Bitcoin wallet provider Samourai Wallet has temporarily disabled three of its privacy-related features in order to comply with Google's new policies, according to a January 7 blog post. Samourai Wallet views Google's policies as "extremely restrictive," but disabled the features so that the app would not be removed from the Google Play Store.
The Samourai Wallet update, released today, will remove the SIM switch defense and remote SMS commands features. The switch defense helps prevent SIM swapping hacks by sending users an SMS notification when the wallet is modified in any way, and the SMS commands feature allows users to control the wallet through a trusted mobile number. The third feature, stealth mode, allows users to hide the app icon from their phone's display.
Google Search: "But Why?"
The Samourai Wallet blog remarks wryly on Google's efforts to "become more of a 'walled garden' experience" but doesn't provide details about why Google threatened to remove the app from the Play Store. Samourai Wallet explains:
"We applied for an exemption with Google months ago, which was rejected days ago, despite our argument that removing such functionality would cause users who rely on those features to be less secure and more exposed. We also provided evidence of the SIM Switch Defense feature alerting users countless times to attempted SIM Swap attacks on their SIM Cards. … Google does not care about any of this however, and Samourai Wallet would have been removed from the Google Play Store had we not complied with this dictate."
The lacuna of clear information, however, may be due to a lack of transparency on Google's end. In July 2018, MetaMask, which enables users to run Ethereum dApps, announced that its extension had been removed from the Chrome Web Store. MetaMask tweeted at the time that it was "unsure of why this is the case." Even after the extension was restored to Chrome, MetaMask was still unsure why it was removed to begin with.
In September 2018, Google removed three cryptocurrency wallets from the Play Store, including Bitcoin Wallet, CoPay, and BitPay. Roger Ver, whose company is behind Bitcoin Wallet, posted on Reddit about Google's reason for removing it: "Google told us that it was because they no longer allow crypto currency mining apps. I have no idea how they come under the impression that our wallet is a mining app."
In April 2018, Google removed mining extensions from the Chrome Web Store. In July 2018, Google blocked mining apps from the Play Store in an effort to cut back on "expos[ing] users to deceptive and harmful financial instruments." It did, however, continue to "permit apps that remotely manage the mining of cryptocurrency."
In Crypto Limbo
Google is concerned about security issues related to the users of its Play Store and Chrome Web Store, and it has a right to be. In November 2018, Google removed four fake crypto apps after cybersecurity researcher Lukas Stefanko found phishing schemes being run through fake MetaMask, NEO Wallet, and Tether Wallet apps.
However, Google's propensity to ban crypto-related apps and extensions may be based on a poor understanding of blockchain technology and how it relates to security issues. At the 2018 "Blockchain Summit," Google co-founder Sergey Brin admitted that Google was behind with regard to blockchain technology research, and that his own understanding of cryptocurrencies was limited.
Security is a major concern in the cryptosphere, even with legitimate wallet or mining apps. But in the case of Samourai Wallet, Google's policies prompted the disabling of features that arguably made the app safer to use. Where does Google draw the line? What criteria is it using to determine what's secure and what isn't?