muun / apollo Goto Github PK

Muun Android wallet

License: MIT License

Java 39.19% Kotlin 30.18% Go 13.98% Shell 0.08% Python 0.03% Dockerfile 0.05% C 16.49%

apollo's Introduction

About

This is the source code repository for muun's android wallet. Muun is a non-custodial 2-of-2 multisig wallet with a special focus on security and ease of use.

Runtime requirements

Android version 4.4 (API level 19) or higher
Google Play services

Structure

The app follows the clean architecture pattern, and has three layers:

Data: handles the data backends, such as the database, the operating system, or the network.
Domain: contains the models and business logic (use cases in clean architecture lingo).
Presentation: contains the UI code.

There's also a pure java common module with code shared all over.

Build

For instructions on how to build Muun Wallet please refer to BUILD.md.

Auditing

Most of the key handling and transaction crafting operations happen in the common module.
All the keystore and data handling happens in the data layer.
All the business logic that decides when to sign what happens in the domain layer.
The presentation layer only depends on the domain layer, it never references data directly.

Responsible Disclosure

Send us an email to report any security related bugs or vulnerabilities at [email protected].

You can encrypt your email message using our public PGP key.

Public key fingerprint: 1299 28C1 E79F E011 6DA4 C80F 8DB7 FD0F 61E6 ED76

apollo's People

Contributors

Stargazers

Watchers

apollo's Issues

Use /bin/sh instead of /bin/bash if possible in scripts

The 2 scripts in ./tools/ directory use #!/bin/bash it's better to use #!/bin/sh instead if possible (to avoid bash dependency if not needed, script will work by running using other shells)

Wallet taking fees on failed txs

Hey guys, yesterday something weird happened to me and I wanted to know what it is.

I received a lightning payments of 480000 sats, then I tried to do two payments, the first one was 451817 sats payment, it failed, then another one of 420000 sats and that one failed again, the curious thing was that it subtracted me both fees, 200 from the first one and 263 from the second one, why this is happening? I attach screenshots, to see the sequence easily.

first payment that I tried to do failed

Second payment failed

Current balance

Optional description

Make the mandatory description field optional

Allow pay to reusable amp invoices

Since lnd 0.13 we can pay AMP invoices, this invoices can be static and paid multiple times, currently muun wallet allows to pay a amp invoice only one.

More info here: https://docs.lightning.engineering/lightning-network-tools/lnd/amp

Ability to set expiration time for lightning invoices to meet other apps needs

Hey guys! I was testing out a BTCPay Server refund feature, and I ran into an issue which is that BTCPay will only refund an invoice that has an expiration time of at least 1 day. This is problematic, because Muun's automatic lightning invoice expiration time is 24 hours from the moment it's created, and then of course immediately drops below that immediately.

I will contact BTCPay Server about this as well, I don't see why a refund that's set to be approved automatically should require such a relatively long expiration time.

In general it seems like an issue that could arise again as some places may require arbitrary amounts of time for expiration? Does it make any sense to make this time limit adjustable by the user? Will let you know what BTCPay team says...

Tor support?

It would be nice to support Tor, so the IP address isn't logged by peers/nodes/etc.

Before setting up the wallet, you'd be able to enable Tor, and it would work from within the wallet without needing a third party app like Orbot. (Phoenix wallet works this way).

Add Biometric Fingerprint Recognition

Would love to see an option for biometric fingerprint unlocking added to this wallet

enable wallet sync with koinly

is there an integration available for services such koinly.io app or maybe some workaround to enable wallet sync. sorry if this is not the proper place to ask

Froid

Is there a plan to offer the .apk or add it to the f-droid store?

Bigger buttons for the pin code and Biometric authentification

I found it kinda hard to hit the correct buttons on the screen when typing the pin code to unlock the wallet, also adding biomectric authentification coud be a nice adition sooner than later.

Keep up the good work!

phone i'm using: OnePlus 6t with OxygenOS 10.3.12

[Feature Request] Description for incoming payments

I'd love to have that option, and I think that's not that difficult. I get lost after some time trying to figure out where an incoming payment comes from.
Please keep the awesome work!

[FEATURE REQUEST] Ability to choose between PIN or password

Although Muun has a 3-attempts-policy for PIN unlocking, a 4-digit PIN has really low entropy. It would be nice instead of PIN to have a password to access the app. This way, if my phone is stolen, the chances of getting my bitcoin stolen as well will be lower.
I already know Muun staff has plans to implement a lock feature for stolen devices, but it would be also nice to have a second layer of security too by having a strong password.

translations

hi! loving your wallet features. i could get some resources in my company to contribute. we don't have mobile developers at the moment though. if you provide the skeleton for a portuguese translation i would be happy to have someone translate the strings

we should talk later about further cooperation. keep up the good work

Provide verifiable builds

A wallet application is something very sensitive. A careless maintainer catching a backdoor might be enough to have an APK infected, which can only be stopped by another team member who verifies the build. Of course the public scrutiny is the other reason you want your app to be verifiable.

