Skip to main content

FAQ

What is the difference between a "Secret", "Seed Phrase", "Recovery Key" and "Password"?​

  • We refer to the "Secret" as the 24 words you get when setting up a new Vault. This is also commonly referred to as a "Seed Phrase" or "Mnemonic". Those 24 words are everything you need to recover your funds in case you lose access to your Vault.

  • The "Recovery Key" is a key that is only used on Android. On Android, it is possible that the device randomly wipes the secure storage where your seed phrase is stored. If this happens, AirGap Vault is no longer able to sign transactions. When this happened, your only option was to re-import your 24 words again. Because some people don't keep their 24 words accessible at all times, this was a cumbersome process for some. This is why we introduced the "Recovery Key". This key is used to create an encrypted backup of your seed on your phone. The encryption key for that backup is the "Recovery Key". If your secure storage is ever wiped and your seed is no longer accessible, AirGap Vault will prompt you for the "Recovery Key". If you provide it, it will decrypt the backup and restore your seed. If you can't provide it, you simply have to import your 24 words again.

The "Recovery Key" does not have to be backed up with your Secret. The 24 words (plus the optional BIP39 passphrase) is everything you need to recover your accounts on another device.

If someone gets a hold of your "Recovery Key" and nothing else, this key is completely useless and it cannot be used to recover your 24 words. The "Recovery Key" can only be used together with the Vault where it was set up. That's why it is reasonably safe to store the recovery key in a password manager, which you should never do with your 24 words.

caution

The "Recovery Key" can only be used together with the Vault where it was set up. If your Vault is lost or defective, the "Recovery Key" will NOT allow you to access your funds. For that, you need a backup of your 24 words.

  • The "Password" can optionally be set when adding a Secret. This will allow you to set an additional password that is required every time the Vault accesses your Secret to generate accounts or sign transactions. This password will NOT allow you to recover your funds in case you lose your 24 word backup.

  • The "Passphrase" (sometimes also known as "25th word" or "BIP39 passphrase) can optionally be set when creating an account. This is an advanced feature. Only use it if you understand how it works.

Why is [Insert Coin Name] not supported?​

Our main focus is security. Adding new coins can decrease security if it's not done carefully. When we integrate a coin, we usually do a security audit or have the code reviewed by a third party. This requires us to work with some kind of entity behind those coins to fund development and ensure continuous support of the currency.

We hope that once the project gains more traction, more projects will reach out to us to work together on the integrations.

Reproducible builds​

The builds of AirGap Vault are reproducible. This means that the app downloaded from the Play Store match the source code that is published on GitHub. If this is not the case, it means that there could be hidden malicious code in the published version that is not visible in the published source code.

The independent website WalletScrutiny examines a wide variety of cryptocurrency wallets to determine their reproducibility. We're happy to say that AirGap Vault was one of the first wallets to be marked as "reproducible".

tip

The AirGap Wallet is application is also rerpoducible, but it is not checked for reproducibility by WalletScrutiny because it doesn't contain any private keys.

tip

iOS applications cannot be checked for reproducibility because of the was Apple processes the Apps during their release process.

Use vault as offline device​

In theory, the security is slightly better if the device has never been online and used before. The reason for this is that "malware" could have infected your phone while it was online, and that malware could tamper with AirGap once it is installed, even if the phone is offline.

We recommend that you factory reset your phone before using it as your air-gapped, offline, device. Usually, you do have to quickly connect your phone to the internet after the reset to be able to download the app from the app store. But this is fine, because you are not installing any potentially dangerous apps on your phone during this time. If you have an android device with an SD Card slot, you can copy the Vault .apk file using the SD Card so you don't have to connect to the internet. After you have the app on your phone, disable wifi, bluetooth, mobile data and put it into airplane mode.

Security​

The security concept behind air-gapped systems is to work with two physically separated devices, one of which has no connection to the outside world or any network. In the context of AirGap, the component which has no internet connection is the AirGap Vault. The two components, AirGap Vault and AirGap Wallet, communicate through one-way communication using QR codes.

Supply Chain attacks​

In the past years, mutliple cryptocurrency wallets have been targeted by attackers to try and steal users funds. One common attack vector is the supply chain attack. In this attack, the attacker tries to compromise a dependency that is used in the wallet and use it to inject malicious code. At AirGap, we take utmost care of evaluating the dependencies we use. We have also introduced a system that separates the dependencies used during testing and development from the dependencies that are used to build and run the project. This reduces the risk of malicious code injection during the build and test steps.

Security Audits​

The application as a whole, as well as multiple components, have been audited by different third party companies.

All audits have found no way of extracting the private key from AirGap Vault.

The security audits, as well as explanations of our remediations can be found here.

Secure Secret Generation​

Additional Entropy​

The entropy seeder uses the native secure random generator provided by the device and concatenates this with the sha3 hash of the additional entropy (audio, video, touch, accelerometer). The rationale behind this is:

  • The sha3 hashing algorithm is cryptographically secure, such that the following holds: entropy(sha3(secureRandom())) >= entropy(secureRandom())
  • Adding bytes to the sha3 function will never lower entropy but only add to it, such that the following holds: entropy(sha3(secureRandom() + additionaEntropy)) >= entropy(sha3(secureRandom()))
  • By reusing the hash of an earlier "round" as a salt, we can incorporate the entire collected entropy of the previous round
  • Native secure random cannot be fully trusted because there is no API to check the entropy pool it's using

The algorithm being used for the entropy seeding:

const ENTROPY_BYTE_SIZE = 256;
let entropyHashHexString = null;

function toHexString(array) {
return array
.map(function (i) {
return ("0" + i.toString(16)).slice(-2);
})
.join("");
}

function seedEntropy(additionalEntropyArray) {
const secureRandomArray = new Uint8Array(ENTROPY_BYTE_SIZE);
window.crypto.getRandomValues(secureRandomArray);
console.log(
entropyHashHexString +
toHexString(secureRandomArray) +
toHexString(additionalEntropyArray)
);
entropyHashHexString = sha3_256(
entropyHashHexString +
toHexString(secureRandomArray) +
toHexString(additionalEntropyArray)
);
return entropyHashHexString;
}

Difference between same device approach vs. offline device​

The offline approach focuses on the highest security available by storing your secret on a truly offline device with no connections to any network whatsoever. Ensuring that the secret is kept as safe as possible but with a caveat that the QR communication might be more cumbersome to use. This should be used as cold storage of larger funds.

The same devices approach brings still a lot of added security in comparison with other mobile wallets. With the two app approach, the secret is encapsulated and protected through the permission handling of the operating system e.g. no network permission for AirGap Vault. The communication between the two apps is easier to use thanks to simple app switching. This is intended to manage smaller funds or used to interact with decentralized applications.

I have sent a transaction but it does not go through​

Sometimes transactions might take longer to be confirmed by the network. When creating a transaction in AirGap Wallet a fee is calculated depending on your preference between slow & cheap and fast & expensive.

If you go to your account e.g. Tezos, you will see an entry below β€œPending Transaction”. You can take a look at the block explorer to understand more about the status, by selecting the transaction and then β€œOpen Blockexplorer”.

If you have waited for a few hours and the transaction still hasn't been confirmed. You can recreate the transaction again in AirGap Wallet, this time you can either use fast & expensive or set your own fee. Go through the signing process with AirGap Vault and broadcast the transaction with AirGap Wallet.

How can I participate in Staking?​

AirGap supports Staking for various protocols through the β€œDelegation” functionality. You will delegate your funds to a validator that will take part in the validation of the network you and the validator will receive rewards for providing this stake.

To start delegating and receive rewards:

  1. Select your account e.g. Tezos
  2. Select β€œDelegation”
  3. Click β€œDelegate”
  4. Go through the transaction signing process with AirGap Vault
  5. You're now delegated a will earn rewards

Supported Staking protocols:

  • Tezos
  • Cosmos
  • Polkadot
  • Kusama

How to setup your AirGap wallet step by step​

It's easier than you expect. Did you already download the two applications AirGap wallet and Vault? What is your setup? Depending on the setup you may have a slightly different approach. However, you can have a read here https://medium.com/airgap-it/airgap-the-step-by-step-guide-c4c3d3fe9a05

How does AirGap guarantee the reliability, security, maintainability of its wallet?​

The security part is guaranteed by design. By using a second device that is offline all the time (this is the one with your private key), there is no way that your private key can be stolen. Even if we have bugs or malicious code in our app, it has no way of β€œsending” your keys to anyone because it is offline. The code of our apps is open source, so if the app is not maintained anymore, you or the community can always change and update the code if needed.

