Eyes on HBAR: The Wallawallet Team Explores the Ins and Outs of Building an HBAR Wallet
Jeremy Headshot
Sep 02, 2021
by Jeremy Fletcher
Hedera MVP

The Wallawallet application was released on Android and iOS mobile operating systems in December 2020, and boasts a 90% ‘Active User’ rate amongst the application’s 7000+ downloads. 

In this interview, the two founders of Ledgerama, JR Fletcher and Robert Kainz will share their experience building a fully supported HBAR wallet on Hedera Hashgraph.

JR Fletcher - I am joined by Robert Kainz, the CTO and co-founder of Ledgerama, and the lead developer of Wallawallet. Rob, would you tell us a little about your background as an enterprise developer?

Rob Kainz -  I've worked as a contractor for companies like IBM and Tivoli, and USPS, and I worked at Railinc for a long time writing software for the railway industry.

At the time we had to use some older technologies, but Hedera Hashgraph might be a really good fit for some things we did there as far as inspection quality and especially securing certain information that others shouldn't be able to see.

JR - You and I flew out to Dallas, to the Hedera Hackathon in 2018. Why did you buy that plane ticket to fly out to Dallas and compete in that hackathon?

RK - For years before that, I was interested in cryptocurrency- Ethereum, Bitcoin, and a whole lot of others. When I saw the New York announcement for Hedera I was really interested in the technology because of the speed, latency, security, scalability, and decentralized governance. All of it works really well with this long lead vision that I have. So I decided to head out there, participate in the hackathon, meet some people and see if I can find others who are also interested in following that same path. I love the fact that Hedera has a professional Governing Council comprised of trusted, large organizations that are stewarding the network. Having worked at a company like Railinc myself, I know they're not going to pick a technology that has high, unpredictable fees. Hedera Hashgraph solves many of these problems. I still have that entrepreneurial spirit and I want to use my talents and skills that I've accumulated over the last 20 years in software development, and do something bigger than I've done in the past. Hedera Hashgraph is the technology that I've been waiting for to be able to do all that.

JR -  Speed and scalability. The first time I ever transacted with Hedera, I said, 'Yes, this is it!' .. finality in seconds, the transaction was done. I could buy a cup of coffee with this. Speed and finality are big, big bonuses in the Hedera Hashgraph world.

RK -  It was Cooper Kunz who said, "You guys are gonna need a wallet, why not start by building that?" I was kind of hesitant at first but I said to myself 'well, we really do need one.. And we probably want it to be built the way that we want to build it..' So yeah, we started Wallawallet last May, and here we are. We're getting ready to release the initial version of Hedera token support in Wallawallet, which will be sending tokens and getting the token metadata.

JR -  So when building Wallawallet what SDK was used?

Rob Kainz - When we started there was really no official SDK that ran on the iPhone at the time. So that was a big tricky thing for us. An early community member spent a long time figuring out how to hack the JavaScript SDK to get it to run on iPhone, and in a React Native environment. I forked his repo and was able to get that to work and the very first versions of Wallawallet used the hacked JavaScript SDK for the iOS, but I'm a Java Pro, I've been doing Java for decades now so I used the Java SDK for Android initially. I was maintaining code for two different SDKs. The nice thing about React Native, in theory, is that you can write all your code once, and then it runs on both Android and iPhone but of course, it's not flawless by any means and I had to learn a lot about React Native. I am constantly dealing with upgrading the components and all that can be quite tricky.

JR - Why React Native versus something like Flutter or any of the other mobile environments?

RK - Flutter was too new at the time and a smaller community about a year and a half ago. I didn't want to do that, because I figured it would really slow me down. So if there were components that I really needed, that nobody had developed, or were really immature, I wanted to be able to put our wallet into production very quickly without issues like that, and without having to take time to redesign or build something from scratch or work with code that was just not mature enough. So that was a big reason for doing that. Then it came down to choosing between React Native and Ionic. In the end, React Native won out just because of the scope of the community, even though it takes a little longer to build something on React Native, so they say. I've certainly had some issues but in the end, it's been a pretty decent experience overall.

I did end up going with the Golang SDK at one point, we were in production with that for maybe four months. Ideally, I want to keep the same SDK, and I want to keep the code the same, so it's less to maintain and less to test, but towards the end of that, I was really getting fatigued by writing bridge code. When I started to have to deal with the tokens, I had to start moving more and more data across and, and serialize and deserialize it and that work can be quite tedious.

Fortunately, Hedera came back and said that they got the Javascript SDK to work. We are going through a couple of additional issues but we did get it to work. Hedera had to fix an issue with the cryptography library, which wasn't properly running in React Native, but once they got that fixed I was good to go.

Software development in general is very hard. There's no question about that. Decades of experience definitely helps. We did lose several months of productivity due to SDK related issues, workarounds, research, trial and error, proof of concept stuff that we were trying to get working and it was unfortunate, but that's the way it is sometimes and I was not interested in learning the really low-level Protobuf API.

