Mobile bitcoin wallet applications are NOT private enough for both the sender as well as the receiver. A common-input-ownership heuristic exists which states that if a transaction has more than one input then all those inputs are owned by the same entity.
This is one of the core heuristics used by chain analysis companies to determine the owner of specific unspent transaction outputs (UTXOs). UTXOs can be attributed ownership based on economic activity patterns, lack of privacy controls, and a false understanding of how UTXOs are processed in a bitcoin transaction.
For those that wish to retain a higher level of privacy, solutions such as multisignature, CoinSwap, CoinJoin, and Payjoin exist -- but are not easily accessible to the common user, as most of these solutions require in-depth technical knowledge of the Bitcoin protocol and administration of infrastructure that can sync and store and maintain chain data. An additional knowledge set of how to construct, parse, and sign partially signed bitcoin transaction (PSBT) data is required for enhanced privacy features. Most end users without this level of technical acumen will fail at implementing the specification properly, and will ultimately sacrifice security and privacy of their funds and transactions for the sake of conveinence.
Problems Faced
Signing Coordination - Transactions that require additional privacy tended to require lots of coordination between the transaction participants.
Signer & Receiver Communication - Transmitting this information in a private and secure manner has traditionally been a challenge for bitcoin transactions.
Transaction Confidentiality - Out-of-band communications and broadcasting of data can be noisy and raise flags when once is trying to transact privately.
Tor Control We had a hard time running the hidden service because there isn't a proper Tor controller out of the box. We had to marshall RPC methods somewhat manually.
iOS Limits iOS Only gives 3 minutes of background time to an app. Tor also typically expects in its own process address space. iOS doesn't allow forked app processes.
Hackathon Team [META] - How can we work remotely as a team on the same project and meet our deliverables within 24 hours?
Solution(s)
Onion '78
Tor Hidden Services
Payjoin
Tor Control
iOS Limits
Project Management
Discussion