- Is the above architecture safe? (What happens if server is compromised of the server is biased)
Provided the users keys are stored only locally on the users device, this is a pretty safe architecture. However, I can imagine a possible attack vector where traffic between your users and your node is compromised, and incorrect information about the statement of the network is provided, causing your users to make ill-advised transactions. I'm not sure how likely that actually is for your application, but if it seems like something you should defend against, then using a secondary source of truth would help.
- Do I need to create a Full-node Ethereum client corresponding to every Android app user.
No
- What type of user's data will the Full-node server need to process a transaction on its behalf?
None, provided transactions are all properly signed before sending
To interact with the remote node, you can just provide the ip and port to web3.js like this:
web3.setProvider(new web3.providers.HttpProvider('http://ipaddress:port'));
I managed to do this today after some painful debugging. The result is here: https://github.com/zupzup/react-native-ethereum-wallet
It's not a full example yet, but it shows how to interact with the running geth node.
Here's what I did:
First step, add the geth dependency to build.gradle:
compile 'org.ethereum:geth:1.6.7'
Then, in MainActivity.java, try to get the node running. You'll see if it's running correctly in the Android Monitor.
This looks something like this:
NodeConfig nc = new NodeConfig();
Node node = Geth.newNode(getFilesDir() + "/.eth1", nc);
Then, you need some way to expose this node to your Wrapping module. I just used a Singleton for this, but I guess there are cleaner ways to share state in Android.
Regarding the wrapping, I just used the official docs at https://facebook.github.io/react-native/docs/native-modules-android.html.
Basically, I created a method test
, which fetches the node
from the singleton
and executes something on it (in my case a simple getBalanceAt
query).
And this test
method can be called from React-Native with a callback, if you register the wrapping module correctly. Like this:
NativeModules.TestNative.test("tojavandback", (str) => {
Alert.alert(str);
})
This outputs, in my case, the amount of ether at the given address. It's just a simple example, but the whole end2end interaction works.
Hope this helps.
Best Answer
Geth can be run both on Android as well as iOS for about 4 months now. The nightly builds of the develop branch always include the Android
.aar
archives that you can link against an Android Studio project and the iOSframework
that you can use in XCode.Since Geth does not yet feature the light client functionality (that one actually needs Ethereum global P2P protocol updates), it's quite heavyweight, but it will be the official way to run mobile DApps, and AFAIK only Geth has even a remote concept about light client support. Other implementations really need you to run your own server, which kind of beats the purpose of a decentralized platform.
The mobile library of Geth is currently uber-basic, you can just start up an embedded Geth node and connect to it, but all RPC functionality (on HTTP, WS and IPC) is callable, so anything you could do from any remote node you can do from mobile too.
You can read my reddit post from back December on how to use these:
The library archives on that post are obviously old, but you can skim the go-ethereum gitter channel for daily announces of fresh builds (this is the last one).