What is the relationship between Papers.ch and AirGap?​

AirGap is a product of Papers.ch, which is a software development company located in Switzerland that has dedicated 10+ years of its existence to developing secure, mobile-first software and embracing paradigm-shifting technologies like blockchain to provide a more distributed, secure, and accessible future of human interaction.

Will AirGap be available in other languages aside from English?​

Currently, AirGap is available in English, German and Chinese. We are planning to add more languages. If you could help us translate our apps, please reach out to us!

Are you planning on having a token for AirGap?​

Never say never, but as of now, AirGap does not have a utility token of its own and there are no plans to add one.

What are the supported coins/tokens on the AirGap wallet?​

  • Bitcoin(BTC)
  • Aeternity(AE)
  • Ethereum(ETH)
  • Groestlcoin(GRS)
  • Tezos(XTZ)
  • Cosmos(ATOM)
  • Polkadot(DOT)
  • Kusama(KSM)

FA1.2 / FA2 (Tezos)​

  • All FA1.2/2 tokens are supported

ERC20 (Ethereum)​

  • CryptoFranc (XCHF)
  • Tether (USDT)
  • Binance coin (BNB)
  • ChainLink (LINK)
  • Crypto.com coin (CRO)
  • USD coin (USDC)
  • Bitfinex LEO (LEO)
  • yearn.finance (YFI)
  • HuobiToken (HT)
  • VeChain (VEN)
  • EthLend (LEND)
  • Wrapped Bitcoin (WBTC)
  • Dai Stablecoin (DAI)
  • TrueUSD (TUSD)
  • Maker (MKR)
  • Theta Token (THETA)
  • OMG Network (OMG)
  • Ino Coin (INO)
  • Compound (COMP)
  • OKB (OKB)
  • Binance USD (BUSD)
  • Basic Attention Token (BAT)
  • HEDG trade (HEDG)
  • Insight Chain (INB)
  • Ox (ZRX)
  • LoopringCoin (LRC)
  • NXM (NXM)
  • Paxos Standard (PAX)
  • Republic token (REN)
  • Kyber Network (KNC)
  • and more...

How much do I pay to use AirGap?​

AirGap is completely free. You do not need to pay any money.

What are the similarities between AirGap and Ledger?​

AirGap Vault is similar to a hardware wallet such as the Ledger, but with added security. For AirGap, there is no two-way communication between the device that stores your secret and the one connected to the internet. The communication happens over QR codes and is thus more secure.

I try to reinstall the AirGap Vault and import my secret key but it is not working​

During the creation of your secret key, you wrote down a 24 words phrase - this is what you need to restore your accounts. If your secret cannot be imported, it is most likely a typo, or you have written down a wrong word. You can use the official wordlist to check if every word is valid: https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt

What version of Android OS supports the AirGap Wallet and Vault?​

AirGap Vault and AirGap Wallet require at least Android 5.0. Make sure that the WebView is updated to the latest version tutorial

You can download the APK from our GitHub release page

https://github.com/airgap-it/airgap-vault/releases/

SHA256 Hashes

Make sure to verify the hash of the apk after you download it.

What is a derivative path?​

Derivation path is a piece of data that helps derive multiple addresses within a single HD wallet. If you are interested in a full explanation, here is a link to stack overflow that explains what a derivative path means in detail.

https://ethereum.stackexchange.com/questions/70017/can-someone-explain-the-meaning-of-derivation-path-in-wallet-in-plain-english-s

Why and when should I change the derivation path?​

This is an advanced feature. You should never change the default derivation path. Changing the derivation path can lead to you losing access to your funds.

Scanning the QR code using AirGap Vault isn't working, what are the likely solutions?​

In such a scenario you can play around with the screen brightness, too bright and too low may affect device QR code scanning functionality. Ensure the camera is accurately positioned and it isn't blurred.

Can I still set a password after setting up my AirGap Vault and generating a secret?​

The password to protect your secret can only be set on initial generation and not afterward.

If I lose or change my phone how can I be able to access my fund?​

During the creation of your wallet, you were advised to write down 24 words. This phrase can be used to recover your wallet.

Trying to Import my 24-word phrase but the import button is still disabled?​

Link to number 8

I wanted to send a coin but received a "no secret found" error.​

This happens when you are starting the vault app for the first time. So there are no secrets stored to sign the transaction You need to import your secret first, then create the wallet where you want to send funds from, and try again

I'm sending a coin but it has been showing pending for a while.​

Sometimes transactions can take longer to get confirmed. Confirmation time of up to an hour or even more, and this can be because of low gas fee or network congestion.

What are the chances of my coins getting stolen if both apps (AirGap Vault and Wallet) are on the same device?​

We highly recommend the 2 device approach if you are looking for the safest way to store your funds.

But even if you decide to have the Vault on your online device, it is more secure than regular mobile wallets. By design, AirGap Vault never accesses the internet, which reduces the risk of your keys being leaked to the internet.

tip

We recommend enabling the optional password to protect your funds from someone that has access to your phone.

Is there a way to get my private key from the Vault App?​

In the Settings, there is an option to show 24 words again.

How do I import my secret word/mnemonics?​

Here is our medium post that shows step by step how you import your secret on a new device https://medium.com/airgap-it/airgap-the-step-by-step-guide-c4c3d3fe9a05

What does the "non-base58 character" error mean when sending coins?​

This error usually occurs when you try to send funds to an invalid address (an address that doesn't belong to that currency), please check the address again.

Does AirGap require KYC?​

No, AirGap does not require KYC.

How do I reset my password?​

To reset your password, you have to remove the secret and re-import it again.

Backup

Before removing a secret, always make sure you have a backup of your 24 words

What is social recovery?​

With Social Recovery, you can create secret shares and distribute them to contacts you trust. You can then recover a lost secret if you have a set number of these secret shares.

Keep in mind that you will only be able to successfully recover your secret if you have as many shares for recovery as you have defined in the initial setup.

Is there a way to hide the balance on the AirGap wallet?​

Currently, this is not possible.

How do I check my recent transactions history?​

Inside the AirGap wallet click on whatever coin you want to check for its transaction history. The next page displays the transaction history.

Is it possible to store any erc20 token with AirGap?​

Yes, but the unlisted ones will not be visible in the AirGap Wallet. However, you can connect to any Ethereum DApp using the WalletConnect functionality to interact with those tokens.

How do I create a second address for any of the supported coins in the vault?​

Select "Add Account" and then toggle the "Advanced Mode". You can then change the derivation path. For example, use 1 instead of 0 at the end. Then click the create button.

It is important that you write down your derivation path somewhere, as you will need the exact derivation path to recover your account.

Changing the derivation path is an advanced feature. Only use it if you know what you are doing.

While setting up the AirGap Vault, why does it ask for permissions to my microphone and camera?​

The microphone and camera are needed to add additional entropy for the secret generation. You don't have to grant those permission, the secret generation will be possible without them.

The camera is additionally needed for QR scanning.

What version of iOS does AirGap Wallet and Vault support?​

AirGap Vault and AirGap Wallet require at least iOS 13.

Does AirGap support other languages' mnemonics aside english?​

We currently only support english mnemonics.

I have a 15 word phrase for tezos.can that be imported into AirGap?​

Yes, you can import your 15 word secret into AirGap

AirGap Wallet sends me to the AirGap Vault during the transaction process but doesn't provide an option to sign & broadcast the transaction.​

For such scenarios, force closing the Vault and retrying the transaction will most likely solve the problem.

Can I enter the amount I want to send in USD, not in a token amount?​

This functionality will be available in the future.

Why is it taking so long to derive my wallet?​

It shouldn't take more than a couple seconds for your wallet to set up. Close the app and try again.

I am having problems with Polkadot and Kusama seeing balance and also delegatioins.​

Polkadot and Kusama routinely update their runtime, and if it does contain breaking changes, that can sometimes cause issues. To be on the safe side, we are making sure to review the changelog to see if they have any breaking changes.

Why does our tezos baking record show unstable and not precise?​

Our baker payouts are done manually using AirGap. In the past, there was a bug in our payment script that affected a specific payout to a contract, resulting in a fee estimation failure. Due to this, we partially missed two payouts. After the bug was resolved, the missed payouts have been paid in full, and one of the following payouts has been paid twice as a way to compensate our delegators. So overall, our payouts are higher than they should be.

What actions to take if eth transactions have been dropped and replaced and it is under a pending state in the wallet?​

Every 24 hours, the pending states in the wallet are cleared. You can try again with a higher fee if the transaction was deleted from the mempool because the fee was too low.

