·····
PandaX is a simple Ethereum wallet by the Chinese provider Linktimetech. It's reasonably newbie-proof in that it does its best to educate newcomers on wallet features and capabilities, but this quickly goes downhill when its Terms of Service reveal that all transactions go through their servers for transaction analysis rather than straight to the blockchain. As such, Linktimetech has the full authority to censor your transactions, report you to authorities, or possibly even steal your funds.
There is no way to visit a custom Web3 URL.
UX and Dapps
Although PandaX is advertised as a "dapp platform", the "dapps" it offers in its store are mainly simple non-Web3 websites and two dapps for which web3 support needs to be hardcoded into the app: KyberSwap and xDai. There is no way to visit a custom web3 URL. You can cheat the system and go through links via the supported dapps until you reach Google and then find your link that way, but the destination dapp will not have web3 injected.
In terms of user experience, it's hit and miss. The onboarding process is great with plenty of warnings and guided tutorials for newcomers, but the wallet setup process requires a password that has some obscure old-school rules about security (one symbol, one number, etc.) which makes most people pick very insecure passwords, as typing out complex hieroglyphs on a mobile keyword is awkward. Coupled with the lack of fingerprint authentication, and confirming transactions with PandaX quickly becomes a chore.
On the QR front, this application is abysmal in its support of standards and can only parse QR codes that are raw addresses. When given ethereum: prefixed QRs, it will produce an error.
There are some excellent features, however, like full ENS support, a super-fast multi-account switcher and a contact list built-in, so this app is rated as merely "UX lacking".
Multi-account Support
PandaX has an extremely easy to use account-switching feature. Accounts can be imported via phrase, keystore or key and will be added to a master list under one user. There is no way to individually secure the accounts. Account switching is instant and extremely well done, very good UX.
There is no support for non-standard derivation paths, so a user is stuck with the default m/44'/60'/0'/0/0.
Wallet export is supported but only to keystore and private key, so if the wallet was generated by phrase (Mnemonics), the assets on alternative derivation paths will remain inaccessible.
Transactions are shown per account, and each account can only have one Ethereum address.
A complete lack of customization - both in tokens and networks - makes it seem like they forgot about developers.
DX
Developer-experience is completely absent. There is no way to add custom tokens, instead one should pick from a long list of hardcoded ones. There is also no way to enter a custom network or chain ID, instead allowing the user the choice only between mainnet and the Ropsten testnet.
Security and safety
On the security front, the app supports Trezor hardware wallets, which is a rarity. This makes the wallet reasonably secure, but not safe, especially considering the terms of service claim that Linktimetech might ask users to KYC some time in the future. While we have not encountered this in our testing, it seems like it's an option and if utilized would be a fairly dangerous one ("KYC or we lock your funds").
The terms of service clearly explain that the developer doesn't store your private keys and that they are unrecoverable should the worst happen, but given that the app is closed source and we have to trust them at their word, the highest rating they can be given without an audit is "Risky".
On Android, PandaX updates itself via APKs rather than rely on an app store.
Other considerations
PandaX has an interesting approach to updating itself. Once installed from any source, it will check if there's a new binary available and offer to download it. However, on Android, it will do so via an APK, bypassing the app store. This is not inherently good or bad - it can go wrong if someone hijacks their update pipeline and it can go very right if the app store decides to ban them from the catalogue - but it's something to keep in mind.
Conclusion
PandaX is a very rudimentary no-dapps wallet with Chinese owners, which is something that will discourage most from using the app due to the East's propensity for censorship and control.
Add to that the closed source and non-audited nature of this app, its non-conformity to ethereum URI standards, and its downright strange Terms of Service, and the result is a not-too-appealing app with plenty of better alternatives, even when considering Panda's excellent account switcher, and hardware wallet support.