I had an idea to enhance the security of nostr signer apps like Amber nostr:npub1w4uswmv6lu9yel005l3qgheysmr7tk9uvwluddznju3nuxalevvs2d0jr5. A fully offline and super lightweight event signer companion app called Amber Secret Keeper. It only has permission to talk to Amber, which would handle all interaction with other apps and the user. It would rarely need updates and have a much smaller codebase.
Discussion
The complexity of having 2 signer apps probably makes this a trade-off suitable only for me and my 3 paranoid friends.
Literally thought of this, this morning. I believe its something similar to what nostr:nprofile1qqs99d9qw67th0wr5xh05de4s9k0wjvnkxudkgptq8yg83vtulad30gpzpmhxue69uhkummnw3ezumrpdejqz9thwden5te0dp5hxapwdehhxarj9ekxzmnyqyv8wumn8ghj7un9d3shjtnwdaehw6r9wfjjucm0d5eechmk is building
The codebase can be smaller, but I don't think it will be small enough to please your paranoia.
After all, you would still need screens to display the wallet and allow the user to set it up and manage it.
If you want to support multiple accounts, that gets worse.
Amber's codebase is mostly big because of the NIP-46 bunker implementation/notifications, which I think can be moved to a different app just for that with the use of Pokey to receive those events.
That being said, Amber is not supposed to be the only signer available. Other signer apps should exist and compete with Amber for a place in the user's hearts.
I really like what nostr:npub1w4uswmv6lu9yel005l3qgheysmr7tk9uvwluddznju3nuxalevvs2d0jr5I is doing with Amber. The idea stems from how unconformable I feel as I smash the update button every time a pre-release version is issued.
separation of concerns is great for advanced users but will probably end up being used by a minority of users.
I love the idea of using a notification app like Pokey for to reduce duplication, open websocket connections and battery usage.
I don't actually want my signer app to be dumb. I want the sort of optionality that Amber brings about what gets signed automatically and when I should get prompted. I want to be regularly interacting with my signer. I want innovation and updates to improve this experience. Maybe other people want something different from their signer app eg. simplicity and minimalism, security and infrequent updates?
Thank you