At Coinomi, security has always been our top priority and concern. While no user has ever lost funds due to a Coinomi issue since the start of operations in 2014, we decided to take security one step further. If you've been using Coinomi on desktop for a long time, you'll see that the recent versions of Coinomi for Windows, Mac and Linux features a drastic change in the way sensitive operations are performed.
The new Secure Action and Sensitive Information Dialogs are re-implemented in native Java, doing away with the old Javascript-based implementation. The primary reason for this decision is that by having a secure, OS-handled environment for all sensitive operations protects you from a wide range of attack vectors that might be possible now or in the future.
Specifically, Java is safer for a wide variety of reasons: as a standalone language that is executed by the JVM (Java Virtual Machine) and needs to be compiled into byte-code to run, it is far superior than JavaScript which must be placed inside an HTML document and executed by a web browser - an inherently less secure approach. In Java, the source code is hidden from prying eyes as it is compiled into the unreadable byte coding type, while on Javascript the source code could be read by any person (as it is written in plain text). Java is developed by keeping “security of codes” as the primary motive that can be achieved through JVM. On the contrary, JavaScript could be susceptible to cross-site-scripting and other attack vectors.
Hence, whenever you start an action that should be handled securely and with extra protections, you will see a window that says "Coinomi is requiring you to perform a secure action". Secure actions can be password prompts for making transactions, adding coins, etc. The window will look like this:
The same extra security is used when displaying sensitive information like when showing, verifying or entering your Recovery phrase. Note the similar yellow warning at the top:
At Coinomi, we will keep striving to keep your funds totally shielded and secure. We want to take the opportunity to thank our community for their continued preference and trust, and to commend them for staying vigilant. Our Live Chat Support department is always eager to assist you with any questions or issues you may face, so don’t hesitate to visit https://coinomi.com and click on the live chat widget in the bottom right corner of the page!