Crypto Friendly Jurisdiction for Apple Developer Account Registration

Start the discussion of crypto friendly jurisdictions to form an entity to create an Apple Developer Account to follow up from the post started here:

Let’s start with a simple task: notarize Syrius for MacOS. It requires only an Apple developer account to manage certificates and it’s free.

I’ll research and post updates here.

Costa Rica
British Virgin Islands

1 Like

I would add the following:


  • Estonia
  • Lithuania
  • Malta
  • Luxembourg
  • Liechtenstein
  • Gibraltar


  • Japan
  • Hong Kong
  • Singapore

Adding this image here too

These articles might be worth a read for context:

I understand the immediate need is just to notarize some code in the AppStore, but I think it will be worth it to consider the entity thinking about future needs that might arise later on for our Network.

Any updates here? One of the other important items needed for registration will be a ToS + Privacy Policy.

Dug up a few that are hosting similar apps:

Consensys (Metamask) ToS: Terms of Use | ConsenSys
Consensys (Metamask) Privacy Policy: Privacy Policy | ConsenSys

Phantom (Solana Wallet) ToS: Terms of Service | Phantom
Phantom Privacy Policy: Privacy Policy | Phantom

Trust Wallet ToS: Terms Of Service | Trust Wallet
Trust Wallet Privacy Policy: Privacy Policy | Trust Wallet

Strike (BTC payments) ToS: Terms of service
Strike Privacy Policy: Privacy

Casa (BTC storage) ToS: Terms of Service
Casa Privacy Policy: Privacy and Data Policy | Casa

Ya, I’ve been digging through stuff. Here is my general conclusion.

  1. Setting up a DAO for pillars is a nonstarter. Few if any will participate
  2. For me, setting up an entity in a foreign land will be a mistake. I don’t do any international business and have no idea how to setup the entities, how to tax and report them. I would need to hire an atty to advise me and that is a waste of money. Then I need to hire a tax professional who does international returns. More wasted time and money.
  3. It’s possible I setup a foreign entity and lose protection b/ I’m operating out of the US.
  4. The only option for me is to setup a WY LLC. I would prefer to do it solo so it’s a disregarded entity that does not file a tax return.

I’m going to setup this entity regardless of what others do. I would encourage other US citizens to setup a WY entity so they can also participate. It costs $150/y and you can keep your identity private but known to a registered agent.

The setup can be complete in a few days. That’s where I’m at.

I think other international community members in crypto friendly jurisdictions should also create LLCs.


I haven’t done it but from what I’ve read setting up international for US citizens is very strict. You forget to file a form and consequences are pretty harsh.

If it’s all the same to you, just registered a Catawba DAO LLC entity a few days ago and have a pending DUNS number needed for App Store submission. It is a Zone I plan to work closer with anyways so can proceed accordingly to get this across the line with @aliencoder if that works.

Apps can also be transferred between entities so in the long-run I do think an ideal scenario is a Pillar-operated DAO LLC (whether it is Wyoming, Catawba, or elsewhere).

1 Like

Notarization is not the same as AppStore submission. For notarization, only an active Apple developer account is needed.

AppStore submission can be done later, for example when we have v0.1.0 ready.

awesome. you need a DUNS and a website for that entity in order to get a corporate Apple Developer Account. LMK if you need any help.


Just wanted to double check that you are working on the Corporate Dev Account for Apple. I’m working on the same so we have two options.

@angelo_a_jr do you need help with the website?

Just waiting on DUNS number, had to work with Catawba to make sure they were recognized but they were quick to respond. In correspondence with DUNS now to get it registered.

On a side note, how is the publishing entity going to be able to protect and absolve itself in the event of faulty or even malicious code.

Ideally this would be a distributed responsibility in the long-term not only to distribute risk for the entity but also adds more leverage to the network. Pillars as a DAO entity I do think is at least logically the best structure. Can abstract identities behind an LLC for each Pillar and each Pillar as a DAO actor.


This won’t happen for Apple software. They check your code (sometimes even manually) and if it’s susceptible to intrusions, they will reject the app. It will also get rejected if it doesn’t meet certain security standards.

1 Like

Respectfully, this is false. I can develop custom malware for NoM that will bypass their screening process.

I was referring to the example given in the link.

What are your thoughts on code review?

We say “Don’t trust. Verify.” but who’s actually doing this?

I didn’t exclude code audits for any piece of software, especially for software that will hold user funds (we don’t want to be the next AtomicWallet).

Okay, I’m glad you think it’s important, but I haven’t seen you answer the question with a solution.

We cannot and should not solely rely on Mr Kaine to protect the community.

That’s why having independent audits is a must.

What should be audited for a mobile app:

  • Seed generation (secure random) and import
  • Wallet derivation (derivation path)
  • Wallet encryption/decryption (keyStore)
  • Input sanitization for transaction signing
  • Seed screen screenshot/copy protection
  • Apps distribution

I found the audit of Zcash mobile apps.

Issues (high and medium severity) found that we should also look after:

  • Severity: High
    • (Exploitability: N/A) Seed phrase checksum is not validated in the Android app
    • (Exploitability: Likely Impossible) Seed generation timing may leak information about the seed
  • Severity: Medium
    • (Exploitability: Easy) Official looking text can be controlled through the memo field
    • (Exploitability: N/A) Seed phrase verification is not implemented or enforced
    • (Exploitability: Hard) Users are not informed that Crashlytics collects information
    • (Exploitability: Hard) Unspendable balance from extreme amounts of dust

Here is the IOTA wallet security audit.