Open-source software is software with source code that anyone can inspect, modify, and enhance. There are positive and negative aspects to open-source software.
Some people prefer open-source software because it allows them to audit the source code for security and stability. It is believed that because anyone can view and modify open source software, someone might spot and correct errors or omissions that a program's original authors might have missed, so it can be more secure.
Is open source always good?
The downside of open-source software is that it could allows others to more easily create a malicious duplicate of an application. Open-source software can also cause compatibility issues.
While there are benefits to being open source, it's not the most perfect solution to security issues - in fact, it can sometimes bring additional challenges that need to be managed or mitigated.
Is Casa App Open Source?
Casa App is not an open-source mobile application, though this may change in the future. We believe this is best for the security of our customers. This does not mean that you have to trust Casa during normal use of the app (see information on "watch-only wallets" below.
When it comes to open vs closed source for Casa App there are two primary questions:
- Are there flaws in the wallet that could be exploited by internal or external attackers to steal funds?
- Are there flaws in the wallet that could be exploited by internal or external attackers to trick you into sending funds to them?
Even if Casa App were open source, it would not provide any guarantees that the wallet could not be exploited by external or internal attackers to steal funds. Casa is architected to not rely upon our software or infrastructure for the security of funds. Rather, it's built upon a foundation of securing keys with specialized hardware and software from entities other than Casa.
Casa does contract with independent auditors to review our code on a regular basis.
Casa can't steal your funds because we only ever have 1 of 3 keys. Even a malicious Casa app would not be able to use your keys without your explicit approval. To be precise, humans have to verify and approve the details of transactions on multiple devices that Casa has no control over. The biggest vulnerability is being tricked into sending funds to an address that is controlled by an attacker rather than by you.
The Casa app has been built to specifically distrust the receive address information given to it by the server; there are cryptographic verifications performed by the app against the extended public key data it receives and the client independently derives addresses in the app.
Nonetheless, you could assume that somehow the mobile app, servers, and databases have all been compromised by an internal attacker. In this case, the final backstop is independent verification. Independently verifying a deposit address, for example (as you can do in Casa App), is far superior to simply having an open-source app. This is because actually verifying an open-source app yourself is very difficult for Android and even more difficult for iOS.
How can I use Casa App without needing to trust Casa?
You always have the ability to safely monitor your balances and transactions independently from Casa App using "Watch-only wallets." Watch-only wallets give you the ability to use 3rd party software over which Casa has no control to independently verify transactions.
How does a watch only wallet give you this assurance? Due to the way that multisig addresses are constructed they are created from a hash of the entire redeem script. The redeem script includes all of the public keys and the requirements for how many signatures from that set of pubkeys are required. Changing a single byte of that redeem script completely changes the hash and therefore the address. If malicious Casa software displayed an address to you that changed anything about the spending requirements for those funds, it would not match the address derived by the watch only wallet.
For a more detailed explanation of watch-only wallets and how to set one up check out Creating Watch-Only Wallets.
Don't Trust. Verify!