Support MetaMask mobile
chmanie opened this issue · 6 comments
Payout
Heads up! There's a bounty on this task! Go to https://colony.io/colony/beta/task/5e456715cbb233006996c3b0 learn more!
Description
Issue owner: chris@colony.io
Currently purser-metamask only works with the Desktop version of MetaMask. The reason for that is currently not known and to be researched as part of solving this issue. We would like to support the mobile (iOS, Android) version as well in this module.
This issue is considered done when:
- The reason why
purser-metamaskdoes not work with the mobile version of MetaMask is found and a possible solution (or more) is laid out - A fix is provided to make
purser-metamaskwork with the Android and iOS versions of MetaMask - A video is provided showing it work on an Android and/or iOS device
I took a crack at this, but was stymied by my windows machine. My notes for anyone getting started if they like me were not familiar with the project:
- This is a mono repo with 5 sub projects living in
modules/node_modules/@colony, this problem is inpurser-metamask - The project uses flow, which takes a couple mins to set vscode up to use if not already
- Problem is that colony can't talk with metamask to do the login flow when metamask is being made available through this project https://github.com/MetaMask/metamask-mobile (rather than the browser extension, which works fine)
- As far as I can tell contact with meta-mask is attempted here
modules\node_modules\@colony\purser-metamask\index.js - The test for that file is here
modules\tests\purser-metamask\open.test.js - My plan was to build and run a local instance of metamask mobile which I could run the tests within, but this cannot (easily anyway) be done on a windows machine
@BrighTide
Were you going to use the built in networking with MetaMask?
The process for connecting for MetaMask Extension go hand-in-hand with #289
MetaMask has the App and Browser Extension to take in to consideration when refactoring.
I'm also thinking that Google will be changing API regarding cryptocurrency wallets and browsers without announcing changes until it breaks and gets reported.
MetaMask (Android) is categorized as a Web Browser. The security available with MetaMask will not have had the testing as the main browsers and would be more susceptible to malware than the browsers already available and have been in development for much longer.
Some I can think of is hidden launch when browsers are set as default, or Cross Site Scripting and SSL...
A scenario below would not be ideal - as MetaMask will connect to a site that has failed verification.
I had an incident last year where Brave Browser on Android had Reward addresses hijacked for Twitter.
https://twitter.com/neobeum/status/1217029212973875200?s=20
Unfortunately I didn't get deep enough into the issue to grok "Were you going to use the built in networking with MetaMask?" 😅. From what I could tell the extension made some stuff available in the global javascript context to the metamask website, and I assumed the MetaMask browser was attempting to do the same but couldn't for some reason. Plan was to run it all together with a debugger and see what fell off.
I can see the issues with the MetaMask, I'd hope they'd be actively pulling from a downstream major browser project rather than building their own. Power to them if they're that brave though 😄
@NeoBeum are you working on #289? I've seen you've been posting some stuff around it. Was thinking of picking it up myself
Yeah - these two tasks are along the same line.
I don't have MetaMask on my development device - but I could probably unpack the APK and see what engine it is using... actually a scan one of the sandboxes might do it too.
I'm currently in the middle of creating a Local JoinColony node and then I'm going to start working on importing the libraries.
Setup to test an issue like this https://github.com/BrighTide/purser/tree/69b9cfb685cc8c0dc3ad217ffb9c80653d61277f/metmask-mobile-test