I tried to verify the app but failed building it. My findings are in this review.

Enable gradle dependency verification

This is done by having ./gradle/verification-metadata.xml file, more information:
https://docs.gradle.org/current/userguide/dependency_verification.html

[Feature Request] Multiple distinct wallets in app

It would be helpful if Muun allowed users to have more than one Bitcoin wallet in the app, with the ability to name and switch between them, similar to Blue Wallet or others.

Question: Possible to have same wallet on two devices?

Hi,
Is it possible to have the same wallet on two devices? I realize the risks this implies, but just wondering if Muun supports this. Thanks.

Implement AOPP Support

The guys from Pocket Bitcoin made me aware of this discussion about AOPP: https://twitter.com/PocketBitcoin/status/1404947001435951106

AOPP (Address Ownership Proof Protocol) is a new, simple protocol that specifies the transmission of signed messages via a URI scheme: https://gitlab.com/aopp/address-ownership-proof-protocol

Providing proof of ownership over an address is required to withdrawal Bitcoin in some countries (Switzerland, the Netherlands (although this is not fully clear, Singapore, Germany (WIP), and soon more). It's a hassle to do that manually for the user and the exchange. AOPP heavily improves that. See aopp.group for more information about it.

Besides improving the UX for the user, there are two more benefits:

There is no need to copy & paste a Bitcoin address for the wallet to the exchange to withdraw. This prevents malware from replacing it in the clipboard (e.g. https://www.fortinet.com/blog/threat-research/vipersoftx-new-javascript-threat)
The wallet is aware that the user is withdrawing from an exchange (even which exchange) and with that can suggest other options, which might be better for his privacy, provide better fees or better technology (e.g. segwit support, etc.).

AOPP does not affect and is not even visible to users of exchanges who don't have AOPP (don't require ownership proof).

AOPP usually shouldn't be too hard to implement. BlueWallet implemented AOPP support in less than a day (BlueWallet/BlueWallet#2915). If you need any help we're happy to assist (here or in the Telegram group).

Besides our testing infrastructure (documented in https://gitlab.com/aopp/address-ownership-proof-protocol) you can also try AOPP with https://getbittr.com/ and pocketbitcoin.com/ without having to create an account with either of them.

Posible incompatibilidad con Lightning labs wallet

Me apareció este error cuando intenté enviar 10 SAT de prueba a esta wallet.

Build failures, how to compile the app in linux container?

Tried to build the latest commit and check if the build is reproducible & if not what the diff are.
Containerfile used is:

FROM frolvlad/alpine-glibc

RUN set -ex; \
    apk update; \
    apk add --no-cache \
        openjdk8 \
        bash \
        git \
        go; \
    adduser -D appuser;

USER appuser

ENV ANDROID_SDK_ROOT="/app/sdk" \
    ANDROID_HOME="/app/sdk"

COPY --chown=appuser:root . /app/munn/

RUN set -ex; \
    ANDROID_SDK_LICENSES="${ANDROID_SDK_ROOT}/licenses"; \
    mkdir -p "${ANDROID_SDK_LICENSES}"; \
    printf "\n24333f8a63b6825ea9c5514f83c2829b004d1fee" > "${ANDROID_SDK_LICENSES}/android-sdk-license"; \
    cd /app/sdk/; \
    wget https://dl.google.com/android/repository/commandlinetools-linux-6858069_latest.zip; \
    unzip commandlinetools-linux-6858069_latest.zip; \
    rm commandlinetools-linux-6858069_latest.zip; \
    /app/sdk/cmdline-tools/bin/sdkmanager --sdk_root=/app/sdk/ --install "ndk-bundle"; \
    cd /app/munn/; \
    bash ./tools/bootstrap-gomobile.sh;

ENV PATH="$PATH:/home/appuser/go/bin" \
    ANDROID_NDK_HOME="/app/sdk/ndk/22.0.7026061/"
    
WORKDIR /app/munn/

Run:

git clone https://github.com/muun/apollo --depth 1
cd apollo

Add above Containerfile, Run:

podman build --rm -t munn_build_apk .
podman run --rm --name munn_built_apk -ti munn_build_apk

Then running ./tools/libwallet-android.sh result in error:

/tmp/go-build*****/****/exe/gomobile: open /app/munn/android/apollo/libs/libwallet.aar: no such file or directory
exit status 1

running: (from README.md) GO111MODULE=off go run golang.org/x/mobile/cmd/gomobile bind -target=android -o android/apollo/libs/libwallet.aar github.com/muun/muun/libwallet result in:

cannot find package "golang.org/x/mobile/cmd/gomobile" in any of:
/usr/lib/go/src/golang.org/x/mobile/cmd/gomobile (from $GOROOT)
/home/appuser/go/src/golang.org/x/mobile/cmd/gomobile (from $GOPATH)

So then running go get golang.org/x/mobile/cmd/gomobile and trying above command again, result in error:

/tmp/go-build*****/****/exe/gomobile: /home/appuser/go/bin/gobind -lang=go,java -outdir=/tmp/gomobile-work-612991822 github.com/muun/muun/libwallet failed: exit status 1
no exported names in the package "github.com/muun/muun/libwallet"
no exported names in the package "github.com/muun/muun/libwallet"
no exported names in the package "github.com/muun/muun/libwallet"
no exported names in the package "github.com/muun/muun/libwallet"

also running ./gradlew :android:apollo:assembleProdRelease result in error (from: #12)

Task 'assembleProdRelease' not found in project ':android:apollo'.

but running ./gradlew assembleRelease works, and fail with libwallet error:

* What went wrong:
Could not determine the dependencies of task ':android:apolloui:lintVitalLocalRelease'.
> Could not resolve all artifacts for configuration ':android:apolloui:developmentMinifiedRuntimeClasspath'.
   > Failed to transform libwallet.aar to match attributes {artifactType=jar}.
      > Execution failed for JetifyTransform: /app/munn/android/apollo/libs/libwallet.aar.
         > Failed to transform '/app/munn/android/apollo/libs/libwallet.aar' using Jetifier. Reason: /app/munn/android/apollo/libs/libwallet.aar (No such file or directory). (Run with --stacktrace for more details.)

What is needed in order to compile the app, can you publish a Containerfile/Dockerfile?

Back navigation

When pressing the back button from "Security"/"Settings" I expect to come back to the "Wallet" screen (or always the previous screen if a full navigation history is kept) instead of exiting the app.

Lightning Intent Handling

Can you support paying lightning invoices via a deep link/app link? It doesnt seem to support open links from external sources?

We have an android app that lets the user open external wallets with a link to the intent scheme:

lightning:

Here is a link to a video of it working with Eclair:

https://youtu.be/Vs1NBqm-DGc

I can confirm BlueWallet, Wallet of Satoshi, Zap and Breez also use this uri scheme.

Here's an example of a commit that BlueWallet did recently to fix their lightning url handle after it broke: BlueWallet/BlueWallet@cfd2c3d

Remove JCenter lines from build.gradle or at least specify what used by it directly

apollo/build.gradle

Line 7 in 71e044c

jcenter()

apollo/build.gradle

Line 30 in 71e044c

jcenter()

apollo/build.gradle

Line 52 in 71e044c

jcenter()

Jcenter service is closed (currently in read-only mode, no updates for packages will be made)
more details on needed migration:
https://developer.android.com/studio/build/jcenter-migration

and here content on how to migrate:
https://jeroenmols.com/blog/2021/02/04/migratingjcenter/

I also suggest to first fixing #26 which make easier to see all deps downloaded by gradle and thus locate the deps that need fixing (contact vendor, etc..) and what versions are used (thus the migration diff will show if dep downgraded in migration which is unlikely but possible if jcenter has newer version then in mavenCentral)

You can declare specific usages of jcenter like explained in https://jeroenmols.com/blog/2021/02/04/migratingjcenter/#consumed-dependencies-from-bintrayjcenter and like it's done for example in this PR of unstoppable wallet "Gradually migrate from jcenter to mavenCentral"
https://github.com/horizontalsystems/unstoppable-wallet-android/pull/3752/files

Publish apksigner output & remove not needed files in META-INF

In order to verify direct APK download from github-actions/google-play/(mirror/download)-websites the output from apksigner is needed.
see for example the verification section in aegis app:
https://github.com/beemdevelopment/Aegis#verification

Running apksigner (Command: apksigner verify --print-certs --verbose 45.apk) on muun apk downloaded from apkcomobo site:
https://apkcombo.com/en-il/muun-bitcoin-and-lightning-wallet/io.muun.apollo/download/apk
sha256sum: e8ed50e0499a6c96af84b69ee41ffd0ba9c1f50e9fe1133ec568cce0278a6bcf

Result:

Verifies
Verified using v1 scheme (JAR signing): true
Verified using v2 scheme (APK Signature Scheme v2): true
Verified using v3 scheme (APK Signature Scheme v3): true
Verified using v4 scheme (APK Signature Scheme v4): false
Verified for SourceStamp: false
Number of signers: 1
Signer #1 certificate DN: CN=Patricio, OU=muun, O=muun, L=Buenos Aires, ST=Unknown, C=AR
Signer #1 certificate SHA-256 digest: 026ae0ac859cc32adf2d4e7aa909daf902f40db0b4fe6138358026fd62836ad1
Signer #1 certificate SHA-1 digest: 67f100fe596b4b0e4f40312e41e1e74e4274e615
Signer #1 certificate MD5 digest: a1ba5818239b79235741597e8dbd59ee
Signer #1 key algorithm: RSA
Signer #1 key size (bits): 2048
Signer #1 public key SHA-256 digest: 5c90f8c82d9cb371cc3e1d55fcf1ebafd2661b9e394c6dc6b0882accd98a1dca
Signer #1 public key SHA-1 digest: 089fce8ee59791b7986d80d72b58d1a443714075
Signer #1 public key MD5 digest: 686362c9baafe0eaa4d9f07e71d352f8
WARNING: META-INF/INDEX.LIST not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/activity-ktx_release.kotlin_module not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.activity_activity-ktx.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.activity_activity.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.annotation_annotation-experimental.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.appcompat_appcompat-resources.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.appcompat_appcompat.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.arch.core_core-runtime.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.asynclayoutinflater_asynclayoutinflater.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.browser_browser.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.cardview_cardview.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.coordinatorlayout_coordinatorlayout.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.core_core-ktx.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.core_core.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.cursoradapter_cursoradapter.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.customview_customview.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.databinding_viewbinding.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.documentfile_documentfile.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.drawerlayout_drawerlayout.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.fragment_fragment-ktx.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.fragment_fragment.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.gridlayout_gridlayout.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.interpolator_interpolator.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.legacy_legacy-support-core-ui.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.legacy_legacy-support-core-utils.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.legacy_legacy-support-v4.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.lifecycle_lifecycle-extensions.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.lifecycle_lifecycle-livedata-core-ktx.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.lifecycle_lifecycle-livedata-core.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.lifecycle_lifecycle-livedata.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.lifecycle_lifecycle-process.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.lifecycle_lifecycle-runtime-ktx.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.lifecycle_lifecycle-runtime.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.lifecycle_lifecycle-service.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.lifecycle_lifecycle-viewmodel-ktx.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.lifecycle_lifecycle-viewmodel-savedstate.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.lifecycle_lifecycle-viewmodel.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.loader_loader.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.localbroadcastmanager_localbroadcastmanager.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.media_media.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.navigation_navigation-common-ktx.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.navigation_navigation-common.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.navigation_navigation-dynamic-features-fragment.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.navigation_navigation-dynamic-features-runtime.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.navigation_navigation-fragment-ktx.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.navigation_navigation-fragment.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.navigation_navigation-runtime-ktx.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.navigation_navigation-runtime.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.navigation_navigation-ui-ktx.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.navigation_navigation-ui.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.preference_preference.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.print_print.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.recyclerview_recyclerview.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.room_room-runtime.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.savedstate_savedstate.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.slidingpanelayout_slidingpanelayout.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.sqlite_sqlite-framework.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.sqlite_sqlite.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.swiperefreshlayout_swiperefreshlayout.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.transition_transition.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.vectordrawable_vectordrawable-animated.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.vectordrawable_vectordrawable.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.versionedparcelable_versionedparcelable.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.viewpager2_viewpager2.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.viewpager_viewpager.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.webkit_webkit.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.work_work-runtime.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/apollo_release.kotlin_module not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/apolloui_prodRelease.kotlin_module not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/balloon_release.kotlin_module not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/collection-ktx.kotlin_module not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/com.google.android.material_material.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/com.google.dagger_dagger.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/core-ktx_release.kotlin_module not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/fragment-ktx_release.kotlin_module not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/kotlin-stdlib-common.kotlin_module not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/kotlin-stdlib-jdk7.kotlin_module not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/kotlin-stdlib.kotlin_module not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/kotlinx-coroutines-android.kotlin_module not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/kotlinx-coroutines-core.kotlin_module not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/lifecycle-livedata-core-ktx_release.kotlin_module not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/lifecycle-runtime-ktx_release.kotlin_module not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/lifecycle-viewmodel-ktx_release.kotlin_module not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/navigation-common-ktx_release.kotlin_module not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/navigation-dynamic-features-fragment_release.kotlin_module not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/navigation-dynamic-features-runtime_release.kotlin_module not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/navigation-fragment-ktx_release.kotlin_module not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/navigation-runtime-ktx_release.kotlin_module not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/navigation-ui-ktx_release.kotlin_module not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/services/com.fasterxml.jackson.core.JsonFactory not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/services/com.fasterxml.jackson.core.ObjectCodec not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/services/com.fasterxml.jackson.databind.Module not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/services/java.security.Provider not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/services/javax.money.convert.g not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/services/javax.money.spi.CurrencyProviderSpi not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/services/javax.money.spi.RoundingProviderSpi not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/services/javax.money.spi.c not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/services/javax.money.spi.d not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/services/javax.money.spi.e not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/services/javax.money.spi.f not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/services/javax.money.spi.g not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/services/javax.money.spi.j not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/services/kotlinx.coroutines.CoroutineExceptionHandler not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/services/org.javamoney.moneta.spi.g not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/validation-configuration-1.0.xsd not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/validation-configuration-1.1.xsd not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/validation-mapping-1.0.xsd not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/validation-mapping-1.1.xsd not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.

All the files in WARNING should be removed or moved to other directory, when v1 verification is used (which is deprecated from 2016) the files in WARNING are not authenticated ("Unauthorized modifications to this JAR entry will not be detected.")

They probably should be removed, which can be done for example by adding exclude lines to packagingOptions option in build.gradle.

fix:

Remove not needed files in META-INF during build process
Publish apksigner output in verification section.

[feat]: External node or electrum server support

This would allow the user to connect to a Bitcoin node or Electrum server of their choosing, ideally using Tor - #21

Could you make it not reliable on Google services?

How can this wallet be self custodial?

How can I own the sats if I did not fund the channel? Who paid for the funding?

Couldn't find this information on the website

Lebanese Pound LBP

Hello, the Lebanese Pound is displayed at an incorrect rate. Due to hyperinflation, our FX rate is different from than officially announced one,

out community has built API to fix that, taking an average from 3 different sources to avoid manipulation

https://bitcoinduliban.org/api.php?key=lbpusd

Would greatly appreciate integrating this new rate.

UX suggestion

Hi, first of all congratulations to all the team, I started to use the wallet since you are a full LN wallet and I'm impressed.

I have a UX suggestion, it's not a bug but definitely I think it would give better UX to users with big fingers.

When I am going to send a payment I see this screen

I changed to SAT and I get this screen

As you can see the keyboard is not being showed, so by intuition I touched the number 0, but nothing happens, I touched again few times and I found out that you need to touch exactly between the 0 and the letters "SAT", then I get the keyboard.

I think for a better UX it would be great to show the keyboard, when the user touches the number or when the user changes the currency.

Add universal .apk file to github releases

Add universal .apk file to assets in github releases & add description of the release in:
https://github.com/muun/apollo/releases/

RBF support for on-chain sending

RBF support for on-chain sending would be nice. It has many practical use cases.

LNURL withdraw fails when amount is over 2,147,483 satoshi

I've been doing some testing because I noticed larger LNURL withdrawals where failing.
Is it possible that the amount in msatoshi is stored as an int32 somewhere?

Is there a changelog available ?

Reproducible builds ?

In the blog post https://blog.muun.com/muuns-new-open-source-model/ in February 1st, you wrote you are working on reproducible builds, is that something you are still working on ?

Send to invoices with no amount specified

Please add the possibility to pay invoices with no amount specified.

Show the number of confirmations beyond 6

I want to be able to see the full number of confirmations, not just 6+ after the sixth confirmation.
I took a quick glance at the code and I can see that it has a specific if statement not to show more than the arbitrary settlement value of 6. Why increase the code complexity to REDUCE the functionality?
Also if someone thinks that it increases the user friendliness, I would like to say that putting a plus after some number doesn't make it more user friendly both if the user knows what it means AND if the user doesn't know what it means.

Remove android.enableJetifier line from gradle.properties

apollo/gradle.properties

Line 9 in 590e59e

android.enableJetifier=true

See this guide for the steps to ensure it's safe to remove above line android.enableJetifier=true (check that all deps are already fully migrated to AndroidX, and migrate the ones still not migrated to it)
https://medium.com/dipien/say-bye-bye-to-android-jetifier-a7e0d388f5d6

Transacción stuck confirming

Hello!

I have a transacción stuck in "Confirming" for two days. I set the gas too low. What can I do now?

pura vida

add muun: scheme to sendflow schemes bitcoin: & lightning:

please add a muun: prefix additionally next to the current bitcoin: & lightning: schemes. Examples:

muun:lightning:{invoice}
&
muun:bitcoin:{address}?amount=

benefit over the current general deeplinks is that it will solely open the muun wallet, and won't have issues if there are more than 1 lightning: deeplink available on the device. This will overcome current issues IOS & Desktop has.

[Feature Request] Support for Lightning Address Protocol

Please consider implementing the lightning address protocol, to provide users a static address for receiving LN payments.
lightningaddress.com

It appears that Muun is one of the few LN wallets that doesn't yet have any support for this protocol.
https://github.com/andrerfneves/lightning-address/blob/master/README.md#wallets-supported

Funds stuck in the wallet

Guys, I've sent you an email about an issue with funds stuck in the wallet. But seems that you ignore it.
Recently I wanted to test your Muun wallet. But funny things happen.
1st intent:

I created a new wallet yesterday
a friend sent me a test of 100 sats on LN to my Muun. All OK
I sent those 100 sats to another of my LN wallets, with 0 fee (I couldn't believe it).
Then I deleted the wallet

2nd intent:

Then I recovered and old Muun wallet, created 2 months ago, to see how the recovery works. All OK
I sent from my node in 2 txs, through LN 150k sats. All OK received.
I wanted to send those sats to another LN wallet, all the balance at once.
o LNURL is NOT supported
o Payment invoice request from Phoenix without specific amount is not supported
o Payment invoice request from Phoenix wallet with amount is supported but is charging 75% fee ! This is insane
I wanted to send all balance to an onchain wallet:
o The fee is 25% - unacceptable in the conditions when the mempool is at medium level fees of 20sat/vB

I tried again to send just 50k sats to a Bluewallet invoice. No success after almost 1min waiting wheel, is getting an error (see attached images).

So now I am stuck. I can’t move those funds from Muun with a decent amount of fee.
Guys this is insane, how is possible that on LN I would pay 3 times the fee than onchain tx, for the same amount?
Please advise. Is there a way to import this wallet into Electrum?

Here attached some errors

Please fix build reproducibility

Your verification script claims

# Remove the signature since OSS users won't have Muuns private signing key

but then goes to remove all the content of META-INF and resources.arsc.

While the former is probably benign as META-INF content won't be executed or displayed in the app, removing resources.arsc from the diff is not ok.

As my review shows, the diff boils down to just one line in the strings.xml:

$ apktool d -o apkGoogle Muun\ 46.10\ \(io.muun.apollo\).apk 
$ apktool d -o apkBuild apolloui-prod-release-unsigned.apk
$ diff --brief --recursive apkBuild apkGoogle
Files apkBuild/apktool.yml and apkGoogle/apktool.yml differ
Only in apkGoogle/original/META-INF: APOLLORE.RSA
Only in apkGoogle/original/META-INF: APOLLORE.SF
Files apkBuild/original/META-INF/MANIFEST.MF and apkGoogle/original/META-INF/MANIFEST.MF differ
Files apkBuild/res/values/strings.xml and apkGoogle/res/values/strings.xml differ
$ diff apkBuild/res/values/strings.xml apkGoogle/res/values/strings.xml
77c77
<     <string name="com.crashlytics.android.build_id">e0c37a103082460fbf95f3c097222e61</string>
---
>     <string name="com.crashlytics.android.build_id">95a3152a98594e8ca1324bdefd26a5b9</string>

Crashlytics is a convenient library but also an increased attack surface and if their tools are not compatible with reproducible builds, then that's another reason for not using them.

Please fix reproducibility. I would really love to add Muun to the "reproducible" section at https://walletscrutiny.com/

LNURL payment support

Tried to send a lightning payment using a LNURL link, got this message in response - it tried to switch to receiving via lightning with an error message suggesting this is not allowed by the protocol.

Apparently other wallets do support this.

What is going on? Is this simply not implemented yet? I really like the interface and simplicity of this wallet, don't really want to switch to another. Thanks!

46.10 Fails Verification

I have successfully verified 46.7 running reproducible build on my machine. 46.10 has unfortunatelly badly failed verification. I have double checked I'm verifying against the correct source code commit (e4220f8) and that downloaded apk is 46.10 (610 versionCode). Many files are not matching what's on Play Store, including library .so and compiled code .dex files:

Binary files /tmp/tmp.pdDcRlqqM6/to_verify/AndroidManifest.xml and /tmp/tmp.pdDcRlqqM6/baseline/AndroidManifest.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/classes2.dex and /tmp/tmp.pdDcRlqqM6/baseline/classes2.dex differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/classes.dex and /tmp/tmp.pdDcRlqqM6/baseline/classes.dex differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/lib/arm64-v8a/libgojni.so and /tmp/tmp.pdDcRlqqM6/baseline/lib/arm64-v8a/libgojni.so differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/lib/armeabi-v7a/libgojni.so and /tmp/tmp.pdDcRlqqM6/baseline/lib/armeabi-v7a/libgojni.so differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/lib/x86/libgojni.so and /tmp/tmp.pdDcRlqqM6/baseline/lib/x86/libgojni.so differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/lib/x86_64/libgojni.so and /tmp/tmp.pdDcRlqqM6/baseline/lib/x86_64/libgojni.so differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/drawable/$avd_hide_password__0.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/drawable/$avd_hide_password__0.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/drawable/$avd_hide_password__1.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/drawable/$avd_hide_password__1.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/drawable/$avd_show_password__0.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/drawable/$avd_show_password__0.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/drawable/$avd_show_password__1.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/drawable/$avd_show_password__1.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/drawable/design_ic_visibility.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/drawable/design_ic_visibility.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout/accept_recovery_code_fragment.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout/accept_recovery_code_fragment.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout/activity_lnurl_intro.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout/activity_lnurl_intro.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout/activity_lnurl_withdraw_confirm.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout/activity_lnurl_withdraw_confirm.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout/activity_lnurl_withdraw.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout/activity_lnurl_withdraw.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout/activity_new_operation.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout/activity_new_operation.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout/activity_select_bitcoin_unit.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout/activity_select_bitcoin_unit.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout/activity_send.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout/activity_send.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout/dialog_welcome_to_muun.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout/dialog_welcome_to_muun.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout/dynamic_feature_install_fragment.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout/dynamic_feature_install_fragment.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout/edit_amount_item.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout/edit_amount_item.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout/edit_username_activity.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout/edit_username_activity.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout/error_fragment.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout/error_fragment.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout/expiration_time_item.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout/expiration_time_item.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout/feedback_activity.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout/feedback_activity.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout/first_on_muun_view.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout/first_on_muun_view.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout/fragment_ek_save.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout/fragment_ek_save.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout/fragment_export_keys_intro.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout/fragment_export_keys_intro.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout/fragment_home.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout/fragment_home.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout/fragment_rc_login_email_auth.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout/fragment_rc_login_email_auth.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout/fragment_rc_only_login.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout/fragment_rc_only_login.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout/fragment_recovery_tool.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout/fragment_recovery_tool.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout/fragment_security_center.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout/fragment_security_center.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout/fragment_settings.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout/fragment_settings.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout/fragment_setup_password_accept.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout/fragment_setup_password_accept.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout/fragment_setup_password_intro.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout/fragment_setup_password_intro.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout/fragment_setup_password_success.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout/fragment_setup_password_success.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout/fragment_show_qr_ln.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout/fragment_show_qr_ln.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout/fragment_show_qr.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout/fragment_show_qr.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout/fragment_verify_email.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout/fragment_verify_email.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout/home_operations_fragment.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout/home_operations_fragment.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout/landing_activity.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout/landing_activity.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout/lightning_settings_fragment.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout/lightning_settings_fragment.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout/login_email.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout/login_email.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout/manual_fee_input.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout/manual_fee_input.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout/manual_fee_selection_fragment.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout/manual_fee_selection_fragment.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout/mtrl_calendar_month_navigation.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout/mtrl_calendar_month_navigation.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout/mtrl_picker_actions.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout/mtrl_picker_actions.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout/mtrl_picker_header_fullscreen.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout/mtrl_picker_header_fullscreen.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout/muun_contact_list.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout/muun_contact_list.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout/muun_task_card.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout/muun_task_card.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout/muun_uri_input.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout/muun_uri_input.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout/muun_uri_paster.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout/muun_uri_paster.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout/new_operation_error_fragment.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout/new_operation_error_fragment.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout/old_password_fragment.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout/old_password_fragment.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout/operation_detail_activity.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout/operation_detail_activity.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout/priming_recovery_code_fragment.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout/priming_recovery_code_fragment.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout/recovery_code_fragment.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout/recovery_code_fragment.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout/scan_qr_activity.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout/scan_qr_activity.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout/security_logout_activity.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout/security_logout_activity.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout/set_up_pin_code.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout/set_up_pin_code.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout/show_recovery_code_fragment.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout/show_recovery_code_fragment.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout/signup_forgot_password_fragment.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout/signup_forgot_password_fragment.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout/signup_phone_number_fragment.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout/signup_phone_number_fragment.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout/signup_profile_fragment.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout/signup_profile_fragment.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout/signup_unlock_fragment.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout/signup_unlock_fragment.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout/signup_verification_fragment.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout/signup_verification_fragment.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout/signup_waiting_for_email_verification_fragment.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout/signup_waiting_for_email_verification_fragment.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout/sync_contacts_fragment.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout/sync_contacts_fragment.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout/verify_recovery_code_fragment.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout/verify_recovery_code_fragment.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout/view_muun_home_card.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout/view_muun_home_card.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout/view_new_home_tooltip.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout/view_new_home_tooltip.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout/v_item_currency.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout/v_item_currency.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout-land/fragment_settings.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout-land/fragment_settings.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout-land-v21/fragment_settings.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout-land-v21/fragment_settings.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout-v21/activity_lnurl_intro.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout-v21/activity_lnurl_intro.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout-v21/activity_lnurl_withdraw_confirm.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout-v21/activity_lnurl_withdraw_confirm.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout-v21/error_fragment.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout-v21/error_fragment.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout-v21/first_on_muun_view.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout-v21/first_on_muun_view.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout-v21/fragment_security_center.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout-v21/fragment_security_center.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout-v21/fragment_settings.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout-v21/fragment_settings.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout-v21/new_operation_error_fragment.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout-v21/new_operation_error_fragment.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout-v21/signup_verification_fragment.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout-v21/signup_verification_fragment.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/layout-v22/muun_uri_input.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/layout-v22/muun_uri_input.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/menu/activity_show_qr.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/menu/activity_show_qr.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/menu/home_activity.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/menu/home_activity.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/menu/menu_bottom_nav.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/menu/menu_bottom_nav.xml differ
Binary files /tmp/tmp.pdDcRlqqM6/to_verify/res/menu/select_currency_activity.xml and /tmp/tmp.pdDcRlqqM6/baseline/res/menu/select_currency_activity.xml differ
Verification failed :(

Option to auto-close Muun app after screen turns off

Not sure if Android allows an application to close after the screen turns off, but I would love to have that as an option, since I have children and I am frequently distracted by them, and when I turn my phone back on, the Muun app will show immediately.

It's behind a PIN but still, I have had a few instances where my son unlocks my phone, sees the Muun screen and immediately starts pressing numbers (which could potentially lock me out of Muun). Also, obviously this is not a big issue in safe countries but in some of the countries I travel to it might be better to just have the app close.

Loving Muun, amazing wallet! Viva Bitcoin. Saludos.

development roadmap etc

first the praise:

I really appreciate the effort you are putting into multi-sig and future-proofing portability via output-descriptors metadata. UX with a great usability/security trade off. IMHO the more of this the better.
The lightning stuff is awesome, your approach is working wonders for on boarding new users (myself included), will watch it evolve with excitement.

then the ask:

after adopting muun ive been reading your code to learn your development priorities/direction, but do you have a "planned features" roadmap of sort?
I wish you had more time so you could strengthen and further modernize muun (i.e. taproot, ux bips, etc), hence I'd like to float dart/flutter. I know it's a big one, but idk... maybe someday you want to do a desktop or web portal, it could be easier. i worry about swift/android shenanigans

Recovery Code input uses keyboard with autocompletion on and without privacy mode

While getting set up with Muun on Android and while typing (in order to verify it, as asked) the off-site backed up "Recovery Code", I noticed that my phone's keyboard was trying to autocomplete each string of 4 characters which means that it is storing it in memory for auto-completion in other contexts! Depending on the keyboard it is also usually sent online to some server for product optimisation!

Acceptance Criteria

Instead, the input field should have the necessary hints configured which the various android keyboards use to

disable autocompletion
request private mode (not sure about the term here, but I've seen some other apps do that, which give my keyboard a darker color and a "spy icon" overlayed)

muun uses its own natively implemented keyboard for input for maximum security. Some other apps (e.g. Enjin Wallet) do that

just checking, no bip39 seed phrase, correct?

Just making sure, there is no bip39 seed phrase with muun, correct?
muun/recovery#1

(Consider enabling github Discussions tab feature for nuub muun questions like this. :)

Missing sources for latest release 44.3 on google-play

The version in google-play is 44.3, Updated: February 26, 2021
https://play.google.com/store/apps/details?id=io.muun.apollo
while the latest commit in this repo is for previous version 44.2:
a506d13
Please improve your source publishing process, to publish it before the apk is uploaded to google-play.

Add MicroG as alternative to googlePlayServices & mention GAPPS in README requirements

The Runtime requirements in README shows:

apollo/README.md

Lines 7 to 10 in 97c44c7

 ## Runtime requirements 

 * Android version 4.4 (API level 19) or higher 

 * Google Play services

Google Play services which can contain more details such as:

Mention Open GAPPS https://opengapps.org/ a way to install google-play-services in case it not preinstalled on the device/OS, the pico variant should be enough/preferred (most minimal installation of GAPPS, details in: https://github.com/opengapps/opengapps/wiki/Package-Comparison)
MicroG is open-source replacement for GooglePlayServices https://microg.org/ Most likely only the installation of GmsCore (Services Core) is needed https://microg.org/download.html

	## Runtime requirements

	* Android version 4.4 (API level 19) or higher
	* Google Play services

muun / apollo Goto Github PK

apollo's Introduction

About

Runtime requirements

Structure

Build

Auditing

Responsible Disclosure

apollo's People

Contributors

Stargazers

Watchers

Forkers

apollo's Issues

Recommend Projects

Recommend Topics

Recommend Org

Jobs