PayNoWay vs URLCheck
Side-by-side comparison of two open source alternatives
PayNoWay
Double-spending is no longer a theoretical possibility but a practical reality. Most of the end-user applications used widely today leave their users vulnerable to being defrauded via double-spend attacks. PayNoWay is a tool that you can use to test the applications that you, or your business, depend on to accept on-chain cryptocurrency payments. Features: - Send payment transactions with the same UX flow as other wallet applications. - Easily broadcast double-spend transaction after a payment is sent, to return the funds to the internal wallet address. - Fetch current network fee rate, or set a custom value. - Optionally set automatic broadcasting of double-spend transactions. - Control what happens to the payment transaction output - "Drop it" or "Replace with dust". - By default double-spend transactions are broadcast to several web services simultaneously to improve chances of confirmation. - Bitcoin mainnet and testnet networks - Several address types - Legacy (p2pkh), SegWit backwards compatible, SegWit (bech32). - Transaction history view where you can re-broadcast any past transaction, copy to clipboard any transaction as raw hexadecimal, or update any locally stored transaction by fetching it from the configured web service. - Statistics dashboard (Payments vs. Double-spends) which shows total number of transactions as well as their total values. Optionally reset the dashboard at any time. Disclaimers: - This app is intended to be used for testing and educational purposes. - Please do not use this app to double-spend against merchants without their explicit consent. - A successful double-spend is not guaranteed - use at your own risk. - You are responsible for creating a backup of your private key(s). Without a backup, if you delete the app or lose your device, your funds will be permanently lost. Permissions: - Camera, flashlight - To scan QR codes that contain an on-chain addresses, payment requests, and optionally a private key (WIF) during configuration. - Access network state - For detecting if the device is offline. This helps provide feedback to you, the user, in case of temporary loss of network connectivity. - Internet - To query web service APIs to broadcast transactions, fetch minimum relay fee rate, fetch transaction history and unspent transaction outputs.
URLCheck
This application acts as an intermediary when opening url links. When you do so, a window containing information about the url is displayed, allowing you to make changes to it as well. Specially useful when you need to open an external link either from an email, a social network app or others. URLCheck is developed by TrianguloY, originally for personal use. It is open source (under CC BY 4.0 license), free, without any ads or trackers, light sized and using as few permissions as necessary (only the internet permission, for module checks that will only be performed when the user request them). The source code is available on GitHub too, if you want to suggest changes, perform modifications or propose a new translation: https://github.com/TrianguloY/URLCheck The app is structured with a modular setup, you can enable/disable and reorder individual modules, which include: * Input text: Displays the current url which can be edited manually. Can't be disabled. * History: View and revert any change from other modules, including edits from the user (typical undo/redo feature) * Log: Keeps a log of all checked urls, which you can view, edit, copy, clear... * Status code: By pressing the button a network request will be made to retrieve that url, and the status code will be displayed (ok, server error, not found...). Additionally, if it corresponds to a redirection, press the message to check the new url. The url is fetched, but not evaluated, so redirection based on javascript won't be detected. * Url Scanner: Allows you to scan the url using VirusTotal, and check the report. A free personal VirusTotal API key is needed for it to work. VirusTotal™ is a trademark of Google, Inc. * Url Cleaner: Uses the ClearURLs catalog to remove referral and useless parameters from the url. It also allows for common offline url redirections. Built-in catalog from https://docs.clearurls.xyz/latest/specs/rules/ * Unshortener: Uses https://unshorten.me/ to unshorten urls remotely. * Queries remover: Displays the decoded individual url queries, which you can remove or check. * Pattern module: Checks the url with regex patterns that warns, suggests or applies replacements. You can modify or create your own patterns, or even use user-created ones. Built-in patterns include: - Warning when contains non-ascii characters like greek letters. This can be used for phishing: googĺe.com vs google.com - Suggest replacing 'http' with 'https' - Suggest replacing Youtube, Reddit or Twitter with privacy-friendly alternatives [disabled by default] * Hosts checker: This module labels hosts, configured either by specifying them manually or by using a remote hosts-like file. You can use it to warn about dangerous or special sites. The builtin configuration specifies StevenBlack's hosts (adware/malware, fakenews, gambling and adult content) from https://github.com/StevenBlack/hosts * Debug module: Displays the intent uri, and optionally info about the ctabs (custom tabs) service. This is intended for developers. * Open module: Contains the open and share buttons. If a link can be opened with multiple apps, an arrow will be shown to let you choose. Can't be disabled.
| Feature | PayNoWay | URLCheck |
|---|---|---|
| License | GPL-3.0-only | CC-BY-4.0 |
| Install sources | F-DroidGitHub | F-DroidGitHubIzzyOnDroid |
| Categories | Password ManagerProductivityBrowserFinance | Password ManagerProductivityMessagingBrowser |
| Features | Ad-FreeOpen SourceNo Tracking | Ad-FreeOpen SourceNo Tracking |
| Platforms | Android | Android |
| Website | ||
| Source code |