Dual-layer encryption
Wallet data is encrypted with AES-256-GCM using a key derived from your password (PBKDF2, 210,000 iterations), then wrapped again by the hardware-backed Android Keystore.
Security
MetroVault doesn’t just avoid the network — it asks Android to deny it one. Everything else is defense in depth.
<!-- AndroidManifest.xml — the complete permission list -->
<uses-permission android:name="android.permