The IRMA app allows users to receive and store digitally signed attributes from trusted issuers, after which they can be selectively disclosed to others. The app is essentially a GUI for the
irmaclient Go package, which implements the client relative to the IRMA server. It is available in the iOS and Android app stores and may also be compiled from source.
The IRMA app has a developer mode, which is disabled by default. It can be enabled by tapping 7 times on the version number at the bottom of the "About IRMA" screen, reachable from the side menu.
While developer mode is disabled (default), the IRMA app will:
- Block all HTTP connections that don't use TLS (i.e. the URL of the server must start with
https), in order to prevent attributes from being sent unencrypted over the internet.
- Block all HTTP connections to IRMA servers not running in
productionmode. Since the majority of the IRMA app users will not have developer mode enabled, this requires IRMA servers facing those users to enable
productionmode (which makes the IRMA server switch to safer default values for some of its configuration options).
Developer mode thus enables performing IRMA sessions with locally running IRMA servers, during development of an application using IRMA. After it has been enabled, a toggle will appear in the "Settings" screen with which it can be disabled again.
For normal users this feature is made difficult to discover by design, for their protection. On the other hand, developers will notice its existence as soon as they try to do an IRMA session with a locally running IRMA server, by the error message displayed by the app.
Use developer mode with care: when enabled, the IRMA app will not protect you from accidentally sending your attributes unencrypted over the internet.