pull down to refresh

Mycelium used to be my main wallet, for many years. I particularly liked it because I could easily sweep (spend) a paper wallet QR code.
Here's my minimum barrier to entry for a wallet app:
Is it open source? Yes [Android | iOS]
Is the binary that is distributed reproducible from that open source code?: No

For Android:
Latest release: 3.16.0.13
NOT REPRODUCIBLE FROM SOURCE PROVIDED
The diff looks benign. Two geenrated variable names differ between the two binaries.

For iOS:
Latest release: 1.17
NOT REPRODUCIBLE FROM SOURCE PROVIDED
This app has public source code which is independent of their Android version.
The provider claims:
100% control over your private keys, they never leave your device unless you export them.
but so far nobody reproduced the build, so the claim is not verifiable.
As far as I know, iOS apps can't be reproduced easily, and this note from Telegram explains the reasons why fairly well.

So if you cannot reproduce the distributed binary from the source code, there's no way to verify that what is in the app is what is in the source code repository. They could make any change they want, including sending your private keys back to the mother ship. In other words, using an app that cannot be reproduced is little better than leaving your coins on a custodial exchange -- as with both you are trusting someone else.
(and if you don't know if WalletScrutiny can be counted on, ... the founder previously was also at one time the lead developer of Mycelium Android wallet, coincidentally).
Anyway, there are many good wallet apps, with various features depending on what you are looking for.
From what I understand, most open source wallets aren't reproducible from source provided.
reply
Sadly, this is true.
That's why I don't hold hardly any bitcoin on a mobile wallet, which normally is the (non-reproducible) BlueWallet for small amounts on-chain, and (custodial wallet) Wallet of Satoshi for small amounts LN. If I do need a larger amount on mobile (e.g., for going to do a P2P trade), I use Blockstream Green which is reproducible.
For desktop I oftentimes use Electrum, which had served me well for years. What I mainly use today can vary based on what I am doing.
Another site that determines which binaries are reproducible is this from CoinKite: https://bitcoinbinary.org
reply