I'm working on developing a decentralized application which requires every user of the Android app to have separate account containing his ether balance information and other user-specific information.
I read about the concept of light-clients and full-nodes but came to know the official Ethereum light-client is still under development.
Then I stumbled on these articles about using ethereum in Android and Iphone. So they kind of suggested of creating a Full-Ethereum node and make your app interact with this node using JSON-RPC protocol. So I came up with the following architecture:
Android App (Contains user's private key and data) —-> Ethereum Full-node server (Set up using available clients for ethereum (in python)) —–> Ethereum Virtual Machine.
I've some questions as follows:
-
Is the above architecture safe? (What happens if server is compromised or the server is biased)
-
Do I need to create a Full-node Ethereum client corresponding to every Android app user.
-
What type of user's data will the Full-node server need to process a transaction on its behalf?
Last one is slightly out of context and might be very vague, Given a JSON-RPC library like [web3j][3] and a full-node client like [pyethapp][4] running on a different device, How would I make the web3j interact with pyethapp
Best Answer
Provided the users keys are stored only locally on the users device, this is a pretty safe architecture. However, I can imagine a possible attack vector where traffic between your users and your node is compromised, and incorrect information about the statement of the network is provided, causing your users to make ill-advised transactions. I'm not sure how likely that actually is for your application, but if it seems like something you should defend against, then using a secondary source of truth would help.
No
None, provided transactions are all properly signed before sending
To interact with the remote node, you can just provide the ip and port to web3.js like this: