Wallet Logo

AJGlobalV

Latest release: 1.0.16 ( 1st August 2022 ) 🔍 Last analysed 19th October 2021 . Custodial: The provider holds the keys
3.1 ★★★★★
29 ratings
8th September 2020

Jump to verdict 

Help spread awareness for build reproducibility

Please help us spread the word discussing the risks of centralized custodians with AJGlobalV  via their Twitter!

Do your own research!

Try out searching for "lost bitcoins", "stole my money" or "scammers" together with the wallet's name, even if you think the wallet is generally trustworthy. For all the bigger wallets you will find accusations. Make sure you understand why they were made and if you are comfortable with the provider's reaction.

If you find something we should include, you can create an issue or edit this analysis yourself and create a merge request for your changes.

The Analysis 

(Analysis from Android review)

App Description

The platform allows the trading of gift cards, Bitcoin and Naira.

Our Vision: to be the most preferred Gift Cards and Bitcoin trading partner – locally and globally.

Google Play Critical Reviews

Note: Out of 87 total reviews, the app received 3.5 Stars. It is also worth noting that the developer responds to each review promptly and professionally.

Ayo gift
★☆☆☆☆ June 23, 2021
So fake can’t even sign in I try using another email account still yet keep saying rubbish..

Muhammad Umar
★☆☆☆☆ June 1, 2021
This app is a bad app doesn’t sign up but nestybag announce the app as if is a good app .. the app is very bad .. wasting of MB…. I will only give him one star ⭐ because I can not post it without putting star

The Site

The Terms and Conditions

Termination Clause

By opening a AJ Global Account you accept and agree that AJ Global may, without further notice and in its sole discretion, terminate, suspend or restrict the account of any customer who uses, or who we reasonably suspect may be using, the AJ Global Site or any AJ Global Account in a manner that is inconsistent with the letter or spirit of these Terms.

KYC

AJ Global implements and maintains the highest standards of Know Your Customer (“KYC”) processes and controls as part of our commitment to combating fraud and assisting in the prevention of money laundering and terrorist financing. While our industry is largely unregulated, AJ Global voluntarily adheres to local and international compliance standards in relation to customer due diligence.

The App

We downloaded the app to test it. There is a bitcoin wallet that allows users to:

  • Buy
  • Sell
  • Receive
  • Transfer

Buy

To buy bitcoin, the user must input a dollar value, which then calculates the Naira value and the Bitcoin value. You are then asked to fill up a ‘Pin’ field which is assigned by the user. Once an amount is inputted, there is a message that states:

Note: Total bitcoin received by you may differ from the true value we sent.

Sell

Selecting sell from the Bitcoin wallet, we are then presented with different ‘Bitcoin variants’:

  • B1 - 10 to 99 ₦ 530
  • B2 - 100 to 499 ₦ 540
  • and so on

Selecting one presents us with a form that we are supposed to fill. Entering a dollar value calculates the Naira value and Bitcoin value. There’s also a note that says:

Note: Total credited amount may differ depending on the true value sent.

Receive

It is possible to receive Bitcoin via QR code and a BTC wallet address

Transfer

The fields for transfer are:

  • Bitcoin Value
  • Dollar Value
  • Receiver Address
  • Pin

Gift Cards

This includes amazon, Google, iTunes, Steam and others.

Verdict

Most apps with developers catering to the Nigerian population usually uses gift cards and Naira to trade Bitcoin. So far, among the other apps that we’ve reviewed, AJGlobal is one of the few that actually generates a BTC address with functions that allow sending or receiving. However, the service still holds the private keys, implements KYC and has a termination clause that could lock out the user from the platform. This makes the service custodial and the app cannot be verified.

(dg)

Verdict Explained

As the provider of this product holds the keys, verifiability of the product is not relevant to the security of the funds!

As part of our Methodology, we ask:

Custodial!

Is the product self-custodial?

If the answer is "no", we mark it as "Custodial: The provider holds the keys".

A custodial service is a service where the funds are held by a third party like the provider. The custodial service can at any point steal all the funds of all the users at their discretion. Our investigations stop there.

Some services might claim their setup is super secure, that they don’t actually have access to the funds, or that the access is shared between multiple parties. For our evaluation of it being a wallet, these details are irrelevant. They might be a trustworthy Bitcoin bank and they might be a better fit for certain users than being your own bank but our investigation still stops there as we are only interested in wallets.

Products that claim to be non-custodial but feature custodial accounts without very clearly marking those as custodial are also considered “custodial” as a whole to avoid misguiding users that follow our assessment.

This verdict means that the provider might or might not publish source code and maybe it is even possible to reproduce the build from the source code but as it is custodial, the provider already has control over the funds, so it is not a wallet where you would be in exclusive control of your funds.

We have to acknowledge that a huge majority of Bitcoiners are currently using custodial Bitcoin banks. If you do, please:

  • Do your own research if the provider is trust-worthy!
  • Check if you know at least enough about them so you can sue them when you have to!
  • Check if the provider is under a jurisdiction that will allow them to release your funds when you need them?
  • Check if the provider is taking security measures proportional to the amount of funds secured? If they have a million users and don’t use cold storage, that hot wallet is a million times more valuable for hackers to attack. A million times more effort will be taken by hackers to infiltrate their security systems.
The product cannot be independently verified. If the provider puts your funds at risk on purpose or by accident, you will probably not know about the issue before people start losing money. If the provider is more criminally inclined he might have collected all the backups of all the wallets, ready to be emptied at the press of a button. The product might have a formidable track record but out of distress or change in management turns out to be evil from some point on, with nobody outside ever knowing before it is too late.