Skip to main content

Tag: envoy

Magic Backups: How Do They Work?

Posted on July 10, 2025 - 11:20 am by

Losing access to a wallet or device doesn’t need to mean panic. We’ve built Magic Backups into both Envoy and Passport Prime to make backup and recovery seamless, without compromising on privacy. No accounts. No emails, and most importantly, no access to your seed or data by Foundation. Ever. Just strong encryption, smart design, and a bit of cryptographic magic.

Let’s walk through what makes our backups so Magic.

🔐 Magic Backups in Envoy

When you set up an Envoy mobile wallet, it generates a Bitcoin seed and stores it securely in your phone’s secure element, a hardware-protected environment isolated from apps and the operating system.

From there, Magic Backup kicks in behind the scenes to keep your wallet recoverable.

📁 What We Actually Store (and what we don’t)

When Magic Backup is enabled in Envoy, the app automatically creates a secure, encrypted backup of your wallet’s non-sensitive data, things like account labels and settings, so you can restore your wallet exactly how you left it. This backup is created and stored in a way that keeps your seed and personal information completely private.

Here’s exactly what happens when that backup is created:

  • Secure seed sync via Apple or Google

Most users have iCloud Keychain or Android Auto-Backup enabled. This means your encrypted seed, stored in the secure element, is automatically backed up across your devices, fully end-to-end encrypted by your operating system.

✅  Foundation never sees your iCloud or Google account, never sees your seed, and doesn’t need permission to back it up.

  • Encryption with your seed: Your Envoy settings, labels, and connected Passport accounts (if you have any) are encrypted using your mobile wallet seed as the encryption key. This means only someone with access to your seed can decrypt the backup.
  • Stored as a secure file: The encrypted backup file is uploaded to Foundation’s servers as a file of data. We have no access to the contents, no ability to decrypt it, and no knowledge of what’s inside.
  • Private identifier: To allow Envoy to retrieve your backup later, your encrypted metadata is stored alongside a SHA256 hash of your mobile wallet seed. This lets our server verify that a restore request is legitimate without ever knowing your actual seed.

🔄 Recovery in Seconds

If you ever lose your phone or reinstall Envoy, getting your wallet back is quick and effortless:

  1. Make sure you’re signed in to your Apple or Google account.
  2. Install Envoy and create a new mobile wallet.
  3. Set up with Magic Backups.
  4. Done, your wallet is automatically restored!

👩🏻‍💻 What’s Happening Behind the Scenes

Here’s how Magic Backup works in the background:

  1. Envoy checks the secure element on your phone to see if a mobile wallet seed already exists.
    a) If it finds one, it creates a SHA256 hash of the seed (like a digital fingerprint) and sends it to Foundation’s servers.
    b) This hash proves you know the seed, but doesn’t reveal the seed itself.
  2. If no seed is in the SE, Envoy checks your device’s iCloud Keychain or Android Auto-Backup and restores the seed to the secure element.
    a) It then hashes the newly restored seed and sends that hash to the server.
  3. Our server uses the hash to verify that the request is legitimate. If it matches a stored record, the server sends back your encrypted backup file.
  4. Envoy then uses the seed it has stored on the phone to decrypt the backup file directly on your device, restoring your wallet settings, labels, and preferences, exactly how you left them.

🔐 Why It’s Secure

  • Your seed is never sent to our servers.
  • Your backup is encrypted before it ever leaves your phone.
  • We store only a blind, encrypted file and a hash, nothing identifiable.
  • Only you can decrypt your data, and only with your seed.

🎬 Ready to see the magic for yourself?

We’ve made setting up Magic Backups in Envoy as smooth as it gets, but seeing is believing.

Watch our step-by-step tutorial below and get set up in minutes.

 

🛡️ Magic Backups in Passport Prime

 

We’ve seen how Magic Backups in Envoy make recovering your mobile wallet effortless, with your seed secured by your device, backed up to your cloud and your settings backed up as an encrypted file.

Passport Prime takes that to a whole new level, as a personal security platform, it protects not only Bitcoin, but also 2FA credentials, encrypted files, security keys, extra seeds and more.

Magic Backups work differently here, and it’s important to note:

🔁 Passport Prime and Envoy each have their own separate Magic Backups.

  • Envoy Magic Backup secures your mobile wallet seed and app data.
  • Prime Magic Backup securely stores your Passport Prime app data and part of your Master key.
  • These are two distinct encrypted files, stored on the Foundation server.

🔐 How Your Master Key Is Secured with Passport Prime

When you set up Passport Prime, your Master key isn’t just stored in one place, and you’re never asked to write it down, but you can, of course, choose to do so by retrieving your seed words from the Backups screen.

By default, Prime uses a secure, privacy-preserving system called Shamir Secret Sharing to split your seed into three parts:

  • The first part is saved onto the NFC Keycard
  • The second part is saved onto the NFC Keycard
  • The third part is encrypted and securely stored on your phone’s secure element and backed up to iCloud Keychain, just like the Envoy seed

You only need any two of the three parts to fully recover your Master Key.

This approach gives you the redundancy to lose a card or your phone and still recover, without ever exposing your complete master key to a single location.

🧩 Envoy’s Role in Prime’s Recovery

When you set up Passport Prime, the device doesn’t just split your master key; it also prepares a secure backup of your Prime-specific app settings and data. These actions are initiated by Prime and securely transmitted to Envoy using QuantumLink our end-to-end encrypted Bluetooth tunnel.

Want to know how it works? Learn more about QuantumLink here.

Here’s how it works:

  • Prime creates a dedicated Prime Magic Backup file containing your app settings and data (like account labels and configuration data). This file does not contain your master key.
  • Prime also securely sends one of the three Shamir master key parts to Envoy as part of the 2-of-3 backup system.
  • The Magic Backup file is encrypted using a key derived from your master key in Prime (which is only reconstructed during recovery).
  • Prime sends the encrypted backup and associated metadata to Envoy via QuantumLink.
  • Envoy then uploads the encrypted file to Foundation’s servers, and includes a cryptographic hash of the master key, allowing the server to recognize the backup without learning anything sensitive.

🛑 Reminder: This backup is completely separate from the Magic Backup for your Envoy mobile wallet. Each product manages its own backup file, using its own encryption.

Just like with Envoy’s mobile wallet backups, the master key never leaves Passport Prime also:

  • Foundation can’t see your master key.
  • Foundation can’t see your data.

🔁 Restoring Passport Prime

If your Passport Prime is ever lost, reset, or replaced, recovery is quick without needing to re-enter your master key.

Here’s how it works:

  1. Power up a new Passport Prime and connect it to Envoy.
  2. Tap one of your NFC Keycards to the device.
  3. Passport Prime receives both the Keycard’s part and the part stored in Envoy, then reconstructs the master key locally on Prime.
  4. Prime then requests your Prime Magic Backup from Foundation’s servers via Envoy, using a cryptographic hash of the master key to identify it.
  5. Once received, Prime decrypts the backup locally, restoring your account labels and settings.

💡 If the part stored in Envoy is missing or unavailable, you can still recover your Prime wallet using both NFC Keycards. Passport Prime accepts any two of the three Shamir parts, even if one part is lost.

🔚 Bitcoin and Beyond.

Magic Backups were built with one goal in mind: to make backup and recovery easy, seamless, and so private that you never have to think about it, until you need it.

Whether you’re backing up Bitcoin on Envoy, or securing your 2FA credentials and sensitive data with Passport Prime, the process is the same:

  • Your data is encrypted before it ever leaves your device.
  • Foundation never sees your keys or your settings.
  • Recovery is in your hands, always.

Just simple, private, self-sovereign recovery, across your entire digital life.

Bitcoin, Simplified. Security, Upgraded.

 

Envoy version 1.8.6 is now available!

Posted on February 4, 2025 - 8:42 am by

We’re excited to announce that the latest version of Envoy—1.8.6—is now available on all your favorite mobile platforms! To download it, simply visit our download page or check for updates on your platform of choice.

Please note that there can be a significant lag from publishing to general availability due to Apple App Store and Google Play Store review policies and delays.

What’s changed

In Envoy v1.8.6, we’ve focused on small bug fixes to prepare the app for the upcoming Passport Prime integration.

For more details on each of the changes, keep reading below!

New Features

  • After several requests from customers, the “Buy” button is now fully removed from the main view if this option is disabled from settings.

Improvements

  • We updated the Support area of Envoy to remove the link to our now read-only Telegram channel, and included a link to our new community

  • The Bitcoin ATM map will now retrieve the information from OpenStreetMaps, allowing people to add new spots where bitcoin can be bought and see this reflected in Envoy. Open Source is the way!

Bug Fixes

  • Fixed an issue impacting some users where sometimes after deleting a hot wallet or a passport account Envoy could crash and could prevent some users form logging back in.

  • Fixed a rare bug where if the user deleted the Envoy app and reinstalled it later on, the seed could be displayed as “empty” even though the app recovered just fine.

  • Fixed a small bug where if no accounts were ever created nor paired, the Buy button was grayed out but still active.

  • Fixed a rare bug where under certain circumstances the destination address field could show as blank when reviewing a sending transaction.

  • Fixed a minor visual bug where one specific button under a niche scenario did not follow our design pattern.

  • Fixed a couple of minor vertical alignment issues in some texts and icons.

  • Smoothened a couple of transitions to make the UX a bit more fluid.

  • Fixed a minor visual issue where sometimes the amount of bitcoin would display as 0.0000000 instead of 0 in the send screen.

  • Fixed a small visual bug where scanning a BIP21 code with a defined amount wouldn’t fill all the trailing zeroes when the sending unit was Bitcoin.

  • Fixed a rare instance where the back arrow could be displayed twice under some menus.

Verifying Envoy on Android

If you’d like to take the optional additional step of verifying Envoy binaries on Android, follow our guide: Verifying Envoy on Android

Envoy version 1.8.5 is now available

Posted on November 27, 2024 - 9:12 am by

The latest version of Envoy1.8.5 – is now published on all your favorite mobile platforms! To download it, simply visit our download page or check for updates on your platform of choice.

Please note that there can be a significant lag from publishing to general availability due to Apple App Store and Google Play Store review policies and delays.

What’s changed

Envoy 1.8.5 is a small bug-fix release.

Bug Fixes

  • Fixed a rare issue where some iOS users weren’t able to see or select any fiat currencies after enabling the fiat toggle

  • Fixed an issue where some users might get stuck in the splash screen after a very specific set of steps were performed

Verifying Envoy on Android

If you’d like to take the optional additional step of verifying Envoy binaries on Android, follow our guide: Verifying Envoy on Android

Envoy version 1.8.4 is now available

Posted on October 30, 2024 - 6:07 am by

The latest version of Envoy1.8.4 – is now published on all your favorite mobile platforms! To download it, simply visit our download page or check for updates on your platform of choice.

