There is no guarantee that you transaction will ever get mined if you are below the relay fee, as it may never reach a miner. The 0.0001 fee pr 1000 bytes which Mycelium uses is already pushing the limits. With a zero fee feature, greed will make people enable it, and when it turns out that their transactions never confirm they will blame it on the wallet (or developer... shit, that's me) or simply say "Bitcoin sucks"

You can also use the Cold Storage Spending feature in Mycelium. It basically allows you to do instant spending of any private key.

If you have two devices
BitcoinSpinner on one device: Click options button -> Settings -> Advanced -> Export Private Key
Mycelium on another device: Click options button -> Clod Storage -> QR-Code, and choose MAX for the amount (swiping)

If you are on the same device
In BitcoinSpinner: Click options button -> Settings -> Advanced -> Export Private Key -> Copy to clipboard
In Mycelium: Click options button -> Clod Storage -> Clipboard, and choose MAX for the amount (swiping)
Please note that the private key will be exposed to other apps on your device in the clipboard.
Alternatively you can use a camera to take a picture of the QR-code

What this blog post doesn't tell is that in this particular instance the repeated use of the same K value was on purpose.
When making unit tests it is often desirable to be able to create results that can be repeated. By reusing the same K value you get the same signature, which is valuable during development. I know the developer in for this instance, and no, it is not me.

Andreas, it seems to me that you persistently want to complain about something today 

The wallet sources are available here: https://github.com/mycelium-com/wallet
The API interface is pretty straightforward: https://github.com/mycelium-com/wallet/blob/master/public/mbwapi/src/main/java/com/mrd/mbwapi/api/MyceliumWalletApi.java


The server side sources are not open, and they don't have to. As you can see from the API and wallet code, no matter how much the server cheats and lies, it cannot spend your coins. It basically tells you what the unspent outputs are for a given set of addresses. If it tells you something wrong your transactions will not get accepted by the network. If this happens users would quickly get unhappy and move their private keys somewhere else.
The server side contains no 'secrets', usernames, passwords, and whatnot. It is just a stunningly fast index on the blockchain and unconfirmed transactions.

Android Bitcoin Wallet connects to multiple nodes. Each node sends protocol messages containing inventory messages, blocks (filtered), transactions (filtered), ping and so forth. All this data is processed and which incurs a great deal of bookkeeping.  Each connection is kept alive (I guess also some time after the app has stopped).
Mycelium depends on a server, but it is updated in one or two messages.

Let me clarify a bit by pointing out differences between Mycelium and other Android wallets.

• Like the Blockchain.info app, Mycelium depends on a redundant set of servers. This is what gives the wallet tremendous speed, and makes it ready immediately after startup.
• Unlike the Blockchain.info app, Mycelium does not upload private keys to the server (not even in encrypted form), or require any registration.
• Like the Android Bitcoin Wallet, the private keys are only stored on your device (You may and should export them for backup purposes)
• Unlike the Android Bitcoin Wallet, Mycelium does not connect directly to several nodes in the Bitcoin network. This means less bandwidth requirement for your mobile plan, less power consumption, and immediate availability, but also means that the server side could establish IP/address relations. (which it doesn't)

Using a powerful server side with an optimized index over the entire blockchain is what makes it possible to determine unspent outputs, transaction history, etc for any address in milliseconds. The alternative would be to download and scan the entire blockchain. Without this it would not be possible to do effective cold storage spending or key imports. Please note that since the server does not know your keys, it cannot control your funds.

Each wallet does it differently, and that is a good thing. We need as much diversity as we can get.

BitcoinSpinner v0.8.3b has been pushed to Google Play. It may take an hour or two before you can update it.
Version 0.8.3b:
 - Fix for broken SecureRandom on Android
 - Showing warning message on startup on how to mitigate weak key vulnerability

Hey you got the same donation address as me. Must be a coincidence related to the bad random generator on Android

maybe he is 

I just received this email from what Gmail tells me is "theymos@bitcointalk.org via wedos.net"
This is a fraud.
Don't fall for email like that.

Version 0.7.0 has been pushed. It may take an hour or two before it is available in the Google Play Store.
This version features the key migration wizard. If you already migrated your keys in version 0.6.5 manually you should not notice any difference. Otherwise it will nag you on the startup view until you complete the wizard for every key.

Done. Mycelium should really have its own thread. I'll look into that once all this is sorted out.

In other news: An update for BitcoinSpinner is in the works. Everything has been coded and tested. I am just waiting for the signer to verify and sign the APK. It will be published later today.

Using new deterministic addresses for every transaction is quite tricky with the model that we use. Instead of downloading the blockchain we query a server for the unspent outputs of the addresses we are interested in. If the number of addresses grows infinitely something is bound to break down. Andreas has some nifty ideas on how to mitigate that, so this is something we will investigate.

In the meantime, if you want to migrate your keys manually with version 0.6.5 here it how:
1. Go to settings and uncheck Aggregate View to get segregated view (you now manage one key at a time)
2. Go to Keys & Addresses
3. Click + and choose Random to create a new random (strong) key
4. Give the new key a name, e.g. "Migration 1" (long press it and click Set Label)
5. Select one of your old keys
6. Go to Balance view
7. Click Send and choose "Migration 1" from the address book as the receiver
8. Click MAX to send the full amount (swipe), Next, Send
9. Go to Keys & Addresses
10. Long press the old key that you just swiped and select Archive.

Repeat for each key

Finally go to settings and enable Aggregate View.

Note: If you have selected an archived key and go into the balance view you will only see the balance of that key.

The key migration wizard is now feature complete, and we are testing it vigorously.

First of all let me introduce a nice new feature, which the key migration wizard relies on:
As of version 0.6.5 there is a new concept of a key archive. A key/address can either be Active or Archived. You can move a key back and forth between the Active and Archive set in "Keys & Addresses". It is somewhat similar to what you see in the Blockchain.info wallet for iPhone.
When the wallet is in Aggregate mode (the default) the balance view displays the aggregate value of all your Active keys. Keys in the Archive set are not included.
While this gives some nifty key control features for advanced users, it also allows us to make the Vulnerable Key Migration Wizard (tm) safer to use.

Here is how the migration wizard works in version 0.7.0:

When you open the wallet it will investigate whether the Active set contains any keys that were present from before 0.6.5. If there are any it will show you a dialog explaining that you have X potentially vulnerable keys
. You can then choose to launch a (5 step) migration wizard, which:

1. creates a new key

2. swipes the funds to it

3. archives your vulnerable key

This way the vulnerable key is not deleted, but merely archived. This is nice as someone may still send funds to your old keys. If you select an archived key and go into the balance view you will monitor this single key, just as if you were in segregated mode.

We are still testing the migration wizard, stay tuned...

The thing is that whenever you make a signature, a random component is part of the signature calculation. If you generate two signatures with the same key and random component (the stuff you sign is obviously different), then you reveal enough information for an attacker to calculate the key. So, there is apparently a non-trivial probability that signatures generated by Android apps have used the same random component for the same key.

EDIT: elebit beat me to it ;-)

Rassah is right. However, there will shortly be a new version out that generates safe keys. Stay tuned...

Since BitcoinSpinner cannot handle more than one key at a time upgrade path for BitcoinSpinner is either:

1. Send funds elsewhere
2. Uninstall
3. Install new BitcoinSpinner version (once it gets published)

or

1. Install Mycelium wallet
2. Send funds to it.
3. Uninstall BitcoinSpinner

Andreas and I were about to ad the final touches to declare Mycelium as a 1.0 when this turned up last Friday. There are over 800 Mycelium wallet users, and it has been throughly battle tested over the summer. It is my impression that the Mycelium wallet is as safe to use as BitcoinSpinner, which also happens to be in beta.

A security vulnerability has been discovered that affects key generation on all Android wallets: Blockchain.info, Android Bitcoin Wallet, BitcoinSpinner, and Mycelium Bitcoin Wallet
Please read this thread for details: https://bitcointalk.org/index.php?topic=271831.0

We are working hard to send out a new build which allows you to:
1. Generate new keys for vulnerable keys
2. Send all funds to the newly generated key
3. Archive the vulnerable key in such a way that you can still access it.

We have been working on this since Friday and will get a new version as soon as possible while doing everything we can to ensure stability.

I suggest you find yourself some more computer / Internet time.