduce these features at a later date, saying:

“If [Google] reached out to us, we’ll be able to make arrangements and be able to figure out a way to keep these features. We’re happy to change code on our end to keep in compliance with them.”

‘A matter of life or death’

Indeed, after having been notified of Google’s policy changes back in October, SW describes filing for an exemption to the rule changes immediately after highlighting in their request that “for some of these users especially in South America, it is a matter of life or death.”

Stealth mode is a feature that cloaks the existence of a bitcoin wallet on a user’s mobile device such that transactions can be made without detection in dangerous parts of the world. Remote SMS commands as highlighted by SW to CoinDesk ensures if a user’s “phone does get stolen, they can just send an SMS and wipe their wallet off of the phone securely.”

“It’s things like that that perhaps Google hasn’t thought of because they’re not thinking from the lens of a bitcoin wallet … What I’m hoping for is that someone at Google will manually look at what we’re doing here and say well actually they’re trying to do this the right way,” said SW.

And despite Google’s rejection of Samourai’s request for exemption, the company has released a temporary workaround for users still wanting to use these three features uploading to GitHub a feature complete version of the bitcoin wallet, dubbed version 0.99.03.

According to Samourai’s official Twitter account, this version is meant “to install over the Google Play version” and ensures users are “able to access wallet[s] as normal.”

But as highlighted by SW, installation from GitHub requires users to “side-load” the application by changing mobile device settings to “install from unknown sources.” This is a potentially risky move for users who aren’t used to manually screening third-party Google applications called Android Package Kits (APKs) for viruses or malicious software.

As SW explained:

“Part of what [Google] is saying is that we’re trying to make a safer experience for users but what they’re actually doing is pushing users to side load APKs onto their devices which if they’re not careful can install a malicious APK.”

Nevertheless, Google Play, according to co-founder SW, offers developers the “greatest exposure” and reach to users which being “a very small team … we need people to use the wallet to sustain ourselves.”

As such, the wallet-maker will continue to utilize the Play store platform as the application’s sole distributor before a “version 1.0” is officially launched.

Until then, Samourai is encouraging users to request that Google Play “rethink their rejection.”

“I really do hope Google reconsiders,” emphasized SW.

Google Play image via Shutterstock