Mycelium Bitcoin Wallet

[Jan]

thanks for the reminder to fix landscape mode. this needs some love.

While you are at it—…

Users can increase their security by using a separate phone with a minimized set of apps and minimized communications (no SIM card, Wi-Fi mostly off, etc.). Often they will use an old phone for this purpose that would otherwise gather dust.

If this is so, please try to make and keep Mycelium usable on such phones. The most obvious problem areas are:

• Weak hardware
• Older versions of Android
• Small screens

I am worrying particularly about those small screens. I have not actually tested Mycelium under such conditions and have no clue whether it already fulfills these wishes. If so, it may be a good idea to keep it that way during future development.

Of course, another interesting direction is to use a separate phone with very minimal communications, maybe only through QC codes, only for transaction signing. That might fulfill quite high security demands. I think this has been discussed a long time ago already. I'm only trying to refresh memories.

By the way, I think Mycelium has already gotten better and better. I really like it.

Thanks.
I am always testing Mycelium on my old 2.2 devices. Someone (can't remember who) reported that it worked nicely on a brand new cheap low-res 40$ phone (can't remember the brand)... can't remember much these days it seems ;-)
Please have in mind that the device should have at least 24 MB memory to do BIP38 and encrypted PDF export/import, which is mandated by the scrypt parameters chosen.

Those cheap phones are ideal to use as a dedicated device, only running one app with the sole purpose of sending coins with cold storage spending. Personally I now use a Samsung GT-S5300, prior to that a Samsung GT-I5700 with cyanogen mod and no SIM.

[Jan]

...
By the way, I think Mycelium has already gotten better and better. I really like it.

I fully agree. Mycelium is getting better every time, the developers really THINK and make CONCEPTS and REALIZE them. Awesome!

And a possibility to store keys in a 100% offline fashion (on a 100% offline smartphone) would be great - I proposed this here some time ago:
"https://bitcointalk.org/index.php?topic=210261.0", which is exactly what you are suggesting here, I think.

I think and hope that the Mycelium app would be eligible for this in future versions. It has all the key management and backup features already built-in. What would be needed is to run Mycelium, optionally, in an "offline mode" (or make a new app that inherits Mycelium's today's key management functions) that has extra features like offline transaction signing. Communication (i.e. transfer of the (un)signed transaction strings) between the offline and online device should be done via QR codes (or animated QR codes for transfer of longer strings).
The offline device should also have built-in functionality of supervising offline status etc. and show enough nag screens etc. to "force" the user to operate his/her offline phone in a paranoidly secure way, and it should make sure that the device is (and was) offline all the time..., and e.g. should not start up at all if a SIM card is inserted or WiFi is enabled...

My vision is that, in some not so distant future, everyone (not only the tech-savvy) can use a really really secure solution for OFFLINE wallet handling with apps having an easy to understand and self-explanatory GUI that guides the user all the way and avoids that (s)he makes any mistakes. An Android phone is the optimum platform for obvious reasons: Cheaper then a PC or Netbook, smaller (does not take space), and many outdated phones are anyway idling around today although they would be perfectly suitable for use as offline wallets. So the hurdle for using this is much lower than for somebody who first has to buy an EeePC or Raspberry PI or Trezor device.

Michael_S, I am fully with you. I have been thinking about how to do a totally offline app for a long time.. So many ideas, so little time :-)
The problem with using QR codes or even animated QR codes doesn't really work. To be 100% certain that you are not signing something wrong you need to transfer not only the unspent outputs to sign, but all the "supporting" transactions. By that I mean the entire transaction that every unspent output is part of.  This could easily be 100kb of data.

If you use Mycelium as it is, on a dedicated device with an open source OS with nothing else installed except a firewall that blocks anything but Mycelium, no SIM, only wifi. On top of that, only use cold-storage spending and keep the device in a safe along with your paper wallets... then I'd say you are pretty secure. Plus it is affordable, easy to set up, and easy to use.