Please note that there can be a significant lag from publishing to general availability due to Apple App Store and Google Play Store review policies and delays.

Bug Fixes

  • Fixed a problem affecting some users related to not being able to send to legacy type addresses

Verifying Envoy on Android

If you’d like to take the optional additional step of verifying Envoy binaries on Android, follow our guide: Verifying Envoy on Android

Envoy version 1.8.3 is now available!

Posted on October 24, 2024 - 12:17 pm by

We’re excited to announce that the latest version of Envoy1.8.3 – is now published on all your favorite mobile platforms! To download it, simply visit our download page or check for updates on your platform of choice.

Please note that there can be a significant lag from publishing to general availability due to Apple App Store and Google Play Store review policies and delays.

What’s changed

In Envoy v1.8.3, we’ve continued our focus on refining the Envoy experience you know and love, expanding the Buy bitcoin feature to all 50 US states as well as bolstering the stability of our Tor connection and polishing the UI. Unfortunately, due to regulatory reasons beyond our control, we have temporarily removed all buy features for users of the iOS app in the U.K and India. Some aspects of this functionality will be reinstated in an upcoming release.

New

  • Ramp can now be used to purchase Bitcoin in all 50 US states! Including some of the most legally challenging ones like New York, Louisiana and Hawaii.

Improvements

  • BIG tor connection stability and reliability improvement! Added .onion endpoint to Fulcrum instance to improve Tor connection reliability.

  • TONS of visual improvements across the board

  • Buy Bitcoin account display will now match the order of accounts used in the main Accounts view, and the animation is much slicker!

  • Implemented our own back end for Signet so we no longer depend on Mutinynet.

  • Signet and Testnet transactions can now be explored in Foundation’s mempool directly from the Transaction details

    • To access this button, from any transaction details tap the TXID to expand it, you will see the option appear on the left, like with Mainnet

  • When recovering from a backup, the Activity tab will now also load transactions that happened after the date the backup was created

  • If an already paired passport is scanned from the new Passport setup connection flow, Envoy will now recognize that and continue through the Existing Passport Setup flow instead of erring out.

  • Improved error logging for RBF related issues

  • Improved log pruning to avoid freezes when exporting logs

  • Updated Flutter to version 3.24.0

  • Updated Arti to 1.2.7

  • Updated some dependencies with minor vulnerabilities

  • Scanning uppercase bitcoin addresses will now display them in lowercase in the “To:” section

  • The Activity tab and the account details will now display transactions ordered by the time transactions were broadcast rather than by the moment they confirmed

  • Improved Portuguese and Catalan translations

  • Improved logging for our validation server connection

  • Updated our Fulcrum servers to 1.11.1

  • Updated Bitcoin Core to 28.0

Bug Fixes

  • Fixed an instance where some RBF transactions could remain in your activity view as ‘Awaiting Confirmation’ even after the boosted transaction confirmed on-chain

  • Fixed a rare bug where a user could get stuck in a loop when recovering a backup under specific circumstances

  • Fixed a bug where deleting a wallet wouldn’t properly delete it on iOS under certain circumstance

  • Fixed an issue where sometimes the “insufficient funds” alert would show up in Signet even if there were enough coins selected in the wallet

  • Fixed an issue where sometimes the amount to send when boosting a transaction would be incorrectly displayed

  • Boosted and Canceled transactions will be displayed as such when recovering from a backup moving forward. Up until now, they would show as “Sent” in the Activity tab and in the Account details after a magic recovery happened

  • Fixed a bug where the Account Activity view and the Activity tab could at times show different information regarding the confirmation of a transaction

  • Fixed an issue where some entries could be duplicated in Activity

  • Fixed an instance where using Android’s native back gesture could be interpreted as a double-back gesture and take the user back two menus instead of one

  • Fixed a bug where some BTCPay BIP21 invoices were interpreted as BTCPay vouchers by Envoy

  • Fixed a minor bug where the number pad was usable after confirming a transaction, while the transaction was being built

  • Fixed a minor visual bug where sometimes if the transaction failed the animation wouldn’t load properly

  • Fixed an issue where tapping ‘Dismiss’ wouldn’t make a prompt disappear if more than one account was paired

  • Fixed a minor visual bug where sometimes in the seed import flow the text could be displayed too far down in the screen

  • Fixed some iOS specific screens that the user could scroll where they shouldn’t

Verifying Envoy on Android

If you’d like to take the optional additional step of verifying Envoy binaries on Android, follow our guide: Verifying Envoy on Android

Envoy version 1.8.2 is now live!

Posted on August 26, 2024 - 4:36 pm by
Envoy 1.8.2 is now live

We’re excited to announce that the latest version of Envoy1.8.2 – is now published on all your favorite mobile platforms! To download it, simply visit our download page or check for updates on your platform of choice.

Please note that there can be a significant lag from publishing to general availability due to Apple App Store and Google Play Store review policies and delays.

 

What’s changed

In Envoy v1.8.2, we’ve focused primarily on refining the Envoy experience you know and love, improving the new Buy Bitcoin feature, and adding the ability to import a SeedQR seed as your Envoy mobile wallet seed.

For more details on each of the changes, keep reading below!

 

New Features

  • Added the ability to import a SeedQR seed as your Envoy mobile wallet seed.

    • Ever wanted to use a seed from Passport’s Key Manager extension for your Envoy mobile wallet? Well now it’s easier than ever, now just requiring a single scan of the SeedQR on Passport to populate on Envoy.
      Scan the SeedQR on Passport to populate in envoy

 

  • Added NZD as a fiat currency 🇳🇿

 

Improvements

  • Updated Arti (the underlying Tor library used in Envoy) to version 1.2.4

  • Added option to disable the Buy feature for those users that don’t want to use it

  • Envoy will default to our own instance of mempool.space moving forward

    • Looking for another mempool.space to use to check your own transactions from anywhere? Check out mempool.foundation.xyz 😎

  • Countless visual improvements throughout Envoy

  • Improved the account selection behavior when buying Bitcoin within Envoy

    • Tapping the card stack will now open the account selection screen

    • You can no longer hide/un-hide account balances from these screens

  • Improved dependency vulnerability tracking in GitHub and patched minor upstream dependency issues

  • Envoy will now immediately try to reconnect to the selected node when Tor is turned on or off in Envoy

  • Long pressing a Ramp ID or BTCPay ID from the transaction details view will now copy that field to the clipboard as well

  • Long pressing transaction ID or address will now warn a user before copying

    • Sometimes you don’t want to expose a transaction ID to your clipboard, and this adds an extra choice step for those users.

  • Improved the way that swiping left/right on an account hides or shows the balance, making it more responsive and accurate to user intent

  • New accounts icon added

  • Tapping Send Selected or Send Max will now show all trailing zeroes

  • If a Pending BTCPay voucher is cancelled, it will now disappear from Activity instead of staying Pending forever

  • Improved tap response area in the Coin Details screen

  • Updated informational icon to a warning icon if BDK removed a coin from the selection in high fee environments

  • Improved Spanish, Catalan, and Portuguese translations

  • Improved handling of HTTP and HTTPS node addresses in the node address field

  • Added a FAQ section with information about buying bitcoin

  • Scanning BTCPay vouchers from an invalid Bitcoin network will now fail gracefully

  • Updated Support URLs

 

Bug Fixes

  • Fixed an instance where using Android’s native back gesture could be interpreted as a double-back gesture and take the user back two menus instead of one

  • Fixed a minor visual issue where if adding a Passport account after enabling a taproot, Tapping Continue would display an incorrect screen

  • Fixed a minor issue where during wallet setup tapping an account would not make the “tap the account above to receive bitcoin” prompt disappear

  • Fixed a minor issue where if you used android’s native back gesture from the buy bitcoin menu it would take you to the select region page instead of the main accounts menu

  • Fixed a visual bug where tapping Receive while the top right corner menu was open would result in an unintended vertical shift

  • Fixed a back button that did not work in the unlikely scenario that a Magic Backup was not found in our servers

  • Fixed some rare instances where the fee calculation percentage would be incorrectly displayed

  • Fixed a bug where using android’s native back gesture during wallet backup import process could leave the user in a perpetual loading loop

  • Fixed a minor display bug where sometimes the Send screen would be pre-populated with the information of a previously sent transaction

  • Fixed a bug where smaller iPhone screens wouldn’t be able to scroll the seed display when viewing it in Settings

  • Fixed some broken links in the FAQ section

 

Verifying Envoy on Android

If you’d like to take the optional additional step of verifying Envoy binaries on Android, follow our guide: Verifying Envoy on Android

Envoy 1.7 – Buy Bitcoin, Directly

Posted on June 19, 2024 - 8:35 am by

Envoy 1.7 is here, and it’s one of our biggest releases ever. Today marks the start of a new chapter for Envoy, one where you can not only intuitively and powerfully manage and store your Bitcoin, but starting today you can buy Bitcoin directly into self-custody with a few simple taps, more easily redeem Bitcoin vouchers from both Azte.co and BTCPay servers, and discover new peer-to-peer, no-KYC exchanges.

One tap from Envoy’s home screen and you’re ready to start your sat-stacking journey.

Buying Bitcoin directly to self-custody

At the core of this update to Envoy is a brand-new integration with Ramp, allowing Envoy users to seamlessly purchase Bitcoin with debit cards, credit cards, Apple and Google Pay, and more directly to their Envoy accounts. Combining a powerful on-ramp with the native privacy and security features in Envoy makes for an unmatched experience.

  • ❌ No copy-pasting addresses
  • ❌ No address reuse
  • ❌ No need to leave the Envoy app
  • ❌ No data collected by Foundation
  • ✅ Easy, one-click address verification with Passport
  • ✅ Automatic tagging w/ note of purchased coins
  • ✅ Sats sent straight to self-custody

It’s easier than ever to purchase Bitcoin, but if you have questions on how all of this works please dive into our docs here.

Choose an Envoy account, set an amount, and setup a Ramp account.

Partnering with Ramp

We’ve worked hard to find a partner that would limit data collection as much as possible, prevent us from accessing any information about Bitcoin purchases, and allow the entire purchase process to happen directly in Envoy, settling on Ramp. While Ramp is still legally obligated to collect identifying information in order to sell Bitcoin to users, this ensures that we at Foundation not only do not (and cannot) collect any information about our users in the app, we also cannot get that information from Ramp directly even if we wanted to.

As Ramp serves a broad number of countries across the globe, you may see some slight differences in information required or fees depending on what country you select when buying Bitcoin. If you want more detail, please refer to their documentation here.