JR -So you could kind of bypass some of the issues by dealing directly with the Protobuf layer, but that's not ideal?

RK - It's definitely not ideal and with the way things change, having to deal with the protocol at that level, adds a tremendous amount of risk to the project and I did not want to go there.

JR -  So were there other challenges that you ran against in developing Wallawallet? I know we've had some issues figuring out the best ways to get data from the mirror nodes.

RK - One of the things that aren't supported by our current mirror node is the token transfers in their API for transactions, which I really need. Fortunately, Hedera just recently opened up a public mirror node.

For the Hedera mirror node, one of the issues that I was having if you have a treasury account, and the treasury account has tokens in it, and you try to fetch all of the token metadata for those tokens, you get an empty array back. That is something that was overlooked, but they're fixing that.

Another nice thing about the Hedera mirror node is that it is free. We are a startup and we don't have a ton of resources and time. We do the best we can.

JR -  Where are we at with the SDKs now? We moved on from Golang and we're back to Javascript, right?

RK - Yes, now we're on Javascript, but I would go back to Golang if they fully support the SDK in both Android and iOS environments. It probably would be a better solution than JavaScript in that case.. as long as I don't have to write all the bridge, glue code, that would be great.

JR - What have you learned about interacting with the APIs like the crypto APIs and the Hedera Token Service (HTS) APIs?

RK -  They're pretty straightforward. There are good examples out there for them in the different languages. There are subtle differences between the JavaScript one and the Golang, with the way that exceptions are handled and thrown with the status codes. I've had to deal with that a little bit in the latest version when I switched back to the JavaScript SDK.

The documentation is not difficult to get through. I've had to learn the crypto API, the HTS API, and soon the NFT one. We do plan to add NFT support and of course, Hedera announced that they're gonna have staking at the end of the year. So that's more work for us to do so.. (laughs).

JR - What advice would you give to somebody building on Hedera?

RK - If you're dealing with cryptocurrency, you're moving money around, and you have to be very careful with how you do that. You have to understand exactly how the state management of your app is working before these transactions are kicked off, that you're not missing anything or messing up decimal points and things like that and sending more money than you intended out of somebody else's wallet. You have to be careful managing keys, you have to be very careful on all these things.

JR - You and I have had many debates over security versus usability but I was told by some folks at Hedera that they love your approach to security with Wallawallet, because it's obvious that you take security very seriously and put security first. They say that is what Leemon does also. He puts security first.

RK -Security has to be at the forefront of your mind when you're dealing with cryptocurrency. No matter how you deploy your app, you really have to think through exactly how it's going to be deployed, who's going to have access to what keys, how can they be compromised, that kind of thing.

With Wallawallet, we depend on the secure enclave on the phone, which is a separate piece of hardware that manages the creation and storage of the private key. It's tied to your biometric as well so the attacker has to have physical access to the device to be able to recover data from it because it's tied to the biometric. I highly recommend that everybody also enable the six-digit PIN code that we have on there to prevent a wrench attack.

JR - As always, the number one security risk is physical access, but if you set your PIN code, at least that is another layer of defense.

Moving on to Hedera Token Service (HTS). HTS is a really new service, it feels like it just came out but it's changing and evolving at a lightning pace. What were some of the challenges and benefits of working with HTS?

RK - I'm still facing at least one challenge, but overall, the biggest challenges that I've had were with the SDKs. Once I started getting into HTS, it wasn't too bad. I did have issues with some of the data that I had to get from the public mirror. You have to think about all kinds of different scenarios.

First of all, you don't have the token symbol when you get the balances from somebody's account. So how do you do that? Do you look them up one by one and send one query, one at a time to Hedera to get the information? That's a lot of network overhead to do something like that. Do you get them in batches? Can you even do that? So you have to look at the APIs and determine whether you can do that or not.

How are they supported in batch? They're through 'get query' parameters, right? Well, you can only have so many on there before you exceed the limit for a URL, so you have to consider things like that, too. What if the account has 1000 tokens? There's probably a limit, maybe it's 1000, or 500?

What if you have more than 500 tokens at a time? Then you've got to page through them. That's more time lost, right? So you have to cache the data because if you're showing lots of different accounts and token data, you want this stuff to be very responsive and very fast.

I haven't fixed the paging issue yet, but you have to consider those kinds of things, along with the KYC flags and other parameters, you have to consider all of these and how you're going to be dealing with them in your application, depending on what your application does, and what the needs are.


Thank you for reading this post as we explored some of the ins and outs of building a fully supported wallet for the HBAR community. We appreciate all of the great feedback we have received from our users, so please, keep it coming. Stay tuned for more great things to come from the Wallawallet team over at Ledgerama, such as support for the Hedera Token Service, NFTs, HBAR staking and more. Feel free to reach out to us for questions or comments at [email protected] or via our website at https://wallawallet.com/contact-us .