- What is the difference between a "Secret", "Seed Phrase", "Recovery Key" and "Password"?
- Why is Insert Coin Name not supported?
- Reproducible builds
- Use vault as offline device
- Supply Chain attacks
- Difference between same device approach vs. offline device
- I have sent a transaction but it does not go through
- How can I participate in Staking?
- How to setup your AirGap wallet step by step
- How do I exchange coins while using AirGap
- How does AirGap guarantee the reliability, security, maintainability of its wallet?
- What is the relationship between Papers.ch and AirGap?
- Will AirGap be available in other languages aside from English?
- Are you planning on having a token for AirGap?
- What are the supported coins/tokens on the AirGap wallet?
- How much do I pay to use AirGap?
- What are the similarities between AirGap and Ledger?
- I try to reinstall the AirGap Vault and import my secret key but it is not working
- What version of Android OS supports the AirGap Wallet and Vault?
- I can't download AirGap Vault in the Google Play Store. Do you have any other download links?
- What is a derivative path?
- Why and when should I change the derivation path?
- Scanning the QR code using AirGap Vault isn’t working, what are the likely solutions?
- Can I still set a password after setting up my AirGap Vault and generating a secret?
- If I lose or change my phone how can I be able to access my fund?
- Trying to Import my 24-word phrase but the import button is still disabled?
- I wanted to send a coin but received a "no secret found" error.
- I'm sending a coin but it has been showing pending for a while.
- What are the chances of my coins getting stolen if both apps (AirGap Vault and Wallet) are on the same device?
- Is there a way to get my private key from the Vault App?
- How do I import my secret word/mnemonics?
- What does the "non-base58 character" error mean when sending coins?
- Does AirGap require KYC?
- Does exchanging currencies in AirGap require KYC?
- How do I reset my password?
- What is social recovery?
- Is there a way to hide the balance on the AirGap wallet?
- How do I check my recent transactions history?
- Is it possible to store any erc20 token with AirGap?
- How do I create a second address for any of the supported coins in the vault?
- While setting up the AirGap Vault, why does it ask for permissions to my microphone and camera?
- What version of iOS does AirGap Wallet and Vault support?
- Does AirGap support other languages' mnemonics aside english?
- I have a 15 word phrase for tezos.can that be imported into AirGap?
- AirGap Wallet sends me to the AirGap Vault during the transaction process but doesn't provide an option to sign & broadcast the transaction.
- Can I enter the amount I want to send in USD, not in a token amount?
- Why is it taking so long to derive my wallet?
- How do I find my exchange transaction ids?
- I am having problems with Polkadot and Kusama seeing balance and also delegatioins.
- Why does our tezos baking record show unstable and not precise?
- What actions to take if eth transactions have been dropped and replaced and it is under a pending state in the wallet?
- There are significantly more coins available in the wallet than in the vault. So, does that mean the coins that aren’t can't be placed in the vault are less safe?
- Can I import the BTC account created in the AirGap Vault into other wallets using the private key?
- How long does it take to exchange currencies on AirGap
- If I send some AE, do I need to set fees, or does AirGap do it automatically, since the slider rests on disabled?
- Is it possible to have a new coin listed on AirGap?
- What are the available exchange pairs?
- How do I go about ensuring the AirGap Vault stays up to date if not actually connected to the internet, what do you recommend?
- Why must I have a minimum of 1 DOT balance in my AirGap wallet?
- Can I send NFTs (on Tezos) to my AirGap Wallet?
- How long does it take to unbound in Polkadot?
- What is the Business Model AirGap / How does AirGap make money?
- Does AirGap have any plan to develop a desktop version of the Vault?
- If I didn't back up my mnemonics when creating my wallet, how can I retrieve it?
- Why does AirGap Vault generate looping QR coded for signing ERC20 token transactions?
- Why is the price reflected on certain assets on my account not the same as the market price?
- What is delegation in AirGap?
- Does AirGap allow freezing of UTXOs?
- How to add existing AE wallet (address) to AirGap Wallet?
We refer to the "Secret" as the 24 words you get when setting up a new Vault. This is also commonly referred to as a "Seed Phrase" or "Mnemonic". Those 24 words are everything you need to recover your funds in case you lose access to your Vault.