[(A)social]

Do you think CyanogenMod is trustworthy? Because I think too that is a good idea to keep a dedicated device to Bitcoin apps.
I have a second Galaxy S that I'd like to use just for this (maybe buy a cheaper smartphone later), and I'd like to install CyanogenMod mod on it.

[frente]

So, now there is no way to see the private key in Mycellium? Although that might be good for security - it prevents using the same backup method used for non-mycellium generated keys.

How can I see the private key from the backup? Do I have to download some Mycellium code from GitHub and compile it on my offline computer?

[hgmichna]

So, now there is no way to see the private key in Mycellium? Although that might be good for security - it prevents using the same backup method used for non-mycellium generated keys.

How can I see the private key from the backup? Do I have to download some Mycellium code from GitHub and compile it on my offline computer?

There is still the private key export function in the menu of the keys view. Thus exported keys are not encrypted. There is also the reverse function, key import, activated by the new key icon.

[frente]

Thank you - this is great!

[apetersson]

There is still the private key export function in the menu of the keys view. Thus exported keys are not encrypted. There is also the reverse function, key import, activated by the new key icon.

if you like to view the private key directly (without the 2-factor pdf) one of the best ways to secure the key is to take a photo with a old-fashioned (digital) camera and print it.

if you like analog, you need to develop it yourself though

[frente]

Cool. BTW, when you go to "Export", the QR code of the key is shown, but not the private key itself (text). I don't see why. I can use the QR code or copy key to the clipboard, but I cannot copy the key by hand directly from this screen.

[apetersson]

Cool. BTW, when you go to "Export", the QR code of the key is shown, but not the private key itself (text). I don't see why. I can use the QR code or copy key to the clipboard, but I cannot copy the key by hand directly from this screen.

valid point. clipboard is more insecure than display (which is protected from rogue screenshots). it makes some sense to add this.

[apetersson]

v1.1.4  has been released to the beta channel (100%) and is in rolling update mode for the rest.

since 1.0 we have added:
Bip38 support
translations to Deutsch, English, Español, Italiano, Nederlands, Português,Pyccкий,简体字
default unit mBtc
support for BTC China

the latest update reintroduced graceful out of memory checking for exports/bip38 keys that was broken in 1.1.0. basically, devices with less than 20 megs of ram will be unable to do the encrypted export. those users are encouraged to enable expert mode and export single, unencrypted keys.

if you notice anything worth improving, don't hesitate to ask.

We also have a brand-new Dutch translation thanks to Martijn Wismeijer!
please take a look at it.

[Rassah]

Any progress, or at least plans, for BIP32 yet?

Had an idea. Since Mycelium let's you store only the public key, and receive to the public key, it makes a good alternative to a Bitcoin point-of-sale system. Only thing missing, or that would at least be helpful, is basic calculator functions in the receive amount section.

Finally, bit of wishful thinking, I would love to be able to add notes to my transactions, so I can remember what it was that I paid that 0.02476436 bitcoin for. This would also be useful if there was a comment box in the Receive section, so merchants and bartenders/waiters can enter a note of what was being paid for in a transaction. Like BitPay allows you to enter a receipt note along with amount. This could just be stored on the phone in a file somewhere. Heck, store it as a comma delimited text file with transaction IDs, notes, and amounts, and you have a way to export "bank statements."

[Jan]

Any progress, or at least plans, for BIP32 yet?

Had an idea. Since Mycelium let's you store only the public key, and receive to the public key, it makes a good alternative to a Bitcoin point-of-sale system. Only thing missing, or that would at least be helpful, is basic calculator functions in the receive amount section.

Finally, bit of wishful thinking, I would love to be able to add notes to my transactions, so I can remember what it was that I paid that 0.02476436 bitcoin for. This would also be useful if there was a comment box in the Receive section, so merchants and bartenders/waiters can enter a note of what was being paid for in a transaction. Like BitPay allows you to enter a receipt note along with amount. This could just be stored on the phone in a file somewhere. Heck, store it as a comma delimited text file with transaction IDs, notes, and amounts, and you have a way to export "bank statements."

