Hello there Algonauts, Celestino here,
I am working on an open-source wallet on Algorand that enables offline transfers of ALGOs and any Layer-1 Assets.
It is meant to provide unfettered access and adoption to would-be adopters of the Algorand network and dapps in Sub-saharan Africa, looking at, majorly my own home country of Kenya. The wallet is called “JASIRI”, JASIRI means “Bold, Courageous” in Kiswahili. Ideally, this wallet is a fork of the official open-source Algorand Wallet, so it inherits all the best from Algorand’s Team Work which always has a great accent on security, decentralization, and transparency.
However, the app has a distinguishing feature in its ability to enable offline mode, meaning that users who do not have access to reliable internet can still be able to send ALGOs to their friends and family without any frictions. Ideally, they should also be able to do staking once in say a week when they can get Wi-Fi from a cybercafe or when they can buy data. The app should also ideally be like Exodus’, with in-built exchanges.
- As indicated earlier, the JASIRI Wallet will use USSD Technology
- However, USSD Technology does not come with good UI/UX, as such, JASIRI uses the Hover’s USSD technology, see:Hover (usehover.com), Hover USSD comes with simplified scripts to integrate without compromising the UI/UX Design of your Android Application
- To get a USSD code to test run the application, we get a USSD Code and a sandbox testing environment here: Africa’s Talking – Communication & Payments APIs for Africa (africastalking.com).
- There is concern on sacrificing decentralization by enabling offline mode, for this concern, I was thinking about including compact certificates, but I am still not a master at how they work and how they would help the App work perfect[Active research]
- However, since the JASIRI Wallet stills use Algod and the Algorand indexer to work, just as the normal Algorand Mobile Wallet would, I do not think there is any sacrifice being made to decentralization
- What should be a concern is how do we create a standardized USSD Technology that is very secure. Think of it like how HTTP is made secure with SSL. This should be an active area of research as well.
WHERE I NEED SOME ASSISTANCE
Is it possible to partner with anyone to help me with quality, fully published, open-sourced research on how to make USSD access more secure in this application? (e.g how to avoid SIM Swapping, where do we put compact certificates? How about zk-Snarks?) I know and we all know how Algorand is known for its research-focused attitude and its wide array of partnerships with universities and great firms, so it was a no-brainer for me to come forward and ask for assistance on this. I would love to know if anyone is willing to help me with this, or even better connect me with anyone in the ecosystem willing to help. I do not want the wallet to mess up or be of a lower standard to what Algorand has done, it should be like a third-order integral from it.
Is it also possible if the Algorand Team can assist with an open-sourced design of their mobile wallet, like how they made the decisions, cause what I have noticed is that every step they make comes with very nuanced research and judgments.
I am also currently a single developer on the project, and I am not really that great at Kotlin which the Android implementation uses. But I applied for an Algorand Grant, so we should wait on that, but I would really love if anyone is willing to also partner up on helping to integrate the APIs and test to Algorand’s Level of Security and ensure it is as lightweight as theirs. I tried reaching out to the partners on the Algorand website but they are really hard and restrictive to make any leads with, so I got unnecessarily tired trying to reach out to them to assist with the project or even to talk with them, that’s why I am resorting to community support.
UPDATE 8:22P.M EAT 8/30/2021
I just thought I should add this link to some talk on the security of USSD: security - USSD secure or not? - Stack Overflow
There is a claim that it isn’t secure due to the weak nature of current over-the-air encryption schemes used in USSD implementations. They are easily breakable. However, since we are implementing USSD in an Android app, then the encryption can be done in the Android app to secure transactions. Ideally, even if the USSD feature is hacked, then transactions should fail, which is a safety mechanism.
UPDATE 8/30/2021, 9:21 P.M … FAQ
With JASIRI Wallet, it will make it easier to adopt users in African countries onto Algorand and Algorand Dapps because the wallet works in a way that is very familiar to how most fintech would work in Africa, so there is less resistance as opposed to the current wallets.