The "Recovery Key" is a key that is only used on Android. On Android, it is possible that the device randomly wipes the secure storage where your seed phrase is stored. If this happens, AirGap Vault is no longer able to sign transactions. When this happened, your only option was to re-import your 24 words again. Because some people don't keep their 24 words accessible at all times, this was a cumbersome process for some. This is why we introduced the "Recovery Key". This key is used to create an encrypted backup of your seed on your phone. The encryption key for that backup is the "Recovery Key". If your secure storage is ever wiped and your seed is no longer accessible, AirGap Vault will prompt you for the "Recovery Key". If you provide it, it will decrypt the backup and restore your seed. If you can't provide it, you simply have to import your 24 words again.
The "Recovery Key" does not have to be backed up with your Secret. The 24 words (plus the optional BIP39 passphrase) is everything you need to recover your accounts on another device.
If someone gets a hold of your "Recovery Key" and nothing else, this key is completely useless and it cannot be used to recover your 24 words. The "Recovery Key" can only be used together with the Vault where it was set up. That's why it is reasonably safe to store the recovery key in a password manager, which you should never do with your 24 words.
The "Recovery Key" can only be used together with the Vault where it was set up. If your Vault is lost or defective, the "Recovery Key" will NOT allow you to access your funds. For that, you need a backup of your 24 words.
The "Password" can optionally be set when adding a Secret. This will allow you to set an additional password that is required every time the Vault accesses your Secret to generate accounts or sign transactions. This password will NOT allow you to recover your funds in case you lose your 24 word backup.
The "Passphrase" (sometimes also known as "25th word" or "BIP39 passphrase) can optionally be set when creating an account. This is an advanced feature. Only use it if you understand how it works.
Our main focus is security. Adding new coins can decrease security if it's not done carefully. When we integrate a coin, we usually do a security audit or have the code reviewed by a third party. This requires us to work with some kind of entity behind those coins to fund development and ensure continuous support of the currency.
We hope that once the project gains more traction, more projects will reach out to us to work together on the integrations.
The builds of
AirGap Vault are reproducible. This means that the app downloaded from the Play Store match the source code that is published on GitHub. If this is not the case, it means that there could be hidden malicious code in the published version that is not visible in the published source code.
The independent website WalletScrutiny examines a wide variety of cryptocurrency wallets to determine their reproducibility. We're happy to say that AirGap Vault was one of the first wallets to be marked as "reproducible".
AirGap Wallet is application is also rerpoducible, but it is not checked for reproducibility by WalletScrutiny because it doesn't contain any private keys.
iOS applications cannot be checked for reproducibility because of the was Apple processes the Apps during their release process.
In theory, the security is slightly better if the device has never been online and used before. The reason for this is that "malware" could have infected your phone while it was online, and that malware could tamper with AirGap once it is installed, even if the phone is offline.
We recommend that you factory reset your phone before using it as your air-gapped, offline, device. Usually, you do have to quickly connect your phone to the internet after the reset to be able to download the app from the app store. But this is fine, because you are not installing any potentially dangerous apps on your phone during this time. If you have an android device with an SD Card slot, you can copy the Vault .apk file using the SD Card so you don't have to connect to the internet. After you have the app on your phone, disable wifi, bluetooth, mobile data and put it into airplane mode.
The security concept behind air-gapped systems is to work with two physically separated devices, one of which has no connection to the outside world or any network. In the context of AirGap, the component which has no internet connection is the AirGap Vault. The two components, AirGap Vault and AirGap Wallet, communicate through one-way communication using QR codes.
In the past years, mutliple cryptocurrency wallets have been targeted by attackers to try and steal users funds. One common attack vector is the supply chain attack. In this attack, the attacker tries to compromise a dependency that is used in the wallet and use it to inject malicious code. At AirGap, we take utmost care of evaluating the dependencies we use. We have also introduced a system that separates the dependencies used during testing and development from the dependencies that are used to build and run the project. This reduces the risk of malicious code injection during the build and test steps.
The application as a whole, as well as multiple components, have been audited by different third party companies.
All audits have found no way of extracting the private key from AirGap Vault.
The security audits, as well as explanations of our remediations can be found here.
The entropy seeder uses the native secure random generator provided by the device and concatenates this with the sha3 hash of the additional entropy (audio, video, touch, accelerometer). The rationale behind this is:
- The sha3 hashing algorithm is cryptographically secure, such that the following holds:
entropy(sha3(secureRandom())) >= entropy(secureRandom())
- Adding bytes to the sha3 function will never lower entropy but only add to it, such that the following holds:
entropy(sha3(secureRandom() + additionaEntropy)) >= entropy(sha3(secureRandom()))
- By reusing the hash of an earlier "round" as a salt, we can incorporate the entire collected entropy of the previous round
- Native secure random cannot be fully trusted because there is no API to check the entropy pool it's using
The algorithm being used for the entropy seeding:
The offline approach focuses on the highest security available by storing your secret on a truly offline device with no connections to any network whatsoever. Ensuring that the secret is kept as safe as possible but with a caveat that the QR communication might be more cumbersome to use. This should be used as cold storage of larger funds.
The same devices approach brings still a lot of added security in comparison with other mobile wallets. With the two app approach, the secret is encapsulated and protected through the permission handling of the operating system e.g. no network permission for AirGap Vault. The communication between the two apps is easier to use thanks to simple app switching. This is intended to manage smaller funds or used to interact with decentralized applications.
Sometimes transactions might take longer to be confirmed by the network. When creating a transaction in AirGap Wallet a fee is calculated depending on your preference between slow & cheap and fast & expensive.
If you go to your account e.g. Tezos, you will see an entry below “Pending Transaction”. You can take a look at the block explorer to understand more about the status, by selecting the transaction and then “Open Blockexplorer”.
If you have waited for a few hours and the transaction still hasn’t been confirmed. You can recreate the transaction again in AirGap Wallet, this time you can either use fast & expensive or set your own fee. Go through the signing process with AirGap Vault and broadcast the transaction with AirGap Wallet.
AirGap supports Staking for various protocols through the “Delegation” functionality. You will delegate your funds to a validator that will take part in the validation of the network you and the validator will receive rewards for providing this stake.
To start delegating and receive rewards:
- Select your account e.g. Tezos
- Select “Delegation”
- Click “Delegate”
- Go through the transaction signing process with AirGap Vault
- You’re now delegated a will earn rewards
Supported Staking protocols:
It’s easier than you expect. Did you already download the two applications AirGap wallet and Vault? What is your setup? Depending on the setup you may have a slightly different approach. However, you can have a read here https://medium.com/airgap-it/airgap-the-step-by-step-guide-c4c3d3fe9a05
It is very easy to exchange coins with AirGap, we currently support changenow and changelly as exchange services. Open your AirGap Wallet, down below you will see an exchange icon, press that and you can now chose what to exchange. More to exchanging coins can be found here. https://medium.com/airgap-it/airgap-integrates-changenow-exchange-7a744709ed5e
The security part is guaranteed by design. By using a second device that is offline all the time (this is the one with your private key), there is no way that your private key can be stolen. Even if we have bugs or malicious code in our app, it has no way of “sending” your keys to anyone because it is offline. The code of our apps is open source, so if the app is not maintained anymore, you or the community can always change and update the code if needed.
AirGap is a product of Papers.ch, which is a software development company located in Switzerland that has dedicated 10+ years of its existence to developing secure, mobile-first software and embracing paradigm-shifting technologies like blockchain to provide a more distributed, secure, and accessible future of human interaction.
Currently, AirGap is available in English, German and Chinese. We are planning to add more languages. If you could help us translate our apps, please reach out to us!
Never say never, but as of now, AirGap does not have a utility token of its own and there are no plans to add one.
- CryptoFranc (XCHF)
- Tether (USDT)
- Binance coin (BNB)
- ChainLink (LINK)
- Crypto.com coin (CRO)
- USD coin (USDC)
- Bitfinex LEO (LEO)
- yearn.finance (YFI)
- HuobiToken (HT)
- VeChain (VEN)
- EthLend (LEND)
- Wrapped Bitcoin (WBTC)
- Dai Stablecoin (DAI)
- TrueUSD (TUSD)
- Maker (MKR)
- Theta Token (THETA)
- OMG Network (OMG)
- Ino Coin (INO)
- Compound (COMP)
- OKB (OKB)
- Binance USD (BUSD)
- Basic Attention Token (BAT)
- HEDG trade (HEDG)
- Insight Chain (INB)
- Ox (ZRX)
- LoopringCoin (LRC)
- NXM (NXM)
- Paxos Standard (PAX)
- Republic token (REN)
- Kyber Network (KNC)
- and more...
AirGap is completely free. You do not need to pay any money.
AirGap Vault is similar to a hardware wallet such as the Ledger, but with added security. For AirGap, there is no two-way communication between the device that stores your secret and the one connected to the internet. The communication happens over QR codes and is thus more secure.
During the creation of your secret key, you wrote down a 24 words phrase - this is what you need to restore your accounts. If your secret cannot be imported, it is most likely a typo, or you have written down a wrong word. You can use the official wordlist to check if every word is valid: https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt
AirGap Vault and AirGap Wallet require at least Android 5.0. Make sure that the WebView is updated to the latest version (=> Add tutorial)
You can download the APK from our GitHub release page
Derivation path is a piece of data that helps derive multiple addresses within a single HD wallet. If you are interested in a full explanation, here is a link to stack overflow that explains what a derivative path means in detail.
This is an advanced feature. You should never change the default derivation path. Changing the derivation path can lead to you losing access to your funds.
In such a scenario you can play around with the screen brightness, too bright and too low may affect device QR code scanning functionality. Ensure the camera is accurately positioned and it isn’t blurred.
The password to protect your secret can only be set on initial generation and not afterward.
During the creation of your wallet, you were advised to write down 24 words. This phrase can be used to recover your wallet.
Link to number 8
This happens when you are starting the vault app for the first time. So there are no secrets stored to sign the transaction You need to import your secret first, then create the wallet where you want to send funds from, and try again
Sometimes transactions can take longer to get confirmed. Confirmation time of up to an hour or even more, and this can be because of low gas fee or network congestion.
We highly recommend the 2 device approach if you are looking for the safest way to store your funds.
But even if you decide to have the Vault on your online device, it is more secure than regular mobile wallets. By design, AirGap Vault never accesses the internet, which reduces the risk of your keys being leaked to the internet.
We recommend enabling the optional password to protect your funds from someone that has access to your phone.
In the Settings, there is an option to show 24 words again.
Here is our medium post that shows step by step how you import your secret on a new device https://medium.com/airgap-it/airgap-the-step-by-step-guide-c4c3d3fe9a05
This error usually occurs when you try to send funds to an invalid address (an address that doesn't belong to that currency), please check the address again.
No, AirGap does not require KYC.
AirGap does not require KYC to use the exchange feature.
However, the exchanges themselves might require additional KYC depending on the amount and the addresses involved. If this happens, you will have to reach out to the exchange directly and handle the KYC process with them.
To reset your password, you have to remove the secret and re-import it again.
Before removing a secret, always make sure you have a backup of your 24 words
With Social Recovery, you can create secret shares and distribute them to contacts you trust. You can then recover a lost secret if you have a set number of these secret shares.
Keep in mind that you will only be able to successfully recover your secret if you have as many shares for recovery as you have defined in the initial setup.
Currently, this is not possible.
Inside the AirGap wallet click on whatever coin you want to check for its transaction history. The next page displays the transaction history.
Yes, but the unlisted ones will not be visible in the AirGap Wallet. However, you can connect to any Ethereum DApp using the WalletConnect functionality to interact with those tokens.
Select "Add Account" and then toggle the "Advanced Mode". You can then change the derivation path. For example, use 1 instead of 0 at the end. Then click the create button.
It is important that you write down your derivation path somewhere, as you will need the exact derivation path to recover your account.
Changing the derivation path is an advanced feature. Only use it if you know what you are doing.
The microphone and camera are needed to add additional entropy for the secret generation. You don't have to grant those permission, the secret generation will be possible without them.
The camera is additionally needed for QR scanning.
AirGap Vault and AirGap Wallet require at least iOS 11.
We currently only support english mnemonics.
Yes, you can import your 15 word secret into AirGap
For such scenarios, force closing the Vault and retrying the transaction will most likely solve the problem.
This functionality will be available in the future.
It shouldn’t take more than a couple seconds for your wallet to set up. Close the app and try again.
Currently, we do not have a UI for you to find transaction IDs for exchanges. However, if need be, please send us an email or use any of our support platforms with your address and amount attached, and we will be able to assist you.
Polkadot and Kusama routinely update their runtime, and if it does contain breaking changes, that can sometimes cause issues. To be on the safe side, we are making sure to review the changelog to see if they have any breaking changes.
Our baker payouts are done manually using AirGap. In the past, there was a bug in our payment script that affected a specific payout to a contract, resulting in a fee estimation failure. Due to this, we partially missed two payouts. After the bug was resolved, the missed payouts have been paid in full, and one of the following payouts has been paid twice as a way to compensate our delegators. So overall, our payouts are higher than they should be.
Every 24 hours, the pending states in the wallet are cleared. You can try again with a higher fee if the transaction was deleted from the mempool because the fee was too low.
The coins that are only in the wallet and not in the vault are tokens based on either ERC20 tokens on Ethereum or FA1.2/2 on Tezos. There are no “less secure” coins that only exist in the wallet. Those tokens are stored on your ETH or XTZ accounts and securely managed by the vault.
You cannot get the private key from the Vault but you can import the mnemonic phrase into any wallet that supports BIP39 and HD wallets.
It usually takes around 20 to 30 minutes. If you did not receive the funds after an hour, please contact us.
The fee slider is selecting "Slow & Cheap" by default. That fee is high enough for AE at the moment. You can manually adjust the fee by clicking the toggle button on top of the slider.
Yes it is possible, we want to support as many chains and coins as possible, but we also follow a procedure of getting in touch with the teams behind the coins for a potential integration.
The list of available exchange pairs can be seen on the exchange tab. This functionality is provided to us by third parties (Changelly and ChangeNow) and may vary based on what they provide.
If you are on Android, you could transfer the new APK using an SD card. Otherwise, we recommend that you completely wipe and reset the phone and start over from scratch. That sounds like a lot of work, but you don't actually have to update the Vault all the time. Unless we find critical security issues or add a breaking change, you can just keep the version you have until you need a new feature that we release.
AirGap does not set any minimum balance requirement on any token or coin. This is a design on the Polkadot network, an address is only active when it holds a minimum amount (currently set at 1 DOT). This minimum amount is called an existential deposit (ED). An option to completely sweep an account will be added in the future.
Yes, you can send NFTs to AirGap. But you can't see them inside AirGap Wallet, you will see them on the dApps that support those NFTs.
Unbonding takes 28 days.
AirGap is developed by papers.ch, a company that has a focus in mobile security and blockchain technology. The development is partially funded out of our own pockets and part of it is paid through grants by various cryptocurrency foundations.
We do not have any plan to develop the desktop version of the Vault. But you can build the Vault to run on the desktop yourself. We will also add unofficial builds to our CI in the future. But we currently don't have any plans to distribute official desktop builds. The reason for this is that the Vault on Desktop is less secure unless it is used on an air-gapped laptop. We don't want to risk users installing it on their online machines by accident, so this is a feature only available for advanced users.
You can recover your mnemonics if you still have access to the Vault by going to Settings > Select Account > Show Mnemonic. Unfortunately, it also means that your funds cannot be accessed if you do not have access to the Vault anymore.
ERC20 transactions can contain more data than a single QR code can display. In this case, it is split up into multiple parts.
This variation is most likely just a difference in the API that displays the price.
Some protocols (Tezos, Cosmos, Polkadot) allow you to "delegate" your funds and earn rewards. Delegations are slightly different in each protocol in terms of rewards and risks. As a result, we recommend you do some research on your desired protocol. Tezos is the easiest, allowing you to delegate your whole balance with no risk, and without locking in your funds while receiving approximately 5 percent in rewards per year.
No, the AirGap Wallet companion app is a very simple wallet and doesn't offer any BTC specific features. To use advanced Bitcoin features, you can connect AirGap Vault to another "watch-only" wallet (eg. BlueWallet or Sparrow) and use AirGap Vault as the signer. This feature is currently in Beta and we're happy for any feedback.
Simply import your existing mnemonics to AirGap Vault.