There are significantly more coins available in the wallet than in the vault. So, does that mean the coins that aren't can't be placed in the vault are less safe?​

The coins that are only in the wallet and not in the vault are tokens based on either ERC20 tokens on Ethereum or FA1.2/2 on Tezos. There are no β€œless secure” coins that only exist in the wallet. Those tokens are stored on your ETH or XTZ accounts and securely managed by the vault.

Can I import the BTC account created in the AirGap Vault into other wallets using the private key?​

You cannot get the private key from the Vault but you can import the mnemonic phrase into any wallet that supports BIP39 and HD wallets.

If I send some AE, do I need to set fees, or does AirGap do it automatically, since the slider rests on disabled?​

The fee slider is selecting "Slow & Cheap" by default. That fee is high enough for AE at the moment. You can manually adjust the fee by clicking the toggle button on top of the slider.

Is it possible to have a new coin listed on AirGap?​

Yes it is possible, we want to support as many chains and coins as possible, but we also follow a procedure of getting in touch with the teams behind the coins for a potential integration.

How do I go about ensuring the AirGap Vault stays up to date if not actually connected to the internet, what do you recommend?​

If you are on Android, you could transfer the new APK using an SD card. Otherwise, we recommend that you completely wipe and reset the phone and start over from scratch. That sounds like a lot of work, but you don't actually have to update the Vault all the time. Unless we find critical security issues or add a breaking change, you can just keep the version you have until you need a new feature that we release.

Why must I have a minimum of 1 DOT balance in my AirGap wallet?​

AirGap does not set any minimum balance requirement on any token or coin. This is a design on the Polkadot network, an address is only active when it holds a minimum amount (currently set at 1 DOT). If the balance on an account drops below 1 DOT, the remaining balance is reaped (burned from the wallet). This minimum amount is called an existential deposit (ED). An option to completely sweep an account will be added in the future.

Why does my DOT transaction to an empty address fail??​

If you send less than the Existential Deposit (1 DOT) to an empty address, the transaction will fail as the receiving address would not hold the Existential Deposit.

Can I send NFTs (on Tezos) to my AirGap Wallet?​

Yes, you can send, manage and see your NFTs on AirGap.

How long does it take to unbound in Polkadot?​

Unbonding takes 28 days.

What is the Business Model AirGap / How does AirGap make money?​

AirGap is developed by papers.ch, a company that has a focus in mobile security and blockchain technology. The development is partially funded out of our own pockets and part of it is paid through grants by various cryptocurrency foundations.

Does AirGap have any plan to develop a desktop version of the Vault?​

We do not have any plan to develop the desktop version of the Vault. But you can build the Vault to run on the desktop yourself. We will also add unofficial builds to our CI in the future. But we currently don't have any plans to distribute official desktop builds. The reason for this is that the Vault on Desktop is less secure unless it is used on an air-gapped laptop. We don't want to risk users installing it on their online machines by accident, so this is a feature only available for advanced users.

If I didn't back up my mnemonics when creating my wallet, how can I retrieve it?​

You can recover your mnemonics if you still have access to the Vault by going to Settings > Select Account > Show Mnemonic. Unfortunately, it also means that your funds cannot be accessed if you do not have access to the Vault anymore.

Why does AirGap Vault generate looping QR coded for signing ERC20 token transactions?​

ERC20 transactions can contain more data than a single QR code can display. In this case, it is split up into multiple parts.

Why is the price reflected on certain assets on my account not the same as the market price?​

This variation is most likely just a difference in the API that displays the price.

What is delegation in AirGap?​

Some protocols (Tezos, Cosmos, Polkadot) allow you to "delegate" your funds and earn rewards. Delegations are slightly different in each protocol in terms of rewards and risks. As a result, we recommend you do some research on your desired protocol. Tezos is the easiest, allowing you to delegate your whole balance with no risk, and without locking in your funds while receiving approximately 5 percent in rewards per year.

Does AirGap allow freezing of UTXOs?​

No, the AirGap Wallet companion app is a very simple wallet and doesn't offer any BTC specific features. To use advanced Bitcoin features, you can connect AirGap Vault to another "watch-only" wallet (eg. BlueWallet or Sparrow) and use AirGap Vault as the signer. This feature is currently in Beta and we're happy for any feedback.

How to add existing AE wallet (address) to AirGap Wallet?​

Simply import your existing mnemonics to AirGap Vault.