Hey Rassah, sorry for the late reply... half of our development team is down with the flu :-(
We do have BIP32 plans, but it is going to take quite some time to get it right. Implementing BIP32 effectively on a mobile device that doesn't download the block chain is by no means easy. Deriving the private keys from a seed is the easy part, tracking an in principle unlimited number of private keys while limiting bandwidth and server side resources is not.

Regarding using Mycelium as a POS device you are absolutely right. We have several reports of stores doing this already. The ability to request payment in 164 currencies is a great help. Several things would make it even better:
1. (as you suggest) adding merchant messages. The recipient should be able to add a message to the payment request (in the QR code), which gets persisted either on the phone, or maybe even server-side.
2. Add/modify my own messages on my transactions (if stored server-side they are preserved when you restore on another device)
3. Setting a discount percentage for payments in BTC (or markup for that matter) on top of the exchange rate.
...

There is so much to do, and so little time :-)

Right now we are working hard on a mind-blowing (revenue generating) feature which our investor does not want us to reveal until it is ready for production, which I expect to be around the beginning of february.

[Rassah]

Hey Rassah, sorry for the late reply... half of our development team is down with the flu :-(

Don't be getting any computer viruses into our android wallets  Use gloves while you type.

Right now we are working hard on a mind-blowing (revenue generating) feature which our investor does not want us to reveal until it is ready for production, which I expect to be around the beginning of february.

ETA for this? Would love to show it off at the next few conferences I'm going to (Miami, and maybe Texas)

[Jan]

Hey Rassah, sorry for the late reply... half of our development team is down with the flu :-(

Don't be getting any computer viruses into our android wallets  Use gloves while you type.

Right now we are working hard on a mind-blowing (revenue generating) feature which our investor does not want us to reveal until it is ready for production, which I expect to be around the beginning of february.

ETA for this? Would love to show it off at the next few conferences I'm going to (Miami, and maybe Texas)

We really hope for the beginning of February. If it is done by January 24'th I'll demo it myself in Miami (which I doubt, as we have the first internal prototype demo by January 15'th)

[Rassah]

We really hope for the beginning of February. If it is done by January 24'th I'll demo it myself in Miami (which I doubt, as we have the first internal prototype demo by January 15'th)

Wow, didn't know you'll be going all the way to Miami. Will be great to see you again (maybe you could do a private demo like you did in San Jose

[Jan]

We really hope for the beginning of February. If it is done by January 24'th I'll demo it myself in Miami (which I doubt, as we have the first internal prototype demo by January 15'th)

Wow, didn't know you'll be going all the way to Miami. Will be great to see you again (maybe you could do a private demo like you did in San Jose

I'll come if we are done by the 24'th, but it seems unlikely. I'd love to give an in person demo :-)

[zemario]

Tried this wallet, it is my favorite ATM.

I love how the key pairs can be manager manually instead of forcing the whole wallet metaphor to the user.

Kudos for thinking differently and even pushing some uncommon features.

[Technomage]

Mycelium is a brilliant wallet. Still hoping for the comeback of the pay-without-confirmation feature (as an advanced feature). That is the one feature that for me makes the difference compared to other payment methods, in terms of speed and convenience. Not that it's slow and inconvenient otherwise, it's not, but that's the cherry on the cake.

[Jan]

Mycelium is a brilliant wallet. Still hoping for the comeback of the pay-without-confirmation feature (as an advanced feature). That is the one feature that for me makes the difference compared to other payment methods, in terms of speed and convenience. Not that it's slow and inconvenient otherwise, it's not, but that's the cherry on the cake.

Hey, it is Christmas... and Andreas is more or less over his influenza. With a little luck he may get bored during the next week and just add it.
Seriously, we will add 'autopay' in an improved version. Right now, however, all our cycles are spent on an exciting (and big) feature which may get published around the beginning of February... Sorry, but that's all I am allowed to say 

[Technomage]

Looking forward to the new versions Merry Christmas to you guys.