iOS App doesn't display any info about what you are signing (e.g. Extrinsics)

[blockchainunchained]

Hello,

Not sure if this is already fixed and awaiting Apple App Store review but in the screenshots on the sign a transaction tutorial which were taken on Android this information is displayed.

On the iOS version it is not displayed. Is there a reason for this?

Thanks

[hanwencheng]

This is a known behavior in both iOS and Android version.

The reason is ChainSpecs for different networks are in active development, and we have to sync frequently to get the app not crash when signing transactions. As a matter of fact, we do not have enough resources to work on that update part or adding fallback functions, So we remove the feature temporarily.

As now the major part is almost finished, I will add this feature soon in comming release.

I will keep the issue open until we add it back.

[blockchainunchained]

Thanks for the response, it feels like a massive security issue waiting to happen. If someone accidentally uses a modified client (e.g. by mistyping polkadot.js.org) is putting all the funds in that account at risk. I understand you guys are busy and things need to be prioritised but this should be extremely high priority in my opinion.

[TiimJiim]

Perhaps an online version of the app (without private keys) could be used to independently verify what is being signed?

[blockchainunchained]

@Tbaut how is it possible to safely use this app without this feature? This is an accident waiting to happen. Either Parity Signer should be entirely deprecated, a work around developed (e.g. how does someone even check the transaction says what they think it says?) or a fix implemented for this. It's not fair or acceptable to provide an insecure crypto wallet.

[Tbaut]

I agree, this is not acceptable and Parity Signer should not be used right now. The main developer and maintainer is not working at Parity any more, and other developers have step up recently to help make it happen. I am myself blocked by #713 and can't build master. I have a workaround in my fork... We should move on this in the next days I hope.

[blockchainunchained]

Well done for stepping up, I fear that both the website and the Polkadot wiki point to this wallet as acceptable to use and this is clearly not the case. A warning needs to be put up before someone gets hurt.

[blockchainunchained]

I've created a seperate but linked issue regarding the current lack of any warnings and some potential work arounds:

#724