{"id":14971416,"url":"https://github.com/trustee-wallet/trusteewallet","last_synced_at":"2025-04-13T06:42:13.649Z","repository":{"id":45007701,"uuid":"209508744","full_name":"trustee-wallet/trusteeWallet","owner":"trustee-wallet","description":"you can build your own trustee wallet from full source code","archived":false,"fork":false,"pushed_at":"2024-11-13T22:00:14.000Z","size":20399,"stargazers_count":153,"open_issues_count":25,"forks_count":86,"subscribers_count":11,"default_branch":"master","last_synced_at":"2025-03-24T11:56:58.654Z","etag":null,"topics":["binance-coin","bitcoin","bitcoin-wallet","blockchain","blockchain-wallet","btc","cryptocurrency","dogecoin","dogecoin-wallet","eth","ethereum","ethereum-wallet","litecoin","react-native","solana","tron","tron-wallet","vechain","wallet"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/trustee-wallet.png","metadata":{"files":{"readme":"readme.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-09-19T09:01:41.000Z","updated_at":"2025-03-11T20:25:08.000Z","dependencies_parsed_at":"2023-01-18T02:00:48.114Z","dependency_job_id":"50fcfc8b-2c8e-4bd2-bb4f-0c9bf29b6ce3","html_url":"https://github.com/trustee-wallet/trusteeWallet","commit_stats":{"total_commits":2355,"total_committers":26,"mean_commits":90.57692307692308,"dds":"0.38980891719745225","last_synced_commit":"e5519a66a4b291710df5c28273dfd3a37772d156"},"previous_names":[],"tags_count":23,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trustee-wallet%2FtrusteeWallet","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trustee-wallet%2FtrusteeWallet/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trustee-wallet%2FtrusteeWallet/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trustee-wallet%2FtrusteeWallet/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/trustee-wallet","download_url":"https://codeload.github.com/trustee-wallet/trusteeWallet/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248675439,"owners_count":21143763,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["binance-coin","bitcoin","bitcoin-wallet","blockchain","blockchain-wallet","btc","cryptocurrency","dogecoin","dogecoin-wallet","eth","ethereum","ethereum-wallet","litecoin","react-native","solana","tron","tron-wallet","vechain","wallet"],"created_at":"2024-09-24T13:45:10.153Z","updated_at":"2025-04-13T06:42:13.627Z","avatar_url":"https://github.com/trustee-wallet.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"## Trustee Wallet\n\n[Trustee Wallet](https://trustee.deals/) is the secure and simple way to create and manage crypto accounts. Quick and safe buy and sell bitcoin directly with your Visa or MasterCard\n\n\n\n\n### Building for Android \n\nAll building steps are tested with Ubuntu 16.04\n\n#### Build Dependencies\n\nFor successful build it's reqired to have build tools installed\n```\nsudo apt-get install build-essential\n```\n\nnodejs version 10.x \n```\ncurl -sL https://deb.nodesource.com/setup_10.x | sudo -E bash -\nsudo apt-get install nodejs\n```\n\nand openjdk-8\n```\nsudo apt-get install openjdk-8-jdk\necho \"JAVA_HOME=$(which java)\" | sudo tee -a /etc/environment\nsource /etc/environment\n```\n\n#### System preparation\nFor successful build it's need to increase the number of files that OS can monitor\n```\necho fs.inotify.max_user_watches=524288 | sudo tee -a /etc/sysctl.conf \u0026\u0026 sudo sysctl -p\n```\nPrepare folder and licence for Android SDK\n```\nmkdir ~/androidsdk\nexport ANDROID_HOME=~/androidsdk\n\nmkdir ~/androidsdk/licenses \necho \"24333f8a63b6825ea9c5514f83c2829b004d1fee\" \u003e  ~/androidsdk/licenses/android-sdk-license\n```\nPlease note: by creating `~/androidsdk/licenses/android-sdk-license` file you are accepting Android SDK licence. \n\n#### Android build\nDownload code from Github\n```\ngit clone https://github.com/trustee-wallet/trusteeWallet.git\n```\n\nBuild preparation\n```\ncd ./trusteeWallet\nnpm install\nnpx jetifier\nrm -f shim.js\n./node_modules/.bin/rn-nodeify --hack --install\n```\n\nBuilding APK\n```\ncd ./android\n./gradlew assembleRelease\n```\n\nAfter successful build APK file `app-release.apk` can be found in `./app/build/outputs/apk/release/`\n\n### Android verifiable builds\n\nUsing these steps anyone can verify the latest release of application TrusteeWallet that we distribute via Google Play built from code in this repository. Does not contain any hidden functions or any malicious code.\n\n**Please Note:** Google Play after deploying built packages making modifications with it.\nAdding own metadata, digital signs to code etc. Also there is some data that is changing from build-to-build and can't be the same: like build id. As a result builds can't be 100% fully identical. Files always will have minor differences that are not affecting application functionality.  \n\nThe script `verify_android_build.sh` starting build of the Docker container from `./docker/Dockerfile.verifyandroidbuild` file.  \nBuilding steps getting TrusteeWallet code from this repository, configuring it with parameters from `verify_android_build.sh` script and starting build of universal APK file.   \nAfter successful build it's downloading from Google Play a similar universal APK file.  \nOn the next step we decoding both APK files by `apktool`. File downloaded from Google Play to folder `fromGoogle` and file just built from sources to folder `fromBuild`.  \nFinally on the last step using simple `diff` command we checking both folders for differences.  \n\n```bash \ngit clone https://github.com/trustee-wallet/trusteeWallet.git\ncd ./trusteeWallet\n./docker/verify_android_build.sh\n```\n\nThere is an example how result may look like and how to analyze the result.\n\n\n```diff\nStep 10/10 : RUN diff --recursive --brief fromBuild fromGoogle\n ---\u003e Running in a3154b35a34f\n+Files fromBuild/AndroidManifest.xml and fromGoogle/AndroidManifest.xml differ\n+Files fromBuild/apktool.yml and fromGoogle/apktool.yml differ\n!Files fromBuild/assets/crashlytics-build.properties and fromGoogle/assets/crashlytics-build.properties differ\n!Files fromBuild/assets/index.android.bundle and fromGoogle/assets/index.android.bundle differ\n+Files fromBuild/original/AndroidManifest.xml and fromGoogle/original/AndroidManifest.xml differ\n+Only in fromGoogle/original/META-INF: BNDLTOOL.RSA\n+Only in fromGoogle/original/META-INF: BNDLTOOL.SF\n+Files fromBuild/original/META-INF/MANIFEST.MF and fromGoogle/original/META-INF/MANIFEST.MF differ\n!Files fromBuild/res/values/strings.xml and fromGoogle/res/values/strings.xml differ\n!Files fromBuild/smali_classes2/com/koushikdutta/async/http/body/MultipartFormDataBody$6.smali and fromGoogle/smali_classes2/com/koushikdutta/async/http/body/MultipartFormDataBody$6.smali differ\n!Files fromBuild/smali_classes3/okhttp3/RealCall$AsyncCall.smali and fromGoogle/smali_classes3/okhttp3/RealCall$AsyncCall.smali differ\n!Files fromBuild/smali_classes3/okhttp3/internal/cache/DiskLruCache$2.smali and fromGoogle/smali_classes3/okhttp3/internal/cache/DiskLruCache$2.smali differ\n+Only in fromGoogle/unknown: stamp-cert-sha256\nThe command '/bin/sh -c diff --recursive --brief fromBuild fromGoogle' returned a non-zero code: 1\n```\n\nWe can ignore differences in files marked by green color they have metadata changes made by Google, digital signs etc. which are not affecting the application itself.   \nFile `apktool.yml` contains metadata from `apktool` from the previous step used to decode APK files and is not related to builds in any way.\n\nFiles marked by orange may require more detailed analysis to make sure there are no changes in binaries.  \nTo do it, let's find just built docker image id and run container with it.\n\n```bash\ndocker images\ndocker run -i -t \u003cID\u003e\n```\nTo get detailed data about what exactly is different in files just run inside the container `diff` command with the path to files that we want to compare.\n\n```bash\ndiff \u003cpath to file1\u003e \u003cpath to file2\u003e\n```\n\nIn this example in both files differences related to changed build ID.\n\n```diff\nroot@37c6000f7ee9:/trustee# diff fromBuild/assets/crashlytics-build.properties fromGoogle/assets/crashlytics-build.properties\n6c6\n\u003c #Tue Oct 27 14:57:43 GMT 2020\n---\n\u003e #Tue Oct 27 07:20:06 GMT 2020\n9c9\n\u003c build_id=ec2f73f5-d473-4cb0-94fe-701f996ce221\n---\n\u003e build_id=743f6302-4068-4a5a-9e5d-014d02bd6693\n```\n\n```diff\nroot@37c6000f7ee9:/trustee# diff fromBuild/res/values/strings.xml fromGoogle/res/values/strings.xml\n70c70\n\u003c     \u003cstring name=\"com.crashlytics.android.build_id\"\u003eec2f73f5-d473-4cb0-94fe-701f996ce221\u003c/string\u003e\n---\n\u003e     \u003cstring name=\"com.crashlytics.android.build_id\"\u003e743f6302-4068-4a5a-9e5d-014d02bd6693\u003c/string\u003e\n```\n\nThe rest of files referring to `smali_classes*` seems have some sort of decompilation artefacts.\n\n```diff\nroot@37c6000f7ee9:/trustee# diff 'fromBuild/smali_classes3/okhttp3/RealCall$AsyncCall.smali' 'fromGoogle/smali_classes3/okhttp3/RealCall$AsyncCall.smali'\n29,32c29\n\u003c     .locals 1\n\u003c\n\u003c     .line 154\n\u003c     const-class v0, Lokhttp3/RealCall;\n---\n\u003e     .locals 0\n```\n\n```diff\nroot@37c6000f7ee9:/trustee# diff 'fromBuild/smali_classes3/okhttp3/internal/cache/DiskLruCache$2.smali' 'fromGoogle/smali_classes3/okhttp3/internal/cache/DiskLruCach$2.smali'\n27,30c27\n\u003c     .locals 1\n\u003c\n\u003c     .line 316\n\u003c     const-class v0, Lokhttp3/internal/cache/DiskLruCache;\n---\n\u003e     .locals 0\n```\n\nAs we can see there are no significant differences between APK file downloaded from Google Play and file built from source code. So we can say there are no hidden functions that may harm users.   \n\n**Please note:** This verification method can be used only for the latest TrusteeWallet release. Because most of the third part packages that we use are also in active development and if we try to build some of the previous releases with latest packages versions there will be significant differences in APK files.  \n\n\n### Contacts\nFor proposals and bug reports feel free to open and issue [HERE](https://github.com/trustee-wallet/trusteeWallet/issues)\n\nIf you have any questions please contact us by email \u003ccontact@trustee.deals\u003e or join our community in [Telegram](https://t.me/trustee_wallet)\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrustee-wallet%2Ftrusteewallet","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftrustee-wallet%2Ftrusteewallet","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrustee-wallet%2Ftrusteewallet/lists"}