Additionally, Ramp manages the fee structure for purchases in Envoy, with varying fees based on the method of payment, the amount, etc. As partners with Ramp, Foundation will take a small fee as a part of the overall Ramp fee. For more information on Ramp’s fee structure, you can find details on their help portal here.

Confirm email, choose payment method, and you’re stacking sats.

Redeeming vouchers

We’ve also spent time in Envoy 1.7 improving and expanding our Bitcoin voucher support, adding the first of it’s kind BTCPay voucher support — before voucher support is even live in BTCPay 👀. We’re extremely excited to see vouchers added to BTCPay, a fantastic open-source Bitcoin-centric point-of-sale system, and have our own plans of how to leverage BTCPay vouchers immediately when they’re released.

We also have best-in-class support for redeeming on-chain Azte.co vouchers, making Envoy the perfect place to redeem those vouchers straight into self-custody (or even cold storage via Passport). One QR code scan and… done!

Azte.co vouchers made easy.

Discovering peer-to-peer exchanges and Bitcoin ATMs

Last but not least, we’ve added a simple way to discover new peer-to-peer exchanges and Bitcoin ATMs. These present powerful ways to buy and sell Bitcoin without having to give over personally identifiable information. These are powerful tools, and ones that we know many in our community are passionate about. As a first step we’ve added in simple links out to some of our favorite peer-to-peer exchanges along with an easy-to-use map to find Bitcoin ATMs near you.

We have longer term plans to build in native peer-to-peer exchange integrations into Envoy, but those are a bit trickier technically (and legally) so keep an eye out for news on that down the line 🫡

Bitcoin ATMs near you at a glance.

Conclusion

We can’t wait to hear how you all find the new Buy Bitcoin feature in Envoy 1.7, and we’re glad to be able to make it easier than ever to purchase Bitcoin without ever giving up custody of your funds. We view self-custody as a non-negotiable in Bitcoin, and will continue building out tools and products that make self-custody easier, more approachable, and more powerful than ever before.

Want to read the full release notes? You can find them below on our blog: Envoy version 1.7.0 is now live! | Foundation

Now we’ll get back to work and leave the Bitcoin buying to you 😉

Envoy version 1.7.0 is now live!

Posted on June 19, 2024 - 8:11 am by

We’re excited to announce that the latest version of Envoy1.7.0 – is now published on all your favorite mobile platforms! To download it, simply visit our download page or check for updates on your platform of choice.

Please note that there can be a significant lag from publishing to general availability due to Apple App Store and Google Play Store review policies and delays.

What’s changed

Envoy 1.7.0 makes it easier than ever to buy Bitcoin straight into self-custody without ever leaving Envoy. We’ve added the ability to buy using fiat, redeem Azte.co and BTCPay vouchers directly into Envoy, and find the best Bitcoin ATMs and decentralized exchanges as well.

And best of all – Foundation never has access to any information about your purchases at any point in the process. Our policy of protecting user privacy continues to be at the core of what we do, and that carries over into our new Buy Bitcoin feature. If you want to dive more into the Buy Bitcoin feature itself, you can do so on our companion blog post.

We also want to say a special thank you to all of our amazing community who recommended improvements and found and reported bugs, as we were able to incorporate much of that feedback into this release! We’re immensely grateful for users taking the time to do so 🧡

For more details on each of the changes, keep reading below!

New Features

  • Buy Bitcoin straight to self-custody, directly in Envoy

    • We’ve partnered with Ramp to integrate a seamless Bitcoin buying experience directly into Envoy. No need to leave the app, no annoying address copy-paste, no hassle.
    • Every sat you purchase gets sent directly to the Envoy account you choose, without ever needing to manually copy-paste addresses.
    • Buying directly to Passport? You can easily verify the withdrawal address with a simple QR scan via Passport.

  • Redeem BTCPay vouchers directly in Envoy

    • The BTCPay team have been hard at work building a unique voucher system into BTCPay which will be out soon, but we’re such big fans we couldn’t wait for full release.
    • As soon as BTCPay vouchers are released to the public, you’ll be able to simply scan the QR and redeem straight into Envoy.

  • Envoy is now available in Portuguese! 🇵🇹

  • Added support for Signet and Esplora nodes

    • Signet is a unique Bitcoin testing network that is often far more stable than testnet, so we’ve added support to make testing and educating on Bitcoin via Envoy easier.

  • Added Norwegian 🇳🇴 Krone display to Envoy

Improvements

  • Migrated to using our own Mempool.space instance.

    • We were hitting rate limits and other minor issues with the mempool.space public instances, so we’ve deployed our own instance and will now be using it by default for fee rates.

  • Pairing a renamed Passport will now update the name of that Device in the Devices tab in Envoy

  • Pairing a renamed Account on Passport will now update the name of the account in Envoy

  • New Fee Overspend warning in Envoy

    • When you go to send a transaction that spends more than 25% in fees, Envoy will now warn you to be sure you’re aware.

  • Scanning a BIP21 QR code with a label will automatically add that Label to the Notes section of the Envoy transaction

  • Improved the way Envoy handled pasting addresses in the Send screen to make it a more fast and smooth experience

  • Notes will now carry over from the original transaction to the Boosted or Canceled transactions, should you Boost or Cancel any transaction.

  • Long pressing the address in the transaction details view will now automatically copy the address to clipboard

  • New toast implemented that should help troubleshoot backend connection failures

  • Envoy’s connection to the backend node has been hardened, connection stability improved and downtime should be drastically reduced

  • Envoy will now show a new line in Activity and a toast when a new version is available

  • Added a timeout for the PIN/Biometric authentication

  • Hiding a balance in an account will also hide its corresponding transactions in the Activity view

  • Envoy will now warn the user sooner if they try to overspend, instead of waiting for a valid address to be pasted in

  • Added the option to select which coin to spend from in order to Boost if the original transaction’s change is not enough

  • Improved the behavior and UI when entire tags are locked

  • Improved the Android Firmware download process to improve file writing to SD card

  • Added new screens that explain why Boosting a transaction failed

  • Minor visual improvements across the board

  • When a transaction doesn’t generate any change, envoy will now display “No Change” instead of “0 sats” in the transaction review screen

  • Boost option will now be grayed out if there are not enough funds to boost a transaction (like when sweeping your wallet, for example)

  • Minor visual improvements in the Learning Center search bar

  • Minor visual improvements in the “To:” bar in the sending screen

  • The Seed Import using QR is now more resilient and will not break if there’s non-space characters between words in the importing QR

  • Improved the way tags are displayed in the Transaction Details screen

  • Improved Spanish and Catalan translations

  • Minor title centering issues fixed for Spanish

  • Minor visual improvements in Learning Center and Activity lists

  • Improved the hit area for menu items, making it easier to press the item you aimed for

  • Minor improvement in the way the seed words are displayed

  • Updated Twitter’s logo to X

  • Loading the transaction review screen is now smoother and more fluid

  • Canceling transactions is smoother and more fluid

  • Updated Flutter to the latest version, 3.19.1

  • Users can now add a clearnet node and connect to it via tor

      Bug Fixes

      • Fixed a UI bug where sometimes the Passport version would display “loading” in the Devices screen instead of the actual latest version

        • Note: This would only happen immediately after the first ever Passport pairing

      • Fixed a rare issue with touch targets on iOS

      • Fixed a minor issue where if the user selected coins too fast the UI could break

      • Fixed an issue where LAN connections wouldn’t be permitted when tor was enabled

      • Fixed an issue where Boosting self-sends would display 0 sats in the review screen regardless of the amount being sent

      • Fixed a minor bug in the Firmware download flow where the Try Again button would become available before it should

      • Fixed a visual bug where the selected amount would not follow the display improvements recommended by Bitcoin Design standards

      • Fixed a visual bug where if a Tag had multiple coins inside it, scrolling could display the toggles outside the display area

      • Fixed a minor issue where users could not go “back” if they accessed the new wallet creation screen from the “+” icon in the Accounts menu

      • Fixed some screens where users with bigger fonts would not be able to scroll

      • Fixed a minor issue where users with bigger fonts could see an abnormally small QR code when pairing a Passport

      • Fixed a minor issue with how the comma button would behave in some edge cases and some locales

      • Fixed an issue where repeated words would be excluded from the seed quiz in the deletion flow

      • Fixed an issue with the filtering of the learning center where it would sometimes not filter as expected

      • Fixed a minor issue where after deleting an account you would land in the backups menu

      • Fixed a bug for users with many accounts, occasionally forcing their accounts list back to the top when scrolling if a balance refresh happened in the background

      • Fixed a small issue where some long blog titles could be cut off

      • Fixed an issue where on first Passport pairing flow a screen belonging to another flow was displayed

      • Fixed a minor issue where a close button behaved in an unexpected way

      • Fixed an issue where in some circumstances Passport Boost transactions wouldn’t display a confirmation screen

      • Fixed a visual bug for some iOS users where the lock screen would show an odd aspect ratio

      • Fixed a bug where under some specific circumstance Magic Backups wouldn’t properly restore the testnet or taproot toggle status if the original wallet had it

      • Fixed an issue where boosting from Passport would sometimes fail

      • Fixed a bug where sometimes the users could get stuck in a firmware download infinite loop

        Verifying Envoy on Android

        If you’d like to take the optional additional step of verifying Envoy binaries on Android, follow our guide: Verifying Envoy on Android

        Envoy version 1.6.2 is now live!

        Posted on April 25, 2024 - 2:50 pm by

        We’re excited to announce that the latest version of Envoy1.6.2 – is now published on all your favorite mobile platforms! To download it, simply visit our download page or check for updates on your platform of choice.

        Please note that there can be a significant lag from publishing to general availability due to Apple App Store and Google Play Store review policies and delays.

        What’s changed

        In Envoy v1.6.2 we’ve focused heavily on improving the user experience for those of you running larger text or display sizes, fixed a bug around transaction cancellation using RBF, and migrated to our new domain, Foundation.xyz.

        For more details on each of the changes, keep reading below!

        Improvements

        • Envoy now has drastically improved handling of varying display or text sizes, especially abnormally large display/text sizes.

          • As Envoy has gained more users, we’ve noticed an issue where those of you using larger display or text sizes can have issues with buttons being unable to be accessed, especially when setting up Envoy for the first time.

          • We’ve gone through Envoy with a fine-toothed comb to better handle when users have set their OS to use larger display or text sizes and respond appropriately.

        • Envoy now uses our new Foundation.xyz domain for all services.

          • Older version of Envoy will now automatically use redirects from foundationdevices.com -> Foundation.xyz.

          Bug Fixes

          • Fixed a minor text alignment issue introduced in 1.6.0.

          • Fixed a minor text issue in the onboarding flow.

