Question 1:
In what way did it not work out? You couldn't install the vault app? You couldn't create a new wallet? You couldn't move transactions between the vault and Electrum?

Question 2 & 3:
If you are only interested in bitcoin, and are going to be using Electrum on your laptop, then why not just use Electrum on your airgapped phone as well?

Question 4:
My issue which such a set up has always been that I don't trust the phone, because there is too much hardware and software in there (mostly closed source) and I don't know what it is all doing. Is it properly encrypted at rest? Does turning on flight mode really airgap the phone? Can it still send or receive data via WiFi, 3G/4G/5G, radio waves, Bluetooth, NFC, etc? Is there something on there which might affect the random number generation?

Indeed, I should have been explaining better, but the test was a bit odd... But it was meant to be a test
Here it is, as I remember it now:

I've generated a 12-word seed with IanColeman's to make it sure it's not an "electrum" seed.
I've imported it to Electrum, used it for testnet.
I've made one more watch only wallet (also on testnet) with the public key from previous step. This is meant to be the live wallet in my tests. I've sent some testnet coins there.
I've imported the 12 words seed into AirGap Vault.
In the live wallet made a transaction, shown the QR code and tried to get it with AirGap Vault to sign it. It has read the QR, but it said it's unrecognized data, hence I couldn't sign the tx.


Believe it or not, I didn't use Electrum on Android at all since (from what I've read) it doesn't support hardware wallet.
So (stupid me!) I didn't think at all on Electrum as solution. I'll give it a try later today. Thank you for the idea!


It's meant to be an old phone with no SIM,. So the only network may be the WiFi. I can make a temporary WiFi by Tethering from the in-use phone and never again use that SSID (it can be GUID). Bluetooth is turned off. NFC.. hm.. iirc it can be turned off.
Still, I understand your logic, and I will give it one more thought. The point was for a replacement for a Nano S at the moment it will no longer work, maybe until a new one is bought.
Of course it depends on how much funds one handles vs the expected risks.


Yep, this may be the actual technical description of my problem. Thanks for that.

---

I'll try with Electrum for Android, maybe the solution was easier than first expected.

You can use any wallet that is supported by your android phone, if you remove sim card and disable any wi-fi, bluetooth and internet connection.
Problem I have is that older phones stops supporting most of the apps, so you can't really install anything on them if they are few years old.
In my case I could only install Mycelium wallet on Android v4 or v5 for testing purposes.

Emulator would probably work installed on offline computer, camera QR would work just fine if you have it on your computer/laptop (tested and works).
Problem is that most of this android emulators are closed source and full of junk, but more wallets will probably be supported than with ancient Android phones.

I wouldn't use smartphones as cold storage for various reasons, having regular offline computer/laptop with software wallet installed on Linux OS is much better option.

Indeed, I was worrying for nothing, it was much easier than I've expected. The AirGap Vault direction was counterproductive for me.
Indeed, it works with Electrum.
(And indeed, installing from SD sounds even better than setting up any WiFi.)

I had some small problem - I didn't find a way to made the Android Electrum on testnet -, but after finding out the right derivation path (m/44'/1'/0'), the Android didn't care it shows mainnet addresses, it signed the testnet tx gracefully.


Thank you all.

This is true, but it is also true of any hardware wallet or any airgapped cold storage device, which could one day just refuse to turn on. As long as you have your seed phrase backed up then it's a minor inconvenience at most.

Electrum for Android does not have the permissions to either turn on or off your WiFi or to turn on or off flight mode. If you are happy that flight mode is sufficient for your needs, then the biggest risk is going to be from you accidentally turning it off. The next steps would be to operate the phone inside a Faraday cage or open it up and physically identify and remove the connectivity modules.

Well, this use case is meant for those who do know what they're doing and it's certainly not the best approach for safeguarding big funds. There's proper cold storage for that.
This was meant as an use case for some who really know what they're doing and it's meant as something relatively safe and much more convenient than a cold storage, probably for a short time, until a hardware wallet replacement is bought/delivered.

I expect such an user acknowledge that some risks may be involved. But let's not exaggerate them.
For example, after discussing that best is to never add an WiFi SSID at all, after implying that the device will never again have a SIM inserted and will also stay in Flight Mode, (also Bluetooth and NFC stopped), I think that your use case has very low chance to happen.
Of course that the fact the device is probably not encrypted is a risk. Of course that the data transfer (meaning tx) should not be done via USB or SD.
And of course that if one decides to do other tests that involve SIM or network/connectivity changes, he should first move away all his funds to a new wallet with a new seed.

I understand that you are just testing this, but I still don't think it can be called an airgapped cold storage solution. There must be a distinction between a setup that doesn't have the required hardware to establish a network connection and a device that has but only has it turned off by enabling flight mode. Your airgapped system becomes a hot wallet by sliding your finger down the screen, disabling flight mode, or enabling WIFI. It's not enough for an attack, but the prerequisites for one are there. Nevertheless, it's an interesting concept to think about.   

You're partly right. The only phone I would have for this (if my HW would break today) would have (drums) Android 4.4.4. And I would have to see if I can flash an Android 5+ on it (which may or may not work).
But I expect many have older phones with Android 5+ on them gathering dust (while I keep my phones for 3+ years and then I give them to relatives for further use, I expect most keep them for 2 years then keep them in a drawer). And Google Play store shows that Electrum needs Android 5+. And that's old.
And you just don't need anything else on that phone, Electrum has its own scanner too.


Tails OS or similar USB sticks is seen as a good option for simple and effective cold storage. Still, if one forgets the network cable plugged in to the laptop, he may have surprises.
Or if you have a properly airgapped Windows laptop with cold storage and somebody else from your family plugs the network cable in,... same story.
I mean that there are always this kind of risks. In most cases for home brew cold storage the prerequisites are there.

If one cannot manage them I clearly recommend a proper hardware wallet.


As about the concept, I've been checking one of the topics with many "hardware wallets" (and similar devices). And I stumbled over this AirGap software and I thought "why not?". Just while for the cold wallet (or call it as you want) I know I have to be somewhat flexible, I do want to be able to pick the "client side", whether it's Electrum, Sparrow or something else. And my conclusion is that (for Bitcoin) Electrum+Electrum is better than AirGap solution, although it's not presented in that list.

But you're right, this was only a test. A proof of concept. For daily use - although this concept is fairly easy - I still recommend a proper hardware wallet, especially for newbies.

It's definitely big concern if you use Windows as airgapped storage. But with Tails, there are less concerns since,
1. You usually need to manually choose boot to Tails.
2. Tails doesn't connect to Tor network automatically.
3. Tails is designed with security and privacy in mind, so it's unlikely your Tails compromised when you connect it to network/LAN cable.

On the scale of things to be paranoid about, I think I'd be more worried about e.g. a compromised GPU BIOS on my computer running with full privileges than an old reformatted Android phone. For all their faults, there is a decent security model on those phones as opposed to the 40-year-old dumpster fire that is a PC.