My question would be: does the wallet allow "unlimited" PIN trials which then indeed makes a 4-digit PIN not really a secure option? And I checked myself and it's a good sign for security that the wallet only allows 8 PIN trials max. before the wallet is reset (likely wiped).
Now that I see that the 4-digit PIN has up to 8 attempts. I hadn't noticed this because I've Face ID enabled, I feel more relieved (though I still think the user should have more encryption options beyond a simple 4-digit PIN). But the developers want the app to be easy to use, those who want something more serious about security should opt for a desktop wallet with an airgapp or hardware wallets. This is a pocket wallet, but many "pocket wallets" have resilient encryption with complex characters.
So statistically you have a 1/1250 chance to hit the correct PIN with eight available tries. I'd surely prefer a longer PIN and also maybe a lower number of tries, too, but due to the limits the 4-digit PIN isn't as bad as you make it sound. All this assuming, people don't use silly PINs like all same digits, consecutive up or down or their month'n'day of birth.
Yes, that's what I think too.
There's another quirk that I don't quite understand. During backup (let the wallet display the mnemonic recovery words and check that you have backed them up properly) there's kind of a warning that you shouldn't use your wallet simultanously on multiple mobiles, because this could damage your (wallet's?) data.
You're right, the message might be a bit confusing and not very straightforward, but the message was meant to convey the idea that the more you use your backup to be restored to other wallets, the greater the chances of exposing your recovery phrase to malware.
This is somewhat weird and I can only think of an explanation that is connected to some centralized server to which Bitkit wallets talk and sync data. Not sure if I like this... And yes, the next screen says: your profile, contacts, accounts, tags and activities are automatically synced/backed up to the vendors free cloud service. Well, well, I'd certainly like to have a look at the source code what exactly is synced there. I don't know why a wallet needs to sync such data anyway.
I agree with your perspective. I haven't explored that aspect yet, but I don't need it. The idea behind Bitkit is to make using Bitcoin easier, just like banking apps where you can save your contacts (I don't know if your country's banking technology allows this, but brazilian banking technology does).
Luckily, if you have an Electrum server, Bitkit provides the option to connect to it.
What I don't like (for any wallet!) is that the user isn't forced to backup the mnemonic recovery words. I'm sure there will be people who don't care and know how important an analog backup of your wallet's recovery words is. This wallet again makes it easy for such noobs to loose their wallet and likely some funds therein.
The requirement for a user to use the wallet is to understand the importance of backups. It's recommended that they be done before configuring anything else, such as never funding a wallet before backing up. So I don't really care about that, the warning is there, and it's the user's responsibility to know.
