Announcing our Early Access Rewards program

One of the powerful use-cases that Bitcoin unlocked with it’s peer-to-peer nature is the ability to incentivize and reward contributions without any middlemen or hoops to jump through. This movement has come to be known as “value4value,” and has provided an immensely powerful new tool for content creators, Nostr users, and now community members. Today we’re excited to unveil a new program implementing the value4value philosophy into our existing beta testing process — Early Access Rewards.

tl;dr — Be the first to report any reproducible issue for Passport or Envoy beta releases and get a 10k Satoshi bounty in Bitcoin per issue reported!

Early Access Rewards Highlights

The premise of the Early Access Rewards program is quite simple: contribute meaningful bug reports for Envoy or Passport releases while they’re in open beta, and get rewarded for each individual contribution. No middleman, no lengthy ToS, no Foundation login or account necessary.

How to participate:

  1. Test the beta releases for Passport firmware or Envoy app.
  2. Report issues on Github.
  3. All issues (the first time they are reported) are eligible for the 10k Satoshi reward.
  4. Foundation team members will validate the issues for eligibility.
  5. Rewards sent directly to your provided Bitcoin address or Lightning invoice.

Join Early Access Rewards today

Want to earn sats for your important contributions to our open-source projects? Simply join our beta testers Telegram room below and keep an eye out for beta release announcements. Once a release is announced, you can submit any issues you find via Github and earn 10k sats per validated issue.

Once you discover an issue with the beta release, submit it via Github using the following links with the “Bug Report” option. Note that this does require a Github account:

Join the community, help us improve, and get rewarded in Bitcoin for your valuable contributions! 🎉

The future of Early Access Rewards

We’re excited to see how well this program works to incentivize important feedback and contributions from our fantastic community, but we also have plans to expand the program in the future. We’re currently considering creating a hardware Early Access program to get our newest products in the hands of invaluable community members first, and top contributors to this Early Access Rewards program will be first in line.

We have multiple new products in the works, and we can’t wait to watch each of you help us to build and improve as we bring freedom tech to more and more people around the globe. As one of the top contributors to our Early Access Rewards program, you’ll get the chance to test our new products for free as a thank you for your contributions in exchange for feedback and bug reports.

The (not so) fine print

If you have more specific questions on how the program will work, you can read the detailed rules below. Have a question? Don’t hesitate to ask in the Telegram room or email us at hello@foundationdevices.com.

  1. Eligibility for Rewards: a. The first reporter of any reproducible issue for Passport or Envoy beta releases is eligible for a 10k Satoshi bounty, paid in Bitcoin. b. Issues must be reported only once, and once made public, they are no longer eligible for additional 10k Satoshi bounties.
  2. Reporting Process: a. All issues should be reported on Github in the appropriate repository:
  3. Reproducible Issues: a. Issues must be reproducible, meaning that Foundation team members can accurately recreate and validate the issue in the Envoy app or Passport firmware.
  4. Judgement and Reward: a. Foundation reserves the right to make the final judgment on whether issues are eligible for the 10k Satoshi reward. b. Once an issue is verified and confirmed as eligible, the reward will be sent to the reporter’s provided Bitcoin address or Lightning invoice.
  5. Rewards Distribution: a. The rewards will be distributed in Bitcoin (BTC). b. The amount of the reward will be 10,000 Satoshi for each eligible issue. c. All rewards will be paid out at the end of the beta period.
  6. Confidentiality: a. While issues will be made public upon reporting, beta testers should avoid sharing sensitive or personal information in public discussions about the issues.
  7. Compliance: a. All beta testers must comply with the rules and guidelines set by Foundation Devices during the beta testing period. b. Any violation of the rules may result in disqualification from the beta testing program and forfeiture of rewards.
  8. Changes to the Rules: a. Foundation Devices reserves the right to modify the rules or terminate the beta testing program at any time without prior notice.
  9. Disclaimer: a. Beta testers participate in the program at their own risk, and Foundation Devices shall not be liable for any damages or losses incurred during beta testing.

Envoy version 1.3.0 is now live!

We’re excited to announce that the latest version of Envoy1.3.0 – is now published on all your favorite mobile platforms! To download it, simply visit our download page or check for updates on your platform of choice.

Please note that there can be a lag from publishing to general availability due to Apple App Store and Google Play Store review policies and delays.

What’s changed

In this version of Envoy we’ve implemented the ability to redeem azte.co vouchers with a single QR scan in Envoy directly to your mobile wallet, added the ability to cycle through units by tapping on amounts, the ability to update Founder’s Edition devices directly from Envoy, and focused heavily on refining user experience for Envoy mobile wallet users.

With the release of our last major version of Envoy, we transformed Envoy into a standalone Bitcoin mobile wallet with powerful account management and privacy features in addition to its role as Passport companion app. With that came many new screens and features, so we’ve taken this release to focus on iterating and bringing many bug fixes and quality of life improvements for all our fantastic Envoy users.

As you may have noticed, we’ve skipped v1.2.0 and jumped straight to v1.3.0 as we realized we had too many important changes to be made during the beta period for v1.2.0. As a result this changelog includes all major changes introduced in v1.2.0 as well, so it’s extra long and extra exciting.

For more details on each of the changes, keep reading below!

New Features

  • You can now redeem azte.co vouchers directly in Envoy with just a few taps!
    • Getting those no-KYC sats directly from Azteco just got much easier, as you can simply scan an Azteco voucher QR code and sweep the funds directly into Envoy by scanning the QR code from any screen 😎
    • Azteco allows you to buy Bitcoin vouchers from your local corner store just like you’d top up a pre-paid phone plan. Buy with cash and get Bitcoin directly in your mobile wallet or cold storage for one of the fastest and most private ways to acquire Bitcoin out there.
  • Added the ability to cycle through units (fiat/BTC/sats) by tapping on the amount when building a transaction.
  • Those of you rocking Founder’s Edition devices can now update within Envoy, just like with our latest Passports!
  • Malaysian Ringgit added as supported currency – Hi Malaysia!! 🇲🇾

Improvements

  • Rearranging accounts has been completely rewritten and is now sexier and smoother than ever before! Organizing your accounts has never been so satisfying.
  • Added prompts to help users find features that could otherwise be hard to discover. These can be easily dismissed as you learn more about using Envoy.
  • Added a warning if Envoy’s mobile wallet contains more than $1000, reminding the user of the danger of keeping lots of funds on a mobile wallet.
  • Updated the look of the account cards, adding a bit more elegance and refinement.
  • Updated the way decimal units of fiat values are displayed when typed in the Send screen.
  • If you lose internet connectivity while on the go, Envoy will now update balances instantly without needing to refresh the app when connection is re-established.
  • Sent transactions will now displayed instantly, instead of waiting to hear from the Bitcoin node you are using in Envoy.
  • Improved how we display progress when scanning animated QR codes during the Passport connection flow.
  • Swapped the send and receive button locations to be more logical, and improved the appearance of the QR scanning button.
  • Improved the user experience when updating firmware for Passport via Envoy.
  • Improved the “Back up now” button user experience in Backup settings to give feedback and a status spinner while backing up.
  • Added additional contextual text and links when the accounts screen is empty.
  • Made it easier to distinguish when you’re using testnet accounts by using “tsats” and “TBTC” as the unit.
  • Added the ability to mute the explainer video for Magic Backups.
  • Improved the wallet deletion flow.
  • Improved the screens a user sees in failed states due to connectivity issues or restoration failures with Envoy backup files.
  • Improved handling when using Android’s native back button for getting out of Passport accounts.
  • Added the ability for users to save and manually share error logs with support if needed.
    • This error logging only happens locally and must be shared manually by the user to best preserve user privacy.
  • Sending amounts below a “dust” threshold will now show an error instead of having the “Continue” button become unresponsive.
  • Added explanatory texts when Testnet is enabled.
  • Other minor icon and text updates to make processes smoother and more understandable.

Bug Fixes

  • Fixed an issue preventing onboarding on iPhone SE.
  • Fixed an issue where importing Envoy mobile wallet from a QR code incorrectly said it failed when it actually succeeded.
  • Fixed minor copy and UI issues throughout the app.
  • Fixed how some screens in Envoy were handled on devices with small screens.
  • Fixed an issue where the audio for the Magic Backups explainer video could continue playing in the background even after the user closes it.
  • Fixed a minor issue with the “+” button disappearing in rare scenarios.
  • Fixed handling of very large amounts when using sats as the unit.
  • Properly refresh transaction list when the wallet syncs again after losing internet connectivity.
  • Fixed an issue where users could be shown the onboarding for a second time in rare scenarios.
  • Fixed a rare issue where updating an account name could fail.
  • Fixed an issue where reordering accounts could occasionally make them swap colors.
  • Fixed a minor issue where the user could type infinite zeroes after the satoshi unit in the send screen.
  • Fixed an issue where scanning an address would reset the amount on the screen if this was typed before the address was scanned.
  • Fixed an issue where a “not a valid address” banner would continue displaying for a long time after a dynamic QR code was scanned.
  • Fixed an issue where recovering from a seed that had never been backed up in Foundation servers could generate two identical hot wallets.
  • Fixed an issue where recovering from an invalid QR seed would crash Envoy.
  • Fixed a rare issue where while on certain pages, the shield chevron could be behind OS controls.

Verifying Envoy on Android

If you’d like to take the optional additional step of verifying Envoy binaries on Android, follow our guide: Verifying Envoy on Android

Announcing Envoy Wallet: Bitcoin Simplified

We’re thrilled to announce a groundbreaking release of Envoy, our mobile companion app for Passport. This new update transforms Envoy into a standalone Bitcoin mobile wallet with powerful account management and privacy features.

Envoy makes financial sovereignty more accessible than ever before and radically lowers the barriers to Bitcoin self custody.

Notably, Envoy Magic Backups take the pain and worry out of setting up and backing up a mobile wallet, allowing you to get up and running in 60 seconds and restore your wallet anytime, on any device, in just three taps. It’s time you experienced Bitcoin, simplified.

Read below to learn more, or dive right in and download Envoy now!

THE BEST OF BOTH WORLDS

With mobile wallet support in Envoy, the combination of Envoy + Passport empowers you to store your wealth in an ultra secure, intuitive hardware wallet while also spending Bitcoin on the go in just a few taps. Move funds back and forth between Envoy and Passport, make airgapped transactions, and access your spending and saving balances from anywhere – all in a single app!

Not a Passport owner? This update introduces full Bitcoin wallet functionality on your iOS or Android phone. Use Envoy to store and spend your Bitcoin with strong security, privacy via Tor, and a streamlined setup experience.

We are excited to bring our best-in-class design, intuitive and approachable user experience, and peace of mind to smartphone users across the globe – no Passport required.

WHAT IS A “MOBILE WALLET?”

In Bitcoin, the term “mobile wallet” refers to any wallet that keeps your keys on an internet-connected smartphone for easier spending and receiving of funds. While you should not keep your life savings in a mobile wallet, it provides easier access to a small amount of Bitcoin for spending, withdrawing from an exchange, and onboarding new users.

Envoy has traditionally been a “watch-only wallet” that connects to Passport, allowing you to view your balance and create transactions, but providing limited functionality when you are away from your hardware wallet. Now you can enjoy Envoy as a full-featured Bitcoin wallet on the go.

EXPERIENCE MAGIC BACKUPS

Envoy introduces a new seed-less onboarding experience called Magic Backups. While Envoy users can of course manually handle seed words if desired, we aimed to engineer a solution that enables 60-second onboarding and automatic encrypted backups of Envoy’s private key and application data (such as settings and labels), with a full restore taking just three taps.

Additionally, we wanted to ensure that Envoy does this without collecting any user data – no email address, no passwords, no IP address (when Tor is enabled) – no friction!

We expect Envoy Magic Backups will lead to a massive increase in self custody, with easier onboarding than you’d find at any Bitcoin exchange or custodian.

HERE’S HOW ENVOY MAGIC BACKUPS WORK

  1. Envoy generates a seed and stores it on your phone’s secure element.
  2. Since most users have iCloud Keychain or Android Auto Backup enabled, the seed is automatically synced to your other iOS or Android devices – fully end-to-end encrypted, without needing to give Envoy permission to access your iCloud or Google account. This encryption means that only you can access this data, not even Apple or Google.
    • Learn more about iCloud Keychain.
      • “iCloud protects your information with end-to-end encryption, which provides the highest level of data security. Your data is protected with a key that’s made from information unique to your device, and combined with your device passcode, which only you know. No one else can access or read this data, either in transit or storage.”
    • Learn more about Android Auto Backup.
      • “Android preserves app data by uploading it to the user’s Google Drive—where it’s protected by the user’s Google account credentials. The backup is end-to-end encrypted on devices running Android 9 or higher using the device’s pin, pattern, or password.”
  3. Envoy then creates a backup file containing your app settings, account labels, and other non-sensitive app data, so that Envoy can be restored to its exact previous state. This folder is end-to-end encrypted with your seed so that Foundation can never see the contents. We call this the Envoy Backup.
  4. The fully encrypted Envoy Backup is uploaded to Foundation’s servers, alongside a hash of the seed (a cryptographic representation of the seed that proves your knowledge of the seed, not the seed itself!) so that we can ensure no one else can attempt to download your backup without proving knowledge of your seed phrase.
  5. There is no Foundation user account, no email, no password – all you need is access to your iCloud or Google account.

RESTORING FROM MAGIC BACKUPS

If you lose your phone or delete the Envoy app, restoring your wallet takes only a few seconds with Magic Backups.

  1. Envoy checks the secure element on your phone and looks for the seed.
    • If it discovers a seed on the secure element, Envoy hashes the seed and sends the hash to our server.
      • This merely proves your knowledge of the seed and does not reveal your seed to Foundation in any way!
    • If it does not discover a seed, it accesses the encrypted backup from iCloud Keychain or Android Auto Backup and restores the seed to the secure element. Then Envoy hashes the seed and sends the hash to our server.
  2. Envoy then downloads the encrypted Envoy Backup from our servers.
  3. Envoy uses the seed to decrypt the Envoy Backup file locally (on your phone!) and restores all user settings, account labels, and other app data – so it’s like you never left.

OTHER NOTABLE CHANGES

We’ve also added the following features and improvements in this release:

  • Biometric/PIN authentication. Now you can protect your mobile wallet or Passport balances from prying eyes
  • Ability to swipe on accounts to hide balances while you’re on the go. For example, you can display your mobile wallet balance but hide your hardware wallet balance.

TRY ENVOY TODAY

We’ve released this new version of Envoy to all major platforms, so you can choose the method that suits you best below:

  1. If you’re on iOS, you can install Envoy from the App Store using the following link:
  2. For those on Android, you can either find Envoy in the Play Store, install via F-Droid, or download the app directly from Github (Envoy is fully open source!):
    • Play Store
    • F-Droid
    • GitHub
      • Download the APK titled “envoy-apk-1.1.3.apk” directly from the above link and install
      • As this APK is signed with our own keys instead of Google’s keys via the Play Store, if you’re using the Play Store version you’ll have to uninstall Envoy first before installing the public beta

HOW CAN I GIVE FEEDBACK OR GET SUPPORT?

As you use Envoy as a mobile wallet, we’d love to hear from you – every issue, bug, or favorite feature! There are three main places you can go to give us feedback or get help with Envoy:

  1. We have a standalone Telegram channel for our community that you can join and give feedback or get support
  2. You can email us
  3. You can direct message us on Twitter

WHAT’S NEXT

The release of Envoy as a mobile wallet paves the way for a range of roadmap items we’ve been planning for some time, and we can’t wait to build on this strong foundation of simplified Bitcoin usage. Next you’ll be able to jump in the 🌀 with thousands of other Bitcoiners, become a 🤖, or ⚡ your way to a cup of coffee — all within Envoy!

We’re excited to release the next piece of your financial sovereignty toolkit to the masses and onboard a wave of Bitcoiners to self-custody, privacy, and financial sovereignty sat by sat.

Now back to building.

Envoy Wallet open beta

We’re thrilled to announce a major new open beta of Envoy, our mobile Bitcoin wallet and companion app for Passport. With this open beta we’re greatly expanding what Envoy is capable of, making it a feature-rich Bitcoin hot wallet in addition to its existing role as a watch-only wallet and management app for Passport. Hot wallet support in Envoy opens up financial sovereignty through our tools to many more users and lays the groundwork for other privacy and security features we’re building behind the scenes.

The best of both worlds

Bringing hot wallet support to Envoy makes the pairing of Envoy + Passport the best of both worlds, allowing you to store your wealth in a highly-secure and yet easy-to-use package with Passport while also spending your Bitcoin on the go with just a few taps in Envoy. You’ll be able to easily move funds back and forth between your hot wallet and Passport, make transactions, and view your hot and cold balances from anywhere – all from a single app!

Not a Passport owner? This update brings you full Bitcoin wallet functionality without ever needing to purchase Passport. You can use Envoy to store and spend your Bitcoin across iOS and Android with strong security, simple privacy via Tor, and a new and uniquely approachable onboarding experience. We don’t want to limit financial sovereignty to only those who can purchase a Passport, so Envoy as a hot wallet is our way to bring our best-in-class design, intuitive and approachable UI and UX, and peace of mind to smartphone users across the globe.

What is a “hot wallet?”

In Bitcoin, the term “hot wallet” refers to any wallet that keeps your keys on an internet-connected device for easier spending and receiving of funds. While you don’t want to keep your life savings in a hot wallet, it provides much easier access to a bit of Bitcoin for spending, tipping, and onboarding new users.

Envoy has traditionally been a “watch-only wallet” that connects to Passport, allowing you to view your balance and create transactions, but providing limited functionality when you are away from your hardware wallet. Now you can enjoy Envoy not just as a companion app for Passport, but also as a fully-featured standalone Bitcoin wallet on the go.

Backups, simplified

Notably, Envoy Wallet introduces a new seedless onboarding experience we call Envoy Auto-Backup. While Envoy users can of course manually handle seed words if desired, we aimed to engineer a solution that enables 60-second onboarding and automatic backups of Envoy’s private key and application data (such as settings and labels).

Additionally, we wanted to ensure that Envoy does this without collecting any user data – no email address, no passwords, no IP address if Tor is enabled – no friction! We hope Envoy Auto-Backup will lead to a massive increase in self custody, with easier onboarding than even an exchange.

Here’s how Envoy Auto-Backup works

  1. Envoy generates a seed and stores it on your phone’s secure element.
  2. Since most users have iCloud Keychain or Android Auto-Backup enabled, the seed is automatically synced to your other iOS or Android devices – fully end-to-end encrypted, without needing to give Envoy permission to access your iCloud or Google account.
    • Learn more about iCloud Keychain.
      • “iCloud protects your information with end-to-end encryption, which provides the highest level of data security. Your data is protected with a key that’s made from information unique to your device, and combined with your device passcode, which only you know. No one else can access or read this data, either in transit or storage.”
    • Learn more about Android Auto-Backup.
      • “Android preserves app data by uploading it to the user’s Google Drive—where it’s protected by the user’s Google account credentials. The backup is end-to-end encrypted on devices running Android 9 or higher using the device’s pin, pattern, or password.”
  3. Envoy then creates a backup folder containing your app settings, account labels, and other non-sensitive app data, making sure that restoring Envoy back to its perfect state for you is a breeze. This folder is end-to-end encrypted with your seed, meaning Foundation can never see the contents. We call this the Envoy Backup.
  4. The fully encrypted Envoy Backup is uploaded to Foundation’s servers, alongside a hash of the seed (a cryptographic representation of the seed that proves your knowledge of the seed, not the seed itself!) so that we can ensure no one else can attempt to download your backup without proving knowledge of your seed phrase.
  5. There is no Foundation user account – all you need is access to your Apple or Google account and you’re all set.

Restoring from Envoy Auto-Backup

If you lose your phone or delete the Envoy app, restoring your Envoy Wallet takes only a few seconds with Auto-Backup.

  1. Envoy checks the secure element on your phone and looks for the seed.
    • If it discovers a seed on the secure element, Envoy hashes the seed and sends the hash to our server.
      • This merely proves your knowledge of the seed and does not reveal your seed to Foundation in any way!
    • If it does not discover a seed, it downloads the encrypted seed backup from Apple or Google and restores the seed to the secure element. Then Envoy hashes the seed and sends the hash to our server.
  2. Envoy then downloads the encrypted envoy backup from our servers.
  3. Envoy uses the seed to decrypt the Envoy Backup file locally and restores all user settings, account labels, and other app data, so it’s like you never left.

Other notable changes

We’ve also added the following features and improvements along with the fully functional hot wallet in v1.1.0:

  • Added bio-metric/PIN authentication for Envoy
    • Now you can protect your hot wallet or Passport balance from prying eyes
  • Added the ability to swipe on accounts to hide balances while you’re on the go
  • Implemented screenshot protection to prevent screenshots of sensitive screens in Envoy
  • Bumped the integrated Tor version to 0.4.7.10
  • Bumped Flutter SDK version to 3.7.7
  • Improved firmware update flow for Android to better account for slow file transfers
    • Some users experienced issues writing the firmware to microSD in the time we set for Envoy, so we’ve better handled those edge cases in this release

Current gaps

  • Passphrase wallets are not currently supported.
    • We do plan on supporting passphrases with the public release, but are currently working on implementing a smooth user experience around passphrases and how they interact with the auto-backup feature.
  • Deleting only the hot wallet is not currently possible.
    • You can still reset the app by uninstalling/reinstalling or clearing app data, but please note that this will currently reset the entire app, including Passport accounts etc.

What is a “public beta?”

As this is a major overhaul of Envoy from the ground up, we’re launching hot wallet support first as a public beta to let our awesome community test drive it. When you join the public beta you get to be the first to try out hot wallet support, help drive new features and improvements via feedback directly to our team, and make your mark on what we’re building to empower the next phase of financial sovereignty.

As this is a public beta, we expect that you’ll run into some minor issues and bugs as we work through them together, but we’ve worked hard to make it a complete and usable wallet from the moment the beta launches.

How can I get access to the beta?

We’ve pushed the beta version of Envoy to all of our normal channels as a separate beta release, so you can join one of three ways:

  1. If you’re on iOS, you can join our TestFlight program at the following link:
  2. For those on Android, you can either join the beta in the Play Store or download the APK directly from Github:
    • Play Store
    • GitHub
      • Download the APK titled “envoy-apk-1.1.0-beta.zip” directly from the above link, extract it, and install
      • As this APK is signed with our own keys instead of Google’s keys via the Play Store, if you’re using the Play Store version you’ll have to uninstall Envoy first before installing the public beta

How can I give feedback?

As you use Envoy as a hot wallet, we’d love to hear from you – every issue, bug, or favorite feature that you love! The more feedback we get during the public beta, the bigger impact you can have in the direction we take with Envoy and the better app we can launch to the rest of Envoy’s users down the road. There are three main places you can go to give us feedback:

  1. We have a standalone Telegram channel for live feedback and discussion of beta releases to keep the main channel uncluttered for our other community members
    1. Foundation Beta Telegram Channel
  2. You can email us
    1. hello@foundationdevices.com
  3. You can direct message us on Twitter
    1. Direct message @FOUNDATIONdvcs

What’s next

Our goal with this public beta is to flush out any remaining bugs or UX quirks so we’ll run the public beta for around two weeks. Throughout the public beta period we’ll push new releases as necessary to allow you to test updates and bug fixes as we go, and then at the end of the beta period we’ll launch Envoy as a hot wallet for every Envoy user across all platforms.

We’re excited to get the next piece of your financial sovereignty toolkit out to the masses and onboard a wave of Bitcoiners to complete self-custody, privacy, and financial sovereignty sat by sat.

Envoy version 1.0.8 is now live!

We’re excited to announce that the latest version of Envoy 1.0.8 – is now published on all your favorite mobile platforms! To download it, simply visit our download page or check for updates on your platform of choice.

Please note that there can be a significant lag from publishing to general availability due to Apple App Store and Google Play Store review policies and delays.

What’s changed

With version 1.0.8 of Envoy, we added in a new Tor status dialogue that informs you when there are Tor connectivity issues and allows you to quickly disable Tor temporarily if desired. We’ve also squashed a few bugs, updated BDK to the latest version, and improved scanning times with Passport from Envoy.

For more details on each of the changes, keep reading below!

New Features

  • Added a new Tor dialogue when there are Tor connectivity issues
    • We value your privacy very highly, and as such we have always defaulted Envoy to using Tor, an anonymity network, to prevent even us from being able to learn information about you. Unfortunately, Tor has been undergoing a serious attack for the last several months, severely impacting user experience when using Tor.
    • This new Tor dialogue detects when there are Tor issues (after automatically trying to reconnect multiple times) and allows you to temporarily disable Tor directly from the dialogue until the next time you open Envoy.
    • For more on our usage of Tor, the current issues, and the trade-offs inherent in choosing to disable it, visit our docs page on the topic.
Envoy’s new Tor toast message and dialogue

Improvements

  • Reduce PSBT size (and thus QR size) in Envoy, improving scan times on Passport significantly
    • Keep an eye out for Passport firmware v2.0.5 which will even further decrease scan times across the board!
  • Update BDK to v0.24.0
    • For more on this release, see here.
  • Show the address itself under the QR code when verifying addresses between Passport and Envoy
  • Add a dedicated paste button next to the address field
    • Allows you to quickly paste addresses into the address field without relying on the OS’s paste function
  • Better handling when the back button is pressed in Android
  • Increase the number of addresses that Envoy will query for balances to better handle some advanced uses cases
  • Improve all Envoy dialogue pop-ups to make it clearer when action is necessary
  • Make connectivity indicator shield pulse red when a custom Electrum server is set and unreachable/unresponsive
  • Limit account name length to 20

Bug Fixes

  • Properly warn when Envoy is unable to fetch firmware and show current version
  • Correct ordering of notifications on the activity screen
  • Correct hyperlink to more info on firmware in the firmware update flow
  • Redraw account and accounts cards when the exchange rate changes to properly show fiat balance
  • Use hostname instead of IP address for default testnet Electrum server

Verifying Envoy on Android

If you’d like to take the optional additional step of verifying Envoy binaries on Android, follow our guide: Verifying Envoy on Android

Envoy version 1.0.7 is now live!

Envoy Release v1.0.7

We’re excited to announce that the latest version of Envoy 1.0.7 – is now live on all your favorite mobile platforms! To download it, simply visit our download page or check for updates on your platform of choice.

What’s changed

With version 1.0.7 of Envoy, we added in a firmware update button to simplify the process of installing firmware updates after you’ve initially setup your Passport, squashed some pesky bugs, and overhauled our app to the latest Flutter release.

For more details on each of the changes, keep reading below!

New Features

  • Added a firmware update button to the home screen card for Passport
    • Now you can force a firmware update anytime, anywhere for your Passport device straight from Envoy’s home screen
Envoy’s new firmware update button

Improvements

  • Upgrade to Flutter 3
    • While this may not be immediately visible from a user’s perspective, it helps us cut down on bugs and improve our release workflow
    • Flutter 3 also enables us to more easily bring desktop support for Envoy in the future across all platforms, including Windows, macOS, and even Linux!
  • Remove Google MLKit QR scanner
    • Removes a dependency on Google and an unwanted network call
  • Change Postmix account color for consistency with Passport

Bug Fixes

Verifying Envoy on Android

If you’d like to take the optional additional step of verifying Envoy binaries on Android, follow our guide: Verifying Envoy on Android

Verifying Envoy on Android

One of the core tenets we live by here at Foundation is that of “don’t trust, verify.” We’ve long had a detailed guide available for verifying and updating the firmware on Passport in a secure way, but we want to expand on that by empowering users to more easily validate Envoy on Android. In this guide we’ll walk through the “why” and “how” of verifying the APK file (the raw binaries that Android uses for manually installing applications) with both simple hash verification and full PGP signature validation to ensure that the app you install is exactly what we published and has not been tampered with in any way.

Why is verification important?

While the Google Play Store and Apple App Store provide a secure centralized method to distribute apps, control over the published application ends up in the hands of Google and Apple, respectively. Because of these centralized “walled gardens,” the ability for end users to verify that the applications they are installing are exactly what the developers publish is minimized, and trust is placed in the app store provider.

When downloading the APK directly from Github, however, we unlock the ability to provide additional guarantees that the application you’re installing is exactly what we at Foundation have made and that it has not been tampered with along the way. Because we’re focused on securely storing and spending Bitcoin with Passport and Envoy, many users understandably want to take as many steps as possible to ensure that their funds are safe against even advanced attacks.

When downloading binaries directly (essentially what an APK file is), even from websites you’d normally trust like Github, you’re placing trust in the source of that binary to match the source code you expect. Verifying the zipped (or compressed) APK file we publish on Github prevents Github (or a malicious attacker somehow injecting themselves between you and Github’s servers!) from being able to tamper with the Envoy APK without being detected. This verification process does require some extra work but can provide additional peace of mind to users of Envoy while reducing trust in third-parties.

Let’s look at how exactly we can perform this verification on Android itself.

Simple hash verification

While full verification via PGP keys is more secure, simple hash verification is very easy and faster to perform while still giving some security guarantees against more trivial man-in-the-middle attacks. A hash of a file is a fixed-length string that uniquely represents a given file, where changing even a single bit of the file would result in an entirely different hash. As a given input file can only have a single hash, comparing the expected hash against the downloaded file ensures that not even a single bit in the file has been changed or corrupted.

  1. Download and install “DeadHash” via the Google Play Store or F-Droid
  2. Copy the SHA-256 hash for the Envoy APK zip file from the Github release page
    • The hash will look something like this:
    • 08cc97450febd558a0f54d93b181f9a90
      ccf05662828977cb8277181ab86b126
  3. This SHA-256 hash (the same hashing algorithm used for Bitcoin mining!) is a way to represent the file in a way that cannot be falsified
  4. Open DeadHash and select the folder icon to choose the Envoy APK zip file
    • Select the downloaded APK zip file, i.e. envoy-apk-1.0.7-18.zip
  5. Paste the hash you copied into the “Compare” field
  6. Press “Calculate”
  7. Ensure that the SHA-256 hash validates and gives you a nice green check-mark
    • All of the hashing algorithms except for SHA-256 should show a red X, as we’ve only provided the SHA-256 hash
    • If you get a red X for all hashes, including SHA-256, stop immediately and reach out to us at hello@foundationdevices.com! If it does match, you’re all set.
DeadHash giving a successful hash check

Fully verifying Envoy via PGP

While more involved than simple hash verification, taking the time to validate our PGP key and signatures ensures that as many threats as possible are mitigated. When you validate the PGP keys and signatures of Envoy, you ensure that only a successful attack would require both the PGP private keys and control over our Github account(s). This verification also entirely mitigates the risk, however minor, of Github themselves tampering with the APK.

Getting setup

Before we get started, you’ll need to download and install a separate app on your Android device to enable you to validate the PGP key used to sign the Envoy zip file, and then import the Envoy signing key. For each of the steps below with commands (i.e. pkg install wget gnupg -y), simply copy and paste these into Termux and hit enter.

  1. Install the Termux app from Github or F-Droid
  2. Open Termux and install the required packages
    • pkg install wget gnupg -y
  3. Download the Envoy signing PGP key
    • wget --quiet https://docs.foundationdevices.com/envoy_key.pgp
  4. Download the Envoy APK file, manifest file, and PGP signature file
    • Replace the links below with those from the latest release!
    • wget --quiet https://github.com/Foundation-Devices/envoy/releases/download/v1.0.7/envoy-apk-1.0.7-18.zip
      wget --quiet https://github.com/Foundation-Devices/envoy/releases/download/v1.0.7/envoy-manifest.txt
      wget --quiet https://github.com/Foundation-Devices/envoy/releases/download/v1.0.7/envoy-manifest.txt.asc
Successful prep steps

verifying Envoy

  1. Import the Envoy signing PGP key
    • gpg --import envoy_key.pgp
    • Validate the key ID that is shown on the first or second line matches that on https://foundationdevices.com/pgp/ under “Envoy Signing Key”
      • i.e. “E8CE0DD2B5528043” (note that the key is not case sensitive)
    • If the key does NOT match, stop immediately and reach out to us at hello@foundationdevices.com! If it does match, proceed to step two below
    • This step imports the PGP key we publish on our website, allowing you to properly validate our PGP signature in the next step
  2. Verify the “envoy-manifest.txt” file is properly signed with our Envoy signing PGP key
    • gpg --verify envoy-manifest.txt.asc envoy-manifest.txt
    • You should see output including “Good signature from ‘Igor Cota <igor@openbook.hr>‘” in a line of the output from this step
    • This step ensures that the GPG key we publish was the one used to sign the envoy-manifest.txt file, and that the file has not been tampered with in any way
  3. Verify the Envoy APK zip file
    • echo "$(grep "envoy-apk" envoy-manifest.txt)" | sha256sum --check
    • This step compares the hash for the APK zip in the envoy-manifest.txt file that we’ve verified via PGP with the SHA-256 hash of the actual APK zip file we’ve downloaded, ensuring no tampering or corruption has happened
  4. If the output says something like envoy-apk-1.0.7-18.zip: OK, you’ve successfully verified the binary and can go ahead and install with added peace of mind
    • Note that the file name will change with each release, but you should always get the “OK” at the end!
    • If the output does NOT say “OK“, stop immediately and reach out to us at hello@foundationdevices.com!
Successful verification of Envoy via Termux

Conclusion

Congratulations on successfully verifying Envoy! These steps are certainly going above and beyond, but keeping with the “don’t trust, verify” mantra is one that always pays off. If you’d like to read more about the PGP or simple hash verification process, you can take a look at the following links:

Security

Resellers

Podcast

Jobs

Privacy

Warranty

Terms

PGP


© 2023 Foundation Devices, Inc.

Questions? hello@foundationdevices.com