We’re excited to announce that the latest version of Envoy – 1.0.8 – is now published on all your favorite mobile platforms! To download it, simply visit our download page or check for updates on your platform of choice.
Please note that there can be a significant lag from publishing to general availability due to Apple App Store and Google Play Store review policies and delays.
What’s changed
With version 1.0.8 of Envoy, we added in a new Tor status dialogue that informs you when there are Tor connectivity issues and allows you to quickly disable Tor temporarily if desired. We’ve also squashed a few bugs, updated BDK to the latest version, and improved scanning times with Passport from Envoy.
For more details on each of the changes, keep reading below!
New Features
Added a new Tor dialogue when there are Tor connectivity issues
We value your privacy very highly, and as such we have always defaulted Envoy to using Tor, an anonymity network, to prevent even us from being able to learn information about you. Unfortunately, Tor has been undergoing a serious attack for the last several months, severely impacting user experience when using Tor.
This new Tor dialogue detects when there are Tor issues (after automatically trying to reconnect multiple times) and allows you to temporarily disable Tor directly from the dialogue until the next time you open Envoy.
For more on our usage of Tor, the current issues, and the trade-offs inherent in choosing to disable it, visit our docs page on the topic.
Envoy’s new Tor toast message and dialogue
Improvements
Reduce PSBT size (and thus QR size) in Envoy, improving scan times on Passport significantly
Keep an eye out for Passport firmware v2.0.5 which will even further decrease scan times across the board!
Show the address itself under the QR code when verifying addresses between Passport and Envoy
Add a dedicated paste button next to the address field
Allows you to quickly paste addresses into the address field without relying on the OS’s paste function
Better handling when the back button is pressed in Android
Increase the number of addresses that Envoy will query for balances to better handle some advanced uses cases
Improve all Envoy dialogue pop-ups to make it clearer when action is necessary
Make connectivity indicator shield pulse red when a custom Electrum server is set and unreachable/unresponsive
Limit account name length to 20
Bug Fixes
Properly warn when Envoy is unable to fetch firmware and show current version
Correct ordering of notifications on the activity screen
Correct hyperlink to more info on firmware in the firmware update flow
Redraw account and accounts cards when the exchange rate changes to properly show fiat balance
Use hostname instead of IP address for default testnet Electrum server
Verifying Envoy on Android
If you’d like to take the optional additional step of verifying Envoy binaries on Android, follow our guide: Verifying Envoy on Android
Envoy version 1.0.7 is now live!
We’re excited to announce that the latest version of Envoy – 1.0.7 – is now live on all your favorite mobile platforms! To download it, simply visit our download page or check for updates on your platform of choice.
What’s changed
With version 1.0.7 of Envoy, we added in a firmware update button to simplify the process of installing firmware updates after you’ve initially setup your Passport, squashed some pesky bugs, and overhauled our app to the latest Flutter release.
For more details on each of the changes, keep reading below!
New Features
Added a firmware update button to the home screen card for Passport
Now you can force a firmware update anytime, anywhere for your Passport device straight from Envoy’s home screen
Fix certain transactions not showing in activity screen
Verifying Envoy on Android
If you’d like to take the optional additional step of verifying Envoy binaries on Android, follow our guide: Verifying Envoy on Android
Verifying Envoy on Android
One of the core tenets we live by here at Foundation is that of “don’t trust, verify.” We’ve long had a detailed guide available for verifying and updating the firmware on Passport in a secure way, but we want to expand on that by empowering users to more easily validate Envoy on Android. In this guide we’ll walk through the “why” and “how” of verifying the APK file (the raw binaries that Android uses for manually installing applications) with both simple hash verification and full PGP signature validation to ensure that the app you install is exactly what we published and has not been tampered with in any way.
Why is verification important?
While the Google Play Store and Apple App Store provide a secure centralized method to distribute apps, control over the published application ends up in the hands of Google and Apple, respectively. Because of these centralized “walled gardens,” the ability for end users to verify that the applications they are installing are exactly what the developers publish is minimized, and trust is placed in the app store provider.
When downloading the APK directly from Github, however, we unlock the ability to provide additional guarantees that the application you’re installing is exactly what we at Foundation have made and that it has not been tampered with along the way. Because we’re focused on securely storing and spending Bitcoin with Passport and Envoy, many users understandably want to take as many steps as possible to ensure that their funds are safe against even advanced attacks.
When downloading binaries directly (essentially what an APK file is), even from websites you’d normally trust like Github, you’re placing trust in the source of that binary to match the source code you expect. Verifying the zipped (or compressed) APK file we publish on Github prevents Github (or a malicious attacker somehow injecting themselves between you and Github’s servers!) from being able to tamper with the Envoy APK without being detected. This verification process does require some extra work but can provide additional peace of mind to users of Envoy while reducing trust in third-parties.
Let’s look at how exactly we can perform this verification on Android itself.
Simple hash verification
While full verification via PGP keys is more secure, simple hash verification is very easy and faster to perform while still giving some security guarantees against more trivial man-in-the-middle attacks. A hash of a file is a fixed-length string that uniquely represents a given file, where changing even a single bit of the file would result in an entirely different hash. As a given input file can only have a single hash, comparing the expected hash against the downloaded file ensures that not even a single bit in the file has been changed or corrupted.
Download and install “DeadHash” via the Google Play Store or F-Droid
This SHA-256 hash (the same hashing algorithm used for Bitcoin mining!) is a way to represent the file in a way that cannot be falsified
Open DeadHash and select the folder icon to choose the Envoy APK zip file
Select the downloaded APK zip file, i.e. envoy-apk-1.0.7-18.zip
Paste the hash you copied into the “Compare” field
Press “Calculate”
Ensure that the SHA-256 hash validates and gives you a nice green check-mark
All of the hashing algorithms except for SHA-256 should show a red X, as we’ve only provided the SHA-256 hash
If you get a red X for all hashes, including SHA-256, stop immediately and reach out to us at hello@foundationdevices.com! If it does match, you’re all set.
DeadHash giving a successful hash check
Fully verifying Envoy via PGP
While more involved than simple hash verification, taking the time to validate our PGP key and signatures ensures that as many threats as possible are mitigated. When you validate the PGP keys and signatures of Envoy, you ensure that only a successful attack would require both the PGP private keys and control over our Github account(s). This verification also entirely mitigates the risk, however minor, of Github themselves tampering with the APK.
Getting setup
Before we get started, you’ll need to download and install a separate app on your Android device to enable you to validate the PGP key used to sign the Envoy zip file, and then import the Envoy signing key. For each of the steps below with commands (i.e. pkg install wget gnupg -y), simply copy and paste these into Termux and hit enter.
You should see output including “Good signature from ‘Igor Cota <igor@openbook.hr>‘” in a line of the output from this step
This step ensures that the GPG key we publish was the one used to sign the envoy-manifest.txt file, and that the file has not been tampered with in any way
This step compares the hash for the APK zip in the envoy-manifest.txt file that we’ve verified via PGP with the SHA-256 hash of the actual APK zip file we’ve downloaded, ensuring no tampering or corruption has happened
If the output says something like envoy-apk-1.0.7-18.zip: OK, you’ve successfully verified the binary and can go ahead and install with added peace of mind
Note that the file name will change with each release, but you should always get the “OK” at the end!
Congratulations on successfully verifying Envoy! These steps are certainly going above and beyond, but keeping with the “don’t trust, verify” mantra is one that always pays off. If you’d like to read more about the PGP or simple hash verification process, you can take a look at the following links:
