Earlier this year, ECC released a suite of libraries for building shielded mobile wallets in support of the shielded-Zcash ecosystem. We used these wallet libraries to build ECC Wallet, a fully-functional, shielded-first app for sending, receiving and storing Zcash. Yesterday — to support continued community-driven development and ahead of the Protect Privacy hackathon — we released the source code for both Android and iOS.
We learned a lot in the process of building and designing the ECC Wallet. This exercise helped us understand first-hand the joys and challenges developer teams experience when building privacy-preserving tools and services. We’ll touch on some of those lessons learned below, but if you are interested in learning more, don’t hesitate to get in touch.
Lessons from the wallet team
Kevin (Android engineer): “Privacy is harder than security. And, in fact, privacy requires security! And like security, if you don’t factor that in the beginning, it’s impossible to accidentally create a system that is private. There is also a tricky tradeoff between functionality and privacy.”
Pacu (iOS engineer): “I learned the beautiful value of test-driven development. When you have a component to build, and it’s doing something completely new, you are able to work on small features, one at a time. With 10 years experience as an iOS developer, building from scratch is such a fun and rare privilege. It’s not as exciting when you get into a huge codebase with lots of existing code.”
Larry (software engineer): “I learned a lot about Golang, the language that lightwalletd is implemented in. Specifically, I had a great time with the test framework, which is built into the language. In other languages, it is a separate add-on package (zcashd has two unit test frameworks). The Go test framework integrated very nicely, and the Go debugger, delve, is also awesome. grpcurl, the gRPC command-line tool, has been super helpful in sending requests into lightwalletd (as if from a mobile wallet).”
Geffen (design lead): “There is a tension between user needs and protocol limitations. For instance, people want assurance that their money has been sent safely faster than a block can be confirmed or to cancel transactions before expiry. We’ve created a UX that addresses these needs by giving users the right information and allowing on-device cancellation before transactions are submitted to the network.”
Taylor (information security engineer): “I learned a new, user-centric way to threat model. A normal threat model is a list of attacks, but we inverted it and started out with the security and privacy guarantees that users care about. Then we worked backwards from that to see what we needed to do. The normal threat model process is to try to brainstorm all the things that could go wrong and all the types of attacks; it’s easy to miss things, because no one can get all the things that can go wrong. This new approach scoped the conversation appropriately for our needs.”
Brad (senior product manager and engineering manager): “It’s difficult to manage all of the various dependencies — since we’re doing this on two different mobile platforms and five different languages — between zcashd, librustzcash, lightwalletd, Android SDK and iOS SDK. We combatted this by utilizing the similarities as much as possible. For instance, the APIs for Android and iOS are designed intentionally to be nearly functionally identical so that we did not need a unique architecture for each.”
Linda (product manager): “ECC values community-driven development and keeping our code open-sourced over any risks associated with making the code public. The possibility that someone else might make a better app than we did is not a risk to us, but a reward.”
Supporting community-driven development
Zcash Major Grants will soon open up ecosystem funding for independent developers. ECC is committed to cultivating a thriving community of wallet developers. Don’t wait to get started. Check out our developer resources and get in touch with the wallet team.