          • Fixed an issue where the fee could be incorrectly calculated for Canceling transactions when sending to a Taproot address, causing some cancellation transactions to fail.

          Verifying Envoy on Android

          If you’d like to take the optional additional step of verifying Envoy binaries on Android, follow our guide: Verifying Envoy on Android

          Envoy version 1.6.0 is now live!

          Posted on March 6, 2024 - 8:50 am by

          We’re excited to announce that the latest version of Envoy1.6.0 – is now published on all your favorite mobile platforms! To download it, simply visit our download page or check for updates on your platform of choice.

          Please note that there can be a significant lag from publishing to general availability due to Apple App Store and Google Play Store review policies and delays.

          What’s changed

          We’ve focused Envoy 1.6.0 on a vital new feature for Bitcoin’s volatile fee market — replace-by-fee (otherwise known as “RBF”). RBF allows you to easily boost the fee on a transaction you’ve sent that’s stuck surfing the mempool, or even cancel an in-flight transaction and send it back to yourself. Just tap on any transaction that is unconfirmed and quickly Boost or Cancel it in Envoy.

          We’ve also brought a complete redesign of address and amount displays to Envoy, making it drastically easier and more intuitive to view amounts (in sats or BTC, as always!) or verify addresses. A special thanks to the fantastic Bitcoin Design initiative for spearheading the concept here! Oh, and don’t sleep on custom device names for Passports paired to Envoy, and the new Catalan translation 👀

          For more details on each of the changes, keep reading below!

          New Features

          • Full “replace-by-fee (RBF)” control is here!
            • If you’ve ever sent some Bitcoin only to have them get stuck in the mempool due to a crazy fee market, this one is for you!Now you can simply tap “⏩ Boost” when viewing a pending transaction’s details to get your transaction back to the top of the queue.Sent a transaction but realized it was a mistake? You can also tap “Cancel” and send the funds back to yourself using RBF as well 😌
          • When you set a custom name for your Passport, now that name will show up automatically in the Devices tab on Envoy.
            • Have multiple Passports in the house? Now you can easily tell them apart in Envoy using custom names!
            • Any name on Passport will now automatically be synced to Envoy when pairing for the first time.
              • Note that existing Passport names won’t be updated unless they are deleted first, but we’ll be improving that in Envoy v1.7.0!
          • Envoy translated to Catalan thanks to our friends over at @bcnbitcoinonly! Special thanks to @insatwetrust, in particular!!

          Improvements

          • Improved Tor performance on iOS (and some Android vendors), especially when it comes to getting fiat exchange rates.
          • Improved testnet reliability via new testnet Fulcrum infrastructure.
          • Available balance now shows fiat value in addition to Bitcoin, if fiat is enabled.
          • Improved the way fiat is displayed in the Transaction Details screen.
          • Updated OpenSSL libraries and removed some unnecessary dependencies.
          • Updated Arti (the Rust-native Tor library) in our library to the latest version, v1.1.12.
          • Improved tap targets across the board to make it that much easier to get to what you want in Envoy.
          • Tapping on the Accounts tab when inside an account will take you back to the main Accounts view.
          • When Fiat values are loading they will now display a loading bar instead of a 0.
          • We’ve taken a fine-toothed comb to the UI in Envoy and made a number of improvements across the board. Better UI, better UX, better Bitcoin experience.
          • Improved Spanish translations.

          Bug Fixes

          • Fixed a bug where Envoy would slow down if a custom Electrum server was unreachable for a long period of time.
          • Fixed a rare bug where sometimes the change address would be displayed as the destination address.
          • Fixed a bug where in some iOS instances selecting Custom fee would result in a crash.
            • Thank you @Fredodido56 for the report!
          • Fixed a bug where the German locale could randomly show commas and dots while typing a number in.
            • Kudos to Mike from our TG community for the report!
          • Fixed an issue where iPhone 8 users wouldn’t be able to tag coins.
          • Fixed an issue with displaying a 24-word seed when manually imported.
          • Fixed some minor issues where under certain circumstances fiat values wouldn’t display correctly.
          • Fixed a visual bug where after deleting a hot wallet and the backup, the Accounts view’s title would be displayed incorrectly.
          • Fixed some text strings wrapping when they shouldn’t have.
          • Fixed a minor bug where sometimes the user would be asked twice about adding a Note to a transaction when signing with Passport.
          • Fixed a minor bug where the small coin exclusion alert was triggered when it shouldn’t have been.
          • Fixed a minor issue where under specific circumstances a user was able to add an infinitely long tag name that broke the UI.
          • Fixed an edge case where the user would be able to attempt to build a transaction with negative fees.
          • Fixed an issue where Envoy could freeze if a user attempted to export an abnormal amount of logs.
            • As always, we take your privacy seriously! Envoy does not send logs to Foundation (and has no ability to do so), so this only applies to users who manually tried to export logs to share with us for a bug report.
          • Fixed an issue where Envoy could freeze if the change amount was too big when setting a custom fee.

          Verifying Envoy on Android

          If you’d like to take the optional additional step of verifying Envoy binaries on Android, follow our guide: Verifying Envoy on Android

          Envoy version 1.5.1 is now live!

          Posted on January 2, 2024 - 12:50 pm by

          We’re excited to announce that the latest version of Envoy1.5.1 – is now published on all your favorite mobile platforms! To download it, simply visit our download page or check for updates on your platform of choice.

          Please note that there can be a significant lag from publishing to general availability due to Apple App Store and Google Play Store review policies and delays.

          What’s changed

          Note: v1.5.1 is a bug-fix release that resolves an issue updating firmware via Envoy on iOS. We’ve replicated the release notes here from 1.5.0 with the additional bug fix.

          With this release of Envoy, we’ve focused on bringing you fully-featured support for Taproot! This not only expands the use-cases and access for Envoy as a mobile wallet, but it also paves the way for full Taproot support to be added to Passport in the upcoming v2.3.0 firmware. We’ve also included a proper Spanish translation to Envoy, and many quality of life improvements and bug fixes.

          For more details on each of the changes, keep reading below!

          New Features

          • Envoy now has full Taproot ???? support, allowing you to easily send and receive with the latest and greatest features in Bitcoin!
            • For those who want to use Taproot, simply enable support from the settings under the “Advanced” drop-down and a new Taproot-specific account will be created for you.
            • This also paves the way for full Taproot support in Passport, coming in firmware v2.3.0 very soon!
          • Envoy now has a Spanish translation available to all of our Spanish-speaking users!

          Improvements

          • Envoy now allows users to select a preferred language in settings on iOS and Android.
          • Upgrade Flutter to the latest stable release, v3.16.1.
          • Envoy now automatically excludes coins that are too low of a value to spend in the current high-fee environment.
            • We’ve noticed that in the current fee environment, a native behavior of BDK that is designed to protect you from wasting sats could get a bit confusing. If you have coins that are relatively low value, it’s possible that they could cost more to spend than the value of the coin, meaning spending them would just be burning precious satoshis.
            • We still leverage the BDK default to help protect you from losing satoshis sending coins that are too low of value, but now we give you a clear warning when this would happen via a shiny new modal.
          • You can now hide amounts on an account while in the detailed account view.
          • Improved how the bottom sheet shows amounts when using coin control when minimized.
          • Users who have previously used Magic Backups and then manually restore the same seed now get the option to restore their previous Magic Backup or simply use a manual wallet.
          • Improved how selecting coins works when switching views.
          • Added a warning when a user manually selects coins and then changes the fee on the transaction review screen, as it can cause Envoy to automatically re-select coins for the user.
          • Updated our Tor library to the latest version of Arti, v1.1.11.

          Bug Fixes

          • Fixed an issue unselecting an entire tag in coin control if some coins in that tag are locked.
          • Fixed a minor display issue when deleting a mobile wallet.
          • Fix an issue with units displayed on the send screen showing sats even when denominated in BTC.
          • Fixed an issue where redeeming an Azteco voucher could show duplicate entries in the activity screen.
          • Corrected the informational text on the unsigned PSBT screen.
          • Fixed an issue where the firmware update button would be slightly off-center.
          • Fixed a minor padding issue on the tag details card.
          • Fixed a rare issue that could cause a blank screen when pairing an existing Passport account.
          • Fixed an issue where an address could display incorrectly in the transaction details screen when receiving multiple outputs in a single transaction.
          • Fixed a display issue where excessively long device names could break the version pill on the devices tab.
          • Fixed an account renaming issue.
          • Fixed various minor display issues.

          Verifying Envoy on Android

          If you’d like to take the optional additional step of verifying Envoy binaries on Android, follow our guide: Verifying Envoy on Android

          Envoy 1.4 – Say Hello to Coin Control

          Posted on December 4, 2023 - 7:30 am by

          With the release of Envoy version 1.4 today, we’ve taken the next big leap forwards in our goal with Envoy — to bring the best of Bitcoin to you, simplified. Since the release of Envoy’s full mobile wallet functionality with Magic Backup, we’ve been working tirelessly to bring you the next phase focused on giving you full control over your Bitcoin. Say hello to the most intuitive and approachable coin control to date.

          Coin Control Made Easy

          Taking control of your money has been a part of our mission from day one, and the ability to control exactly how you spend your bitcoin through Envoy is a key part of that. In this release of Envoy we’ve spent countless hours taking the concept of coin control that has existed in other Bitcoin wallets back to the drawing board, as coin control should be within reach of everyone, not just “techy” Bitcoiners. We think coin control should be something even grandma can use.

          The concept of coin control can often be a foreign one to new Bitcoiners, but quite simply it’s a tool that allows you to choose what coins get spent in each transaction. The standard functionality of a wallet is to use a coin-selection algorithm to intelligently select the best coins to spend when you send bitcoin, but without some form of coin control there is no way for the algorithm to know what history each coin carries with it. When you combine coins with different histories, you reveal information about your financial activity you may not be intending to share!

          When you use coin control, you can tag coins and add notes to transactions as you use Envoy, allowing you to spend only the coins which you want to each time you spend your bitcoin. Don’t want to reveal how much you get paid to your grocer? Only pay him using coins from your previous visits to the grocery store. Tired of your barista seeing how much you paid for dinner last night? Only pay him using coins you just got peer-to-peer. Coin control gives you total control over what information you choose to reveal each time you use Bitcoin — the very definition of privacy.

          Using coin control on Envoy is just a tap away behind the new “Tags” icon inside of each account, where you can easily select to spend from an entire tag or get into the weeds and select individual coins to spend. You can keep things as simple as you want or get as granular as you want — you’re in control now. And if the concept of coin control seems like too much for you today, you can simply never touch it and still benefit from a smart coin-selection algorithm in the background that does its best to reduce fees while preserving your privacy.

          All of this functionality gets added on top of the 60 second onboarding that Envoy brings via Magic Backups, the seamless integration with Passport, and the fully customizable privacy settings across the board. It’s time you experienced Bitcoin, simplified by downloading Envoy today.

          If you want to deep dive into how you can use coin control we’ve got you covered with our new docs on the topic: Tags, Notes + Coin Control | Foundation Docs

          Redesigned Learn Center

          We have a deep passion for user education and empowerment, and want to make the output of that passion more accessible through Envoy. When you have questions about how Envoy or Passport works, want to learn more about Bitcoin, or simply want to pass the time with the sound of BitcoinQnA’s voice in the background, we’ve got you covered. We’ve started from scratch and improved every aspect of the Learn center, starting with a drastically improved video player and a new video host. Videos are faster to load, easier to control, and are now automatically marked as watched afterwards.

          We’ve also added full support for reading our blog posts directly in Envoy without ever leaving the app or opening your browser. Blog posts also get marked as read immediately after viewing them, making it simple to keep up with the latest in Foundation announcements and education. In addition, we’ve revamped our FAQ section at the bottom and updated it with all of the recent changes in Envoy and Passport.

          Privacy Shield Joins the Toolbar

          We’ve always held preserving user privacy as one of our chief values at Foundation, and that starts with the options available to our Passport and Envoy users. With this version of Envoy, we’re taking things a step further and improving the visibility and usability of all of those privacy settings in Envoy with a new standalone section we’re calling the “Privacy Shield.” Quickly connect to your own Bitcoin full node, switch back to Foundation’s, use Tor for improved privacy, or turn Tor off for better performance when necessary.

          Everything you need to know about preserving your privacy while using Envoy can be found in our documentation: Privacy | Foundation Docs

          Activity Center, Reborn

          In addition to launching coin control and revamping our privacy settings, we’ve taken the time to overhaul the activity center in Envoy and give it a new home in the toolbar. Everything you need to keep up with your Bitcoin activity, Passport firmware updates, and more can be found in the Activity Center now. We plan on expanding this in the near future to encompass more things as well, so keep an eye out for future Envoy updates!

          Want to learn more? Dive into our docs here: Activity | Foundation Docs

          So Much More

          If this has piqued your interest, head on over to our full release notes to learn more about what we’ve added, improved, or fixed with this release of Envoy:

          https://foundationdevices.com/2023/12/envoy-version-1-4-0-is-now-live/

          We can’t wait to hear your feedback on this latest iteration of Envoy, and if you have any questions or run into any issues, please don’t hesitate to reach out:

          https://foundationdevices.com/2021/12/support-where-and-when-you-need-it/

          Envoy version 1.4.0 is now live!

          Posted on December 4, 2023 - 7:30 am by

          We’re excited to announce that the latest version of Envoy1.4.0 – is now published on all your favorite mobile platforms! To download it, simply visit our download page or check for updates on your platform of choice.

          Please note that there can be a lag from publishing to general availability due to Apple App Store and Google Play Store review policies and delays.

          What’s changed

          In this version of Envoy we’ve implemented intuitive and easy-to-use coin control, a new Activity Center and Privacy Shield, a redesigned Learn tab, broad user experience and user interface improvements, and squashed bugs across the board.

          We’re especially excited about our implementation of coin control in Envoy, as there has been a lack of intuitive coin control on mobile for Bitcoin users in the past, even though coin control is vital for giving you control over your privacy. We’ve spent countless hours building coin control in Envoy from the ground up to be as easy to use, as powerful, and as privacy-preserving as possible. Coin control isn’t just for technical users anymore.

          For more details on each of the changes, keep reading below!

          New Features

          • Say hello to the most intuitive and approachable coin control in any Bitcoin wallet to date ????
            • Coin control is a vital feature that allows you to preserve your privacy on Bitcoin and choose what information to reveal about your financial activity to those you interact with, but has been a feature only accessible to technical users in the past.
            • We’ve been working tirelessly to bring you an implementation of coin control that even grandma can use. Easily tag your funds as you receive them, lock or unlock individual coins, choose exactly which coins to spend, or simply spend from a single tag with just a few taps.
          • Redesigned the Learn tab from the ground up, with an entirely new UI, improved video player, the ability to read blog posts directly in Envoy, and an improved FAQ section ????
            • Videos and blog posts now also get marked as watched/read when opened, and can be manually marked as unread by long-pressing on the item in the Learn tab.
          • Implemented a new Activity Center and Privacy Shield in the bottom toolbar ???? ????️
            • We’ve broken out our privacy settings into their own new home on the toolbar, as well as migrated the activity center from the bell icon to it’s own page.
            • The new Activity Center will now show transactions, firmware update announcements, and more in the future!
          • Implemented full support for BRL fiat conversion. Welcome, Brazil! ????????
          • Implemented new “sat” and “btc” icons for units instead of text.

          Improvements

          • Migrate Tor support to use the new Arti Tor client, implemented in an open-source Flutter library.
          • Greatly improved performance and resolved rare crashes for users with wallets that are heavily used, i.e. Samourai Wallet post-mix accounts.
          • Automatically add a note on Azte.co voucher redemption transactions indicating that they were from Azte.co.
          • Updated to support the latest azte.co API and voucher changes.
          • Long pressing on the delete button now deletes all entered text when constructing a transaction.
          • Envoy now automatically backs up the Envoy Backup file to Foundation servers every hour.
            • Only applicable when Magic Backups are opted into by a user.
          • Improved the responsiveness of the “Backup Now” button for Magic Backups to show when a backup is successful.
          • Broad updates and improvements to the frequently asked questions (”FAQs”) in the Learn tab.
          • Improved descriptions and copy in pairing screens.
          • Implemented new “hamburger” menu icon with open/close animations.
          • Improved the firmware update flow when firmware is downloaded but not properly copied to microSD for any reason.
          • Made it easier to use Envoy purely as a Passport companion app for those who don’t want Envoy as a mobile wallet.
            • It’s now easier to add additional Passport accounts without accidentally triggering the mobile wallet setup flow.
          • Improved screens across iOS, specifically those around pairing with Passport and downloading firmware.
          • Added the ability for Envoy to use the system locale to better display units and times throughout the app.
          • Added a shiny new animation to the manual mobile wallet setup flow.
          • Improved the way transactions display in the Activity tab.
          • Migrated video hosting for the Learn tab to Vimeo.

          Bug Fixes

          • Corrected some minor issues with settings not being properly backed up and restored as a part of Magic Backups.
          • Removed fiat value for testnet coins – they have no value!
          • Properly display an error when an invalid Envoy Backup file restore is attempted.
          • Properly decode BIP 21 URIs with empty amounts.
          • Updated several dependencies to resolve inherited minor security issues.
          • Fixed several app freezes and crashes on iOS when a user had many accounts or deep wallets.
          • Fixed a rare backup conflict when using QR recovery with Magic Backups.
          • Resolved an issue with the previous Tor library where local network access would be requested in iOS (but not used).
          • Resolved several minor issues with how Envoy interprets the native Android back button.
          • Resolved lag when the app was opened while in Airplane Mode.
          • Fixed some minor text centering issues.
          • Resolved an issue where an account renaming would revert on iOS without the users input.
          • Resolved a rare bug when screen recording Envoy usage.
          • Resolved an issue where a user that ops into manual setup gets shown Magic Backup settings incorrectly.
          • Fixed an issue where the shield would stay red after a successful manual recovery.
          • Fixed a display issue possible when repeatedly adding and removing accounts.
          • Fixed a display issue where the + button could disappear.
          • Resolved some issues with account renaming when certain keyboard functions are used.
          • Resolved issues with screen sizing on smaller phones (i.e. iPhone 7).
          • Fixed an issue where saving a custom node would occasionally not persist.
          • Resolved a bug where prompts could appear where they shouldn’t.

          Verifying Envoy on Android

          If you’d like to take the optional additional step of verifying Envoy binaries on Android, follow our guide: Verifying Envoy on Android

          Announcing our Early Access Rewards program

          Posted on August 17, 2023 - 9:54 am by

          One of the powerful use-cases that Bitcoin unlocked with it’s peer-to-peer nature is the ability to incentivize and reward contributions without any middlemen or hoops to jump through. This movement has come to be known as “value4value,” and has provided an immensely powerful new tool for content creators, Nostr users, and now community members. Today we’re excited to unveil a new program implementing the value4value philosophy into our existing beta testing process — Early Access Rewards.

          tl;dr — Be the first to report any reproducible issue for Passport or Envoy beta releases and get a 10k Satoshi bounty in Bitcoin per issue reported!

          Early Access Rewards Highlights

          The premise of the Early Access Rewards program is quite simple: contribute meaningful bug reports for Envoy or Passport releases while they’re in open beta, and get rewarded for each individual contribution. No middleman, no lengthy ToS, no Foundation login or account necessary.

          How to participate:

          1. Test the beta releases for Passport firmware or Envoy app.
          2. Report issues on Github.
          3. All issues (the first time they are reported) are eligible for the 10k Satoshi reward.
          4. Foundation team members will validate the issues for eligibility.
          5. Rewards sent directly to your provided Bitcoin address or Lightning invoice.

          Join Early Access Rewards today

          Want to earn sats for your important contributions to our open-source projects? Simply join our beta testers community room below and keep an eye out for beta release announcements. Once a release is announced, you can submit any issues you find via Github and earn 10k sats per validated issue.

          Once you discover an issue with the beta release, submit it via Github using the following links with the “Bug Report” option. Note that this does require a Github account:

          Join the community, help us improve, and get rewarded in Bitcoin for your valuable contributions! ????

          The future of Early Access Rewards

          We’re excited to see how well this program works to incentivize important feedback and contributions from our fantastic community, but we also have plans to expand the program in the future. We’re currently considering creating a hardware Early Access program to get our newest products in the hands of invaluable community members first, and top contributors to this Early Access Rewards program will be first in line.

          We have multiple new products in the works, and we can’t wait to watch each of you help us to build and improve as we bring freedom tech to more and more people around the globe. As one of the top contributors to our Early Access Rewards program, you’ll get the chance to test our new products for free as a thank you for your contributions in exchange for feedback and bug reports.

          The (not so) fine print

          If you have more specific questions on how the program will work, you can read the detailed rules below. Have a question? Don’t hesitate to ask in the Community channel or email us at [email protected].

          1. Eligibility for Rewards: a. The first reporter of any reproducible issue for Passport or Envoy beta releases is eligible for a 10k Satoshi bounty, paid in Bitcoin. b. Issues must be reported only once, and once made public, they are no longer eligible for additional 10k Satoshi bounties.
          2. Reporting Process: a. All issues should be reported on Github in the appropriate repository:
          3. Reproducible Issues: a. Issues must be reproducible, meaning that Foundation team members can accurately recreate and validate the issue in the Envoy app or Passport firmware.
          4. Judgement and Reward: a. Foundation reserves the right to make the final judgment on whether issues are eligible for the 10k Satoshi reward. b. Once an issue is verified and confirmed as eligible, the reward will be sent to the reporter’s provided Bitcoin address or Lightning invoice.
          5. Rewards Distribution: a. The rewards will be distributed in Bitcoin (BTC). b. The amount of the reward will be 10,000 Satoshi for each eligible issue. c. All rewards will be paid out at the end of the beta period.
          6. Confidentiality: a. While issues will be made public upon reporting, beta testers should avoid sharing sensitive or personal information in public discussions about the issues.
          7. Compliance: a. All beta testers must comply with the rules and guidelines set by Foundation Devices during the beta testing period. b. Any violation of the rules may result in disqualification from the beta testing program and forfeiture of rewards.
          8. Changes to the Rules: a. Foundation Devices reserves the right to modify the rules or terminate the beta testing program at any time without prior notice.
          9. Disclaimer: a. Beta testers participate in the program at their own risk, and Foundation Devices shall not be liable for any damages or losses incurred during beta testing.

          Envoy version 1.3.0 is now live!

          Posted on July 31, 2023 - 11:00 am by

          We’re excited to announce that the latest version of Envoy1.3.0 – is now published on all your favorite mobile platforms! To download it, simply visit our download page or check for updates on your platform of choice.

          Please note that there can be a lag from publishing to general availability due to Apple App Store and Google Play Store review policies and delays.

          What’s changed

          In this version of Envoy we’ve implemented the ability to redeem azte.co vouchers with a single QR scan in Envoy directly to your mobile wallet, added the ability to cycle through units by tapping on amounts, the ability to update Founder’s Edition devices directly from Envoy, and focused heavily on refining user experience for Envoy mobile wallet users.

          With the release of our last major version of Envoy, we transformed Envoy into a standalone Bitcoin mobile wallet with powerful account management and privacy features in addition to its role as Passport companion app. With that came many new screens and features, so we’ve taken this release to focus on iterating and bringing many bug fixes and quality of life improvements for all our fantastic Envoy users.

          As you may have noticed, we’ve skipped v1.2.0 and jumped straight to v1.3.0 as we realized we had too many important changes to be made during the beta period for v1.2.0. As a result this changelog includes all major changes introduced in v1.2.0 as well, so it’s extra long and extra exciting.

          For more details on each of the changes, keep reading below!

          New Features

          • You can now redeem azte.co vouchers directly in Envoy with just a few taps!
            • Getting those no-KYC sats directly from Azteco just got much easier, as you can simply scan an Azteco voucher QR code and sweep the funds directly into Envoy by scanning the QR code from any screen ????
            • Azteco allows you to buy Bitcoin vouchers from your local corner store just like you’d top up a pre-paid phone plan. Buy with cash and get Bitcoin directly in your mobile wallet or cold storage for one of the fastest and most private ways to acquire Bitcoin out there.
          https://youtube.com/shorts/6TWEaWcyFQ0
          • Added the ability to cycle through units (fiat/BTC/sats) by tapping on the amount when building a transaction.
          • Those of you rocking Founder’s Edition devices can now update within Envoy, just like with our latest Passports!
          • Malaysian Ringgit added as supported currency – Hi Malaysia!! ????????

          Improvements

          • Rearranging accounts has been completely rewritten and is now sexier and smoother than ever before! Organizing your accounts has never been so satisfying.
          • Added prompts to help users find features that could otherwise be hard to discover. These can be easily dismissed as you learn more about using Envoy.
          • Added a warning if Envoy’s mobile wallet contains more than $1000, reminding the user of the danger of keeping lots of funds on a mobile wallet.
          • Updated the look of the account cards, adding a bit more elegance and refinement.
          • Updated the way decimal units of fiat values are displayed when typed in the Send screen.
          • If you lose internet connectivity while on the go, Envoy will now update balances instantly without needing to refresh the app when connection is re-established.
          • Sent transactions will now displayed instantly, instead of waiting to hear from the Bitcoin node you are using in Envoy.
          • Improved how we display progress when scanning animated QR codes during the Passport connection flow.
          • Swapped the send and receive button locations to be more logical, and improved the appearance of the QR scanning button.
          • Improved the user experience when updating firmware for Passport via Envoy.
          • Improved the “Back up now” button user experience in Backup settings to give feedback and a status spinner while backing up.
          • Added additional contextual text and links when the accounts screen is empty.
          • Made it easier to distinguish when you’re using testnet accounts by using “tsats” and “TBTC” as the unit.
          • Added the ability to mute the explainer video for Magic Backups.
          • Improved the wallet deletion flow.
          • Improved the screens a user sees in failed states due to connectivity issues or restoration failures with Envoy backup files.
          • Improved handling when using Android’s native back button for getting out of Passport accounts.
          • Added the ability for users to save and manually share error logs with support if needed.
            • This error logging only happens locally and must be shared manually by the user to best preserve user privacy.
          • Sending amounts below a “dust” threshold will now show an error instead of having the “Continue” button become unresponsive.
          • Added explanatory texts when Testnet is enabled.
          • Other minor icon and text updates to make processes smoother and more understandable.

          Bug Fixes

          • Fixed an issue preventing onboarding on iPhone SE.
          • Fixed an issue where importing Envoy mobile wallet from a QR code incorrectly said it failed when it actually succeeded.
          • Fixed minor copy and UI issues throughout the app.
          • Fixed how some screens in Envoy were handled on devices with small screens.
          • Fixed an issue where the audio for the Magic Backups explainer video could continue playing in the background even after the user closes it.
          • Fixed a minor issue with the “+” button disappearing in rare scenarios.
          • Fixed handling of very large amounts when using sats as the unit.
          • Properly refresh transaction list when the wallet syncs again after losing internet connectivity.
          • Fixed an issue where users could be shown the onboarding for a second time in rare scenarios.
          • Fixed a rare issue where updating an account name could fail.
          • Fixed an issue where reordering accounts could occasionally make them swap colors.
          • Fixed a minor issue where the user could type infinite zeroes after the satoshi unit in the send screen.
          • Fixed an issue where scanning an address would reset the amount on the screen if this was typed before the address was scanned.
          • Fixed an issue where a “not a valid address” banner would continue displaying for a long time after a dynamic QR code was scanned.
          • Fixed an issue where recovering from a seed that had never been backed up in Foundation servers could generate two identical hot wallets.
          • Fixed an issue where recovering from an invalid QR seed would crash Envoy.
          • Fixed a rare issue where while on certain pages, the shield chevron could be behind OS controls.

          Verifying Envoy on Android

          If you’d like to take the optional additional step of verifying Envoy binaries on Android, follow our guide: Verifying Envoy on Android

          Announcing Envoy Wallet: Bitcoin Simplified

          Posted on May 17, 2023 - 10:55 am by

          We’re thrilled to announce a groundbreaking release of Envoy, our mobile companion app for Passport. This new update transforms Envoy into a standalone Bitcoin mobile wallet with powerful account management and privacy features.

          Envoy makes financial sovereignty more accessible than ever before and radically lowers the barriers to Bitcoin self custody.

          Notably, Envoy Magic Backups take the pain and worry out of setting up and backing up a mobile wallet, allowing you to get up and running in 60 seconds and restore your wallet anytime, on any device, in just three taps. It’s time you experienced Bitcoin, simplified.

          Read below to learn more, or dive right in and download Envoy now!

          THE BEST OF BOTH WORLDS

          With mobile wallet support in Envoy, the combination of Envoy + Passport empowers you to store your wealth in an ultra secure, intuitive hardware wallet while also spending Bitcoin on the go in just a few taps. Move funds back and forth between Envoy and Passport, make airgapped transactions, and access your spending and saving balances from anywhere – all in a single app!

          Not a Passport owner? This update introduces full Bitcoin wallet functionality on your iOS or Android phone. Use Envoy to store and spend your Bitcoin with strong security, privacy via Tor, and a streamlined setup experience.

          We are excited to bring our best-in-class design, intuitive and approachable user experience, and peace of mind to smartphone users across the globe – no Passport required.

          WHAT IS A “MOBILE WALLET?”

          In Bitcoin, the term “mobile wallet” refers to any wallet that keeps your keys on an internet-connected smartphone for easier spending and receiving of funds. While you should not keep your life savings in a mobile wallet, it provides easier access to a small amount of Bitcoin for spending, withdrawing from an exchange, and onboarding new users.

          Envoy has traditionally been a “watch-only wallet” that connects to Passport, allowing you to view your balance and create transactions, but providing limited functionality when you are away from your hardware wallet. Now you can enjoy Envoy as a full-featured Bitcoin wallet on the go.

          EXPERIENCE MAGIC BACKUPS

          Envoy introduces a new seed-less onboarding experience called Magic Backups. While Envoy users can of course manually handle seed words if desired, we aimed to engineer a solution that enables 60-second onboarding and automatic encrypted backups of Envoy’s private key and application data (such as settings and labels), with a full restore taking just three taps.

          Additionally, we wanted to ensure that Envoy does this without collecting any user data – no email address, no passwords, no IP address (when Tor is enabled) – no friction!

          We expect Envoy Magic Backups will lead to a massive increase in self custody, with easier onboarding than you’d find at any Bitcoin exchange or custodian.

          HERE’S HOW ENVOY MAGIC BACKUPS WORK

          1. Envoy generates a seed and stores it on your phone’s secure element.
          2. Since most users have iCloud Keychain or Android Auto Backup enabled, the seed is automatically synced to your other iOS or Android devices – fully end-to-end encrypted, without needing to give Envoy permission to access your iCloud or Google account. This encryption means that only you can access this data, not even Apple or Google.
            • Learn more about iCloud Keychain.
              • “iCloud protects your information with end-to-end encryption, which provides the highest level of data security. Your data is protected with a key that’s made from information unique to your device, and combined with your device passcode, which only you know. No one else can access or read this data, either in transit or storage.”
            • Learn more about Android Auto Backup.
              • “Android preserves app data by uploading it to the user’s Google Drive—where it’s protected by the user’s Google account credentials. The backup is end-to-end encrypted on devices running Android 9 or higher using the device’s pin, pattern, or password.”
          3. Envoy then creates a backup file containing your app settings, account labels, and other non-sensitive app data, so that Envoy can be restored to its exact previous state. This folder is end-to-end encrypted with your seed so that Foundation can never see the contents. We call this the Envoy Backup.
          4. The fully encrypted Envoy Backup is uploaded to Foundation’s servers, alongside a hash of the seed (a cryptographic representation of the seed that proves your knowledge of the seed, not the seed itself!) so that we can ensure no one else can attempt to download your backup without proving knowledge of your seed phrase.
          5. There is no Foundation user account, no email, no password – all you need is access to your iCloud or Google account.

          RESTORING FROM MAGIC BACKUPS

          If you lose your phone or delete the Envoy app, restoring your wallet takes only a few seconds with Magic Backups.

          1. Envoy checks the secure element on your phone and looks for the seed.
            • If it discovers a seed on the secure element, Envoy hashes the seed and sends the hash to our server.
              • This merely proves your knowledge of the seed and does not reveal your seed to Foundation in any way!
            • If it does not discover a seed, it accesses the encrypted backup from iCloud Keychain or Android Auto Backup and restores the seed to the secure element. Then Envoy hashes the seed and sends the hash to our server.
          2. Envoy then downloads the encrypted Envoy Backup from our servers.
          3. Envoy uses the seed to decrypt the Envoy Backup file locally (on your phone!) and restores all user settings, account labels, and other app data – so it’s like you never left.

          OTHER NOTABLE CHANGES

          We’ve also added the following features and improvements in this release:

          • Biometric/PIN authentication. Now you can protect your mobile wallet or Passport balances from prying eyes
          • Ability to swipe on accounts to hide balances while you’re on the go. For example, you can display your mobile wallet balance but hide your hardware wallet balance.

          TRY ENVOY TODAY

          We’ve released this new version of Envoy to all major platforms, so you can choose the method that suits you best below:

          1. If you’re on iOS, you can install Envoy from the App Store using the following link:
          2. For those on Android, you can either find Envoy in the Play Store, install via F-Droid, or download the app directly from Github (Envoy is fully open source!):
            • Play Store
            • F-Droid
            • GitHub
              • Download the APK titled “envoy-apk-1.1.3.apk” directly from the above link and install
              • As this APK is signed with our own keys instead of Google’s keys via the Play Store, if you’re using the Play Store version you’ll have to uninstall Envoy first before installing the public beta

          HOW CAN I GIVE FEEDBACK OR GET SUPPORT?

          As you use Envoy as a mobile wallet, we’d love to hear from you – every issue, bug, or favorite feature! There are three main places you can go to give us feedback or get help with Envoy:

          1. We have a standalone Telegram channel for our community that you can join and give feedback or get support
          2. You can email us
          3. You can direct message us on Twitter

          WHAT’S NEXT

          The release of Envoy as a mobile wallet paves the way for a range of roadmap items we’ve been planning for some time, and we can’t wait to build on this strong foundation of simplified Bitcoin usage. Next you’ll be able to jump in the ???? with thousands of other Bitcoiners, become a ????, or ⚡ your way to a cup of coffee — all within Envoy!

          We’re excited to release the next piece of your financial sovereignty toolkit to the masses and onboard a wave of Bitcoiners to self-custody, privacy, and financial sovereignty sat by sat.

          Now back to building.

          Envoy Wallet Open Beta

          Posted on March 31, 2023 - 12:17 pm by

          We’re thrilled to announce a major new open beta of Envoy, our mobile Bitcoin wallet and companion app for Passport. With this open beta we’re greatly expanding what Envoy is capable of, making it a feature-rich Bitcoin hot wallet in addition to its existing role as a watch-only wallet and management app for Passport. Hot wallet support in Envoy opens up financial sovereignty through our tools to many more users and lays the groundwork for other privacy and security features we’re building behind the scenes.

          The best of both worlds

          Bringing hot wallet support to Envoy makes the pairing of Envoy + Passport the best of both worlds, allowing you to store your wealth in a highly-secure and yet easy-to-use package with Passport while also spending your Bitcoin on the go with just a few taps in Envoy. You’ll be able to easily move funds back and forth between your hot wallet and Passport, make transactions, and view your hot and cold balances from anywhere – all from a single app!

          Not a Passport owner? This update brings you full Bitcoin wallet functionality without ever needing to purchase Passport. You can use Envoy to store and spend your Bitcoin across iOS and Android with strong security, simple privacy via Tor, and a new and uniquely approachable onboarding experience. We don’t want to limit financial sovereignty to only those who can purchase a Passport, so Envoy as a hot wallet is our way to bring our best-in-class design, intuitive and approachable UI and UX, and peace of mind to smartphone users across the globe.

          What is a “hot wallet?”

          In Bitcoin, the term “hot wallet” refers to any wallet that keeps your keys on an internet-connected device for easier spending and receiving of funds. While you don’t want to keep your life savings in a hot wallet, it provides much easier access to a bit of Bitcoin for spending, tipping, and onboarding new users.

          Envoy has traditionally been a “watch-only wallet” that connects to Passport, allowing you to view your balance and create transactions, but providing limited functionality when you are away from your hardware wallet. Now you can enjoy Envoy not just as a companion app for Passport, but also as a fully-featured standalone Bitcoin wallet on the go.

          Backups, simplified

          Notably, Envoy Wallet introduces a new seedless onboarding experience we call Envoy Auto-Backup. While Envoy users can of course manually handle seed words if desired, we aimed to engineer a solution that enables 60-second onboarding and automatic backups of Envoy’s private key and application data (such as settings and labels).

          Additionally, we wanted to ensure that Envoy does this without collecting any user data – no email address, no passwords, no IP address if Tor is enabled – no friction! We hope Envoy Auto-Backup will lead to a massive increase in self custody, with easier onboarding than even an exchange.

          Here’s how Envoy Auto-Backup works

          1. Envoy generates a seed and stores it on your phone’s secure element.
          2. Since most users have iCloud Keychain or Android Auto-Backup enabled, the seed is automatically synced to your other iOS or Android devices – fully end-to-end encrypted, without needing to give Envoy permission to access your iCloud or Google account.
            • Learn more about iCloud Keychain.
              • “iCloud protects your information with end-to-end encryption, which provides the highest level of data security. Your data is protected with a key that’s made from information unique to your device, and combined with your device passcode, which only you know. No one else can access or read this data, either in transit or storage.”
            • Learn more about Android Auto-Backup.
              • “Android preserves app data by uploading it to the user’s Google Drive—where it’s protected by the user’s Google account credentials. The backup is end-to-end encrypted on devices running Android 9 or higher using the device’s pin, pattern, or password.”
          3. Envoy then creates a backup folder containing your app settings, account labels, and other non-sensitive app data, making sure that restoring Envoy back to its perfect state for you is a breeze. This folder is end-to-end encrypted with your seed, meaning Foundation can never see the contents. We call this the Envoy Backup.
          4. The fully encrypted Envoy Backup is uploaded to Foundation’s servers, alongside a hash of the seed (a cryptographic representation of the seed that proves your knowledge of the seed, not the seed itself!) so that we can ensure no one else can attempt to download your backup without proving knowledge of your seed phrase.
          5. There is no Foundation user account – all you need is access to your Apple or Google account and you’re all set.

          Restoring from Envoy Auto-Backup

          If you lose your phone or delete the Envoy app, restoring your Envoy Wallet takes only a few seconds with Auto-Backup.

          1. Envoy checks the secure element on your phone and looks for the seed.
            • If it discovers a seed on the secure element, Envoy hashes the seed and sends the hash to our server.
              • This merely proves your knowledge of the seed and does not reveal your seed to Foundation in any way!
            • If it does not discover a seed, it downloads the encrypted seed backup from Apple or Google and restores the seed to the secure element. Then Envoy hashes the seed and sends the hash to our server.
          2. Envoy then downloads the encrypted envoy backup from our servers.
          3. Envoy uses the seed to decrypt the Envoy Backup file locally and restores all user settings, account labels, and other app data, so it’s like you never left.

          Other notable changes

          We’ve also added the following features and improvements along with the fully functional hot wallet in v1.1.0:

          • Added bio-metric/PIN authentication for Envoy
            • Now you can protect your hot wallet or Passport balance from prying eyes
          • Added the ability to swipe on accounts to hide balances while you’re on the go
          • Implemented screenshot protection to prevent screenshots of sensitive screens in Envoy
          • Bumped the integrated Tor version to 0.4.7.10
          • Bumped Flutter SDK version to 3.7.7
          • Improved firmware update flow for Android to better account for slow file transfers
            • Some users experienced issues writing the firmware to microSD in the time we set for Envoy, so we’ve better handled those edge cases in this release

          Current gaps

          • Passphrase wallets are not currently supported.
            • We do plan on supporting passphrases with the public release, but are currently working on implementing a smooth user experience around passphrases and how they interact with the auto-backup feature.
          • Deleting only the hot wallet is not currently possible.
            • You can still reset the app by uninstalling/reinstalling or clearing app data, but please note that this will currently reset the entire app, including Passport accounts etc.

          What is a “public beta?”

          As this is a major overhaul of Envoy from the ground up, we’re launching hot wallet support first as a public beta to let our awesome community test drive it. When you join the public beta you get to be the first to try out hot wallet support, help drive new features and improvements via feedback directly to our team, and make your mark on what we’re building to empower the next phase of financial sovereignty.

          As this is a public beta, we expect that you’ll run into some minor issues and bugs as we work through them together, but we’ve worked hard to make it a complete and usable wallet from the moment the beta launches.

          How can I get access to the beta?

          We’ve pushed the beta version of Envoy to all of our normal channels as a separate beta release, so you can join one of three ways:

          1. If you’re on iOS, you can join our TestFlight program at the following link:
          2. For those on Android, you can either join the beta in the Play Store or download the APK directly from Github:
            • Play Store
            • GitHub
              • Download the APK titled “envoy-apk-1.1.0-beta.zip” directly from the above link, extract it, and install
              • As this APK is signed with our own keys instead of Google’s keys via the Play Store, if you’re using the Play Store version you’ll have to uninstall Envoy first before installing the public beta

          How can I give feedback?

          As you use Envoy as a hot wallet, we’d love to hear from you – every issue, bug, or favorite feature that you love! The more feedback we get during the public beta, the bigger impact you can have in the direction we take with Envoy and the better app we can launch to the rest of Envoy’s users down the road. There are three main places you can go to give us feedback:

          1. We have a standalone Telegram channel for live feedback and discussion of beta releases to keep the main channel uncluttered for our other community members
            1. Foundation Beta Telegram Channel
          2. You can email us
            1. [email protected]
          3. You can direct message us on Twitter
            1. Direct message @FOUNDATIONdvcs

          What’s next

          Our goal with this public beta is to flush out any remaining bugs or UX quirks so we’ll run the public beta for around two weeks. Throughout the public beta period we’ll push new releases as necessary to allow you to test updates and bug fixes as we go, and then at the end of the beta period we’ll launch Envoy as a hot wallet for every Envoy user across all platforms.

          We’re excited to get the next piece of your financial sovereignty toolkit out to the masses and onboard a wave of Bitcoiners to complete self-custody, privacy, and financial sovereignty sat by sat.

          Envoy version 1.0.8 is now live!

          Posted on December 20, 2022 - 7:11 am by

          We’re excited to announce that the latest version of Envoy 1.0.8 – is now published on all your favorite mobile platforms! To download it, simply visit our download page or check for updates on your platform of choice.

          Please note that there can be a significant lag from publishing to general availability due to Apple App Store and Google Play Store review policies and delays.

          What’s changed

          With version 1.0.8 of Envoy, we added in a new Tor status dialogue that informs you when there are Tor connectivity issues and allows you to quickly disable Tor temporarily if desired. We’ve also squashed a few bugs, updated BDK to the latest version, and improved scanning times with Passport from Envoy.

          For more details on each of the changes, keep reading below!

          New Features

          • Added a new Tor dialogue when there are Tor connectivity issues
            • We value your privacy very highly, and as such we have always defaulted Envoy to using Tor, an anonymity network, to prevent even us from being able to learn information about you. Unfortunately, Tor has been undergoing a serious attack for the last several months, severely impacting user experience when using Tor.
            • This new Tor dialogue detects when there are Tor issues (after automatically trying to reconnect multiple times) and allows you to temporarily disable Tor directly from the dialogue until the next time you open Envoy.
            • For more on our usage of Tor, the current issues, and the trade-offs inherent in choosing to disable it, visit our docs page on the topic.
          Envoy’s new Tor toast message and dialogue

          Improvements

          • Reduce PSBT size (and thus QR size) in Envoy, improving scan times on Passport significantly
            • Keep an eye out for Passport firmware v2.0.5 which will even further decrease scan times across the board!
          • Update BDK to v0.24.0
            • For more on this release, see here.
          • Show the address itself under the QR code when verifying addresses between Passport and Envoy
          • Add a dedicated paste button next to the address field
            • Allows you to quickly paste addresses into the address field without relying on the OS’s paste function
          • Better handling when the back button is pressed in Android
          • Increase the number of addresses that Envoy will query for balances to better handle some advanced uses cases
          • Improve all Envoy dialogue pop-ups to make it clearer when action is necessary
          • Make connectivity indicator shield pulse red when a custom Electrum server is set and unreachable/unresponsive
          • Limit account name length to 20

          Bug Fixes

          • Properly warn when Envoy is unable to fetch firmware and show current version
          • Correct ordering of notifications on the activity screen
          • Correct hyperlink to more info on firmware in the firmware update flow
          • Redraw account and accounts cards when the exchange rate changes to properly show fiat balance
          • Use hostname instead of IP address for default testnet Electrum server

          Verifying Envoy on Android

          If you’d like to take the optional additional step of verifying Envoy binaries on Android, follow our guide: Verifying Envoy on Android

          Envoy version 1.0.7 is now live!

          Posted on October 31, 2022 - 4:40 pm by
          Envoy Release v1.0.7

          We’re excited to announce that the latest version of Envoy 1.0.7 – is now live on all your favorite mobile platforms! To download it, simply visit our download page or check for updates on your platform of choice.

          What’s changed

          With version 1.0.7 of Envoy, we added in a firmware update button to simplify the process of installing firmware updates after you’ve initially setup your Passport, squashed some pesky bugs, and overhauled our app to the latest Flutter release.

          For more details on each of the changes, keep reading below!

          New Features

          • Added a firmware update button to the home screen card for Passport
            • Now you can force a firmware update anytime, anywhere for your Passport device straight from Envoy’s home screen
          Envoy’s new firmware update button

          Improvements

          • Upgrade to Flutter 3
            • While this may not be immediately visible from a user’s perspective, it helps us cut down on bugs and improve our release workflow
            • Flutter 3 also enables us to more easily bring desktop support for Envoy in the future across all platforms, including Windows, macOS, and even Linux!
          • Remove Google MLKit QR scanner
            • Removes a dependency on Google and an unwanted network call
          • Change Postmix account color for consistency with Passport

          Bug Fixes

          Verifying Envoy on Android

          If you’d like to take the optional additional step of verifying Envoy binaries on Android, follow our guide: Verifying Envoy on Android

          Verifying Envoy on Android

          Posted on October 31, 2022 - 4:38 pm by

          One of the core tenets we live by here at Foundation is that of “don’t trust, verify.” We’ve long had a detailed guide available for verifying and updating the firmware on Passport in a secure way, but we want to expand on that by empowering users to more easily validate Envoy on Android. In this guide we’ll walk through the “why” and “how” of verifying the APK file (the raw binaries that Android uses for manually installing applications) with both simple hash verification and full PGP signature validation to ensure that the app you install is exactly what we published and has not been tampered with in any way.

          Why is verification important?

          While the Google Play Store and Apple App Store provide a secure centralized method to distribute apps, control over the published application ends up in the hands of Google and Apple, respectively. Because of these centralized “walled gardens,” the ability for end users to verify that the applications they are installing are exactly what the developers publish is minimized, and trust is placed in the app store provider.

          When downloading the APK directly from Github, however, we unlock the ability to provide additional guarantees that the application you’re installing is exactly what we at Foundation have made and that it has not been tampered with along the way. Because we’re focused on securely storing and spending Bitcoin with Passport and Envoy, many users understandably want to take as many steps as possible to ensure that their funds are safe against even advanced attacks.

          When downloading binaries directly (essentially what an APK file is), even from websites you’d normally trust like Github, you’re placing trust in the source of that binary to match the source code you expect. Verifying the APK file we publish on Github prevents Github (or a malicious attacker somehow injecting themselves between you and Github’s servers!) from being able to tamper with the Envoy APK without being detected. This verification process does require some extra work but can provide additional peace of mind to users of Envoy while reducing trust in third-parties.

          Let’s look at how exactly we can perform this verification on Android itself.

          Simple hash verification

          While full verification via PGP keys is more secure, simple hash verification is very easy and faster to perform while still giving some security guarantees against more trivial man-in-the-middle attacks. A hash of a file is a fixed-length string that uniquely represents a given file, where changing even a single bit of the file would result in an entirely different hash. As a given input file can only have a single hash, comparing the expected hash against the downloaded file ensures that not even a single bit in the file has been changed or corrupted.

          1. Download and install “DeadHash” via the Google Play Store or F-Droid
          2. Copy the SHA-256 hash for the Envoy APK file from the envoy-manifest.txt file, found in the Github release page
            • The hash will look something like this:
            • 08cc97450febd558a0f54d93b181f9a90
              ccf05662828977cb8277181ab86b126
          3. This SHA-256 hash (the same hashing algorithm used for Bitcoin mining!) is a way to represent the file in a way that cannot be falsified
          4. Open DeadHash and select the folder icon to choose the Envoy APK file
            • Select the downloaded APK file, i.e. envoy-apk-1.0.7-18.apk
          5. Paste the hash you copied into the “Compare” field
          6. Press “Calculate”
          7. Ensure that the SHA-256 hash validates and gives you a nice green check-mark
            • All of the hashing algorithms except for SHA-256 should show a red X, as we’ve only provided the SHA-256 hash
            • If you get a red X for all hashes, including SHA-256, stop immediately and reach out to us at [email protected]! If it does match, you’re all set.
          DeadHash giving a successful hash check

          Fully verifying Envoy via PGP

          While more involved than simple hash verification, taking the time to validate our PGP key and signatures ensures that as many threats as possible are mitigated. When you validate the PGP keys and signatures of Envoy, you ensure that only a successful attack would require both the PGP private keys and control over our Github account(s). This verification also entirely mitigates the risk, however minor, of Github themselves tampering with the APK.

          Getting setup

          Before we get started, you’ll need to download and install a separate app on your Android device to enable you to validate the PGP key used to sign the Envoy APK file, and then import the Envoy signing key. For each of the steps below with commands (i.e. pkg install wget gnupg -y), simply copy and paste these into Termux and hit enter.

          1. Install the Termux app from Github or F-Droid
          2. Open Termux and install the required packages
            • pkg install wget gnupg -y
          3. Download the Envoy signing PGP key
            • wget --quiet https://docs.foundationdevices.com/envoy_key.pgp
          4. Download the Envoy APK file, manifest file, and PGP signature file
            • Replace the links below with those from the latest release!
            • wget --quiet https://github.com/Foundation-Devices/envoy/releases/download/v1.0.7/envoy-apk-1.0.7-18.apk
              wget --quiet https://github.com/Foundation-Devices/envoy/releases/download/v1.0.7/envoy-manifest.txt
              wget --quiet https://github.com/Foundation-Devices/envoy/releases/download/v1.0.7/envoy-manifest.txt.asc
          Successful prep steps

          verifying Envoy

          1. Import the Envoy signing PGP key
            • gpg --import envoy_key.pgp
            • Validate the key ID that is shown on the first or second line matches that on https://foundationdevices.com/pgp/ under “Envoy Signing Key”
              • i.e. “E8CE0DD2B5528043” (note that the key is not case sensitive)
            • If the key does NOT match, stop immediately and reach out to us at [email protected]! If it does match, proceed to step two below
            • This step imports the PGP key we publish on our website, allowing you to properly validate our PGP signature in the next step
          2. Verify the “envoy-manifest.txt” file is properly signed with our Envoy signing PGP key
            • gpg --verify envoy-manifest.txt.asc envoy-manifest.txt
            • You should see output including “Good signature from ‘Igor Cota <[email protected]>‘” in a line of the output from this step
            • This step ensures that the GPG key we publish was the one used to sign the envoy-manifest.txt file, and that the file has not been tampered with in any way
          3. Verify the Envoy APK file
            • echo "$(grep "envoy-apk" envoy-manifest.txt)" | sha256sum --check
            • This step compares the hash for the APK file in the envoy-manifest.txt file that we’ve verified via PGP with the SHA-256 hash of the actual APK file we’ve downloaded, ensuring no tampering or corruption has happened
          4. If the output says something like envoy-apk-1.0.7-18.apk: OK, you’ve successfully verified the binary and can go ahead and install with added peace of mind
            • Note that the file name will change with each release, but you should always get the “OK” at the end!
            • If the output does NOT say “OK“, stop immediately and reach out to us at [email protected]!
          Successful verification of Envoy via Termux

          Conclusion

          Congratulations on successfully verifying Envoy! These steps are certainly going above and beyond, but keeping with the “don’t trust, verify” mantra is one that always pays off. If you’d like to read more about the PGP or simple hash verification process, you can take a look at the following links: