Cool project 
If you don't release the source for the project, you'll find it'll be hard to convince people to generate addresses that they'll use - it's too hard to prove you aren't sending the private keys to yourself.
If you don't release the source for the project, you'll find it'll be hard to convince people to generate addresses that they'll use - it's too hard to prove you aren't sending the private keys to yourself.
Not really, just hook your phone up to your computer, open Eclipse (make sure you have ADT plugins installed) and watch the ADB logs for anything outgoing. But for non-Android developers, I guess.
Decompiled his APK, definitely doesn't seem nefarious from first glance, and he's definitely not lying about what permissions the app actually asks for. (Meaning, since it doesn't request network permissions, it can't send your addresses anywhere.) Please feel free to correct me if I am wrong.
His AndroidManifest.xml file:
Code:
xmlns:android="http://schemas.android.com/apk/res/android">