Natrium v2.1 — Security Audit & More

23 Oct, 2019 • 4 min read

Natrium has come a long way since its inception more than a year ago — it quickly became the most preferred mobile wallet for NANO users around the world. Our own definition of Natrium is Fast, Robust, & Secure NANO Wallet. We take all three of those principles very seriously with Natrium and, thanks to the Nano Foundation, we were able to take security to the next level.

Natrium Security Audit

Natrium audited by Red4Sec — No critical vulnerabilities.
Natrium audited by Red4Sec — No critical vulnerabilities.

The Nano Foundation connected us with Red4Secan experienced, trusted security firm that has a lot of experience auditing and reviewing cryptocurrency projects, blockchains, and more. Red4Sec conducted a comprehensive security audit and they found that Natrium had no critical vulnerabilities. They had some recommendations to prevent lower risk vulnerabilities that require a higher skill, depend on certain factors — such as being rooted, or are related to protecting less sensitive information such as your public NANO address. Their recommendations have been implemented into Natrium v2.1.

Among these include an option to encrypt your seed with a user-provided password. While Natrium currently utilizes the built-in security of the device itself — using the iOS KeyChain and the Android KeyStore. Users can now add an additional layer of security to their wallet by encrypting their seed with a password that is not stored on the device. This is optional, but it may be beneficial for users who just want to take extra precautions, are using Natrium on a rooted or jailbroken device, or are using Natrium on a device that is not secured by a passcode, pin, or biometrics.

Some of the other changes related to the audit are less apparent, but they include: a warning when users are using a rooted or jailbroken device, cleaning up information leakage in application logs — for example Natrium logging your public nano_ address in general system logs, using a secure clipboard on iOS — disabling Universal Clipboard and setting an expiration for copying sensitive data.

We’re thankful to the Nano Foundation for providing us with the opportunity to be audited, and we’re proud that when people install Natrium they can be confident that their seed, private keys, and other sensitive data is secure.

What Else is New in Natrium 2.1?

In addition to the audit-related changes mentioned above, Natrium 2.1 also adds the following new features:

  • Live Support — Chat with us in real-time from within the application. We saw a need to provide better support — people have questions, issues and they aren’t always sure where they should go. Now, they can reach us directly from within Natrium and get answers quickly. We hope that this can make the experience of using a non-custodial wallet, such as Natrium, less intimidating and easier for all users.
Natrium now has live support!
Natrium now has live support!
  • QR Scanner Shortcut — Often times users are sending NANO using QR codes. While this has always been supported in Natrium, now it can be done slightly quicker simply by swiping up on the send button.
Quickly access QR scanner by swiping up on send button.
Quickly access QR scanner by swiping up on send button.
  • Hide Your Balance — A community requested feature was to be able to hide your balance. If you’re recording a video or making a NANO purchase in public and don’t want onlookers to know how much NANO you own, then all you need to do is to tap your balance and it will disappear.
A community requested feature: Hide balance.
A community requested feature: Hide balance.
  • A New Language — We’ve improved translations for many existing languages, we were also able to add Japanese as a new language, making Natrium even more accessible.
  • Face Unlock/Authentication on Android — The Google Pixel 4 was recently announced, it is the first Android device with secure face authentication. We’ve added support for this into Natrium 2.1.

As always, there’s plenty of minor bug fixes and performance improvements — the full progress can be seen on the Natrium GitHub.

What’s Next for Natrium?

We’ve learned a lot since Natrium was initially unveiled over a year ago. Not just in terms of our skillsets, but also about how people commonly interact with Natrium and cryptocurrency wallets in general. We’ve also learned a lot of new things about Flutter, and Flutter has evolved since we’ve initially developed Natrium. We have developed a comprehensive plan to rebuild Natrium using all of the new knowledge we have acquired in the codebase and also in the interface. There’s a lot of things we know we can do better, so we’re going to.

In comes Natrium 3, a light re-design and comprehensive rewrite of a large part of Natrium’s code base. Natrium 3 is combination of all of the things we have learned to date — about how people interact with the app and also simply things we can do better in the codebase. Natrium 3 is our next milestone — we want to make Natrium leaner, faster, more efficient, and easier-to-use than ever before. We’re excited to share our progress on Natrium 3 with you in the coming weeks.

Support Natrium Development

Natrium is open source and released under the MIT license — it is completely free. If you would like to support the development of Natrium, you can donate using the link below:

NATRIUM | Donate
Help make Natrium better and support its development by donating
natrium.io/donate

For more info & regular updates:

Natrium Twitter: @NatriumIO

Natrium Website: Natrium.io

Appditto Twitter: @Appditto

Appditto Website: Appditto.com

Appditto Github: @Appditto

© 2019, Appditto LLC.