As you may be aware, earlier this month a developer [name redacted] managed to attain approval for a Dash wallet on iTunes, which is currently available for download. The purpose of this post is to alert the community of the risks posed by the wallet and some recent indications that the developer may be untrustworthy.
The app appears to be based on the official Dash wallet previously rejected by Apple. However, because the source code of the app is not externally verifiable, the risk exists that the application might contain malicious code intended to defraud users.
In light of this risk and prioritizing our users’ security, the Core Team attempted to negotiate access to the source code and Apple account to allow external verification of its contents. A written agreement was reached last week. However, after accepting a bounty and compensation for access to the account, the developer has breached the contract by failing to grant core team access. In addition, he continues to update the code.
Throughout the process, this individual has acted in a self-interested manner, making additional demands after agreements were reached, and has failed to fulfill clearly agreed terms. Due to the ongoing issues and the continued inability to review the code to ensure the safety of users, we strongly caution all users of the extreme risks associated with this app.
Meanwhile, we will continue attempting to access the account to verify the contents and validate the security of the application, and compel the developer to fulfill their obligations under the aforementioned agreement.
It is regrettable that such a positive turn of events has soured so quickly, but the security of user funds is of paramount importance. We will post updates as they become available.
The app appears to be based on the official Dash wallet previously rejected by Apple. However, because the source code of the app is not externally verifiable, the risk exists that the application might contain malicious code intended to defraud users.
In light of this risk and prioritizing our users’ security, the Core Team attempted to negotiate access to the source code and Apple account to allow external verification of its contents. A written agreement was reached last week. However, after accepting a bounty and compensation for access to the account, the developer has breached the contract by failing to grant core team access. In addition, he continues to update the code.
Throughout the process, this individual has acted in a self-interested manner, making additional demands after agreements were reached, and has failed to fulfill clearly agreed terms. Due to the ongoing issues and the continued inability to review the code to ensure the safety of users, we strongly caution all users of the extreme risks associated with this app.
Meanwhile, we will continue attempting to access the account to verify the contents and validate the security of the application, and compel the developer to fulfill their obligations under the aforementioned agreement.
It is regrettable that such a positive turn of events has soured so quickly, but the security of user funds is of paramount importance. We will post updates as they become available.
Last edited by a moderator: