Why is Recap a desktop app?
Exploring the factors behind the decision to make Recap a desktop app
Sat Sep 07 2019
Choosing to offer a desktop app might seem a surprising choice when we consider that the majority of applications these days are either web apps or mobile apps.
As with most of our decisions at Recap, the reason is simple - your financial privacy.
We believe that your personal financial data should to be totally private, so we have a couple of unbreakable rules:
- All exchange and wallet data is fetched directly from your devices and never from our servers (or else we could see and/or collect it)
- All your data is encrypted with your personal key before it's stored locally and definitely before it's synchronised to our servers (so it's gibberish to us)
There are technical limitations, namely CORS, which prevent the fetching of exchange data directly from within a browser. A common way around this is to use a proxy to bypass the browser's CORS protection. This would work, but any data fetched through the proxy is disclosed to the proxy operator. This means either Recap or a 3rd party could collect your data, and we don't want that.
Given our principles and browser limitations, the only option we have is to build native applications (desktop and mobile apps).
The downside of this is that our user's have to trust a desktop app which naturally has wider permissions on your device than a web app. We're in a difficult position, but we decided that your financial privacy is more important than the users we'll lose because of Recap being a desktop app.
To give some comfort:
- We apply best practices when it comes to deploying the app, including application code signing (using Microsoft Authenticode and Apple App Notarization).
- We implement strict policies, procedures and access control on our backend and update systems (our operations run on AWS).
- Your data is always encrypted with your personal key, both on your device and on our servers!
- We operate a strict CSP within the app to prevent data being sent or received from untrusted sources and to prevent malicious scripts from running if they somehow made their way into the app. We only whitelist our own API and the exchanges for data fetching.
- The only 3rd party services we operate are Sentry, which is our bug tracking system and Intercom, which is our in-app support and customer management platform.
- Hopefully you can see that we are really trying to make Recap desktop as secure and trustworthy as possible.
Obviously we can say whatever we like about our privacy and security but that still doesn't mean you should trust us.
We recommend that technically minded users who don't trust desktop apps can still enjoy Recap when installed in a trusted sandbox environment, such as a virtual machine.
We also recommend that users treat all desktop applications, including Recap, as untrustworthy and act accordingly. For example, always use hardware and/or multi-sig for cryptocurrency wallets.
Additionally, we recommend giving apps information on a least privilege basis in order to reduce risks wherever possible.
If you have any questions feel free to chat to us in our telegram group!