Scatter Embed - one codebase, many wallets
Scatter is almost three years old, and we’ve learned a lot during that time. One of the most crucial things we’ve had to come to terms with is that we are a tiny team, and the world is big.
Our capacity to maintain many projects at once (Scatter Desktop, Extension, Mobile, etc.) is limited. This has caused the wait for new releases and products to grow as we try to expand our horizons and build ever more complex products. Even when new releases roll out that have critical things like auto-rejecting updateauth, users are slow to update and that leaves them vulnerable.
With the release of our new BP we are looking for ways to streamline and improve our product build cycles.
To this end, we’ve been working on a new project called Scatter Embed. Its core purpose is to offload the entire Scatter user-interface (UI) into a web app which can have a wallet key/signature provider injected into it. The end effect here is that we can have one codebase which renders the pretty graphics, and then many tiny products which interact with it that provide the security our users require.
Let’s take Scatter Desktop as an example. Right now all of the code that powers the graphics lives within the desktop wallet that you download. It makes the download size larger, and any time we have to fix a bug users have to download a new version and install it, even though 99% of the time bugs aren’t related to keys or signing, which is the only thing the desktop app actually needs to be used for.
By embedding Scatter Embed into the desktop app, and injecting it with the signing and encryption capabilities of Scatter Desktop, we get the exact same protections, without the downsides of having a full desktop app.
We’re bringing the extension back
Because of these core changes, we are now also bringing back the Scatter Extension. That’s right, Chromebook users can rejoice!
In the same way that desktop now works, the extension will simply be a key store and signing tool for the embedded web app. You can think of it like MyEtherWallet on steroids (lots of steroids).
By having Scatter Desktop, Mobile, and Extension all share the same UI code, we can make bug-fixes and feature updates to all of our wallets at the same time. This also expands the ability to locate and identify bugs by having all of our wallet’s users using the same code across all of their devices. Submitting error reports can now happen in a more organized manner, which will help keep the quality of Scatter high.
Speaking of updates
One of the biggest bonuses of this separation of code bases is that the need to update all of Scatter Desktop, Extension, or the upcoming Mobile can be done with a lighter touch.
Right now both changes to the UI and wallet-specific functionality all require a full update. This is problematic as many users are still using old versions of Scatter with some vulnerabilities which have since been fixed. Here is your reminder to update now!
By splitting the Embed wallet and the Desktop wallet into two interacting softwares we can auto-update the Embed wallet without you having to download and install a new version of Scatter. So for things like UI updates, wallet logic (things like preparing transfers and actions), and mutating already decrypted data (settings, adding/removing keys, etc.) you simply automatically update to the latest code.
The Desktop, Extension, and Mobile clients will need an update when things like signing, encrypting, or data storage need bugfixes, or when a new blockchain is added. This will require the user to download a new version of the native client.
Is it still just as secure?
All Scatter versions will be considered more secure now because fixes will migrate to users faster. Not only are there checksum checks of the web app from your local app, but all encryption and decryption of private keys, as well as signing always happens in your downloaded version and never on the web app--which is still local for you! Unlike other web wallets, we also control both sides of the codebase so we don’t have to worry about the web app being updated by a third party team. As always, Scatter means security you can trust.
When is this happening?
The first product to include Embed will be Scatter Desktop, which will go out to our testing group in the next few weeks. Soon after that the extension will be brought back online and go through testing as well before being released back into production.
We’ll also be announcing a related and super exciting new product in the coming weeks. If you’d like to be notified, you can sign up for the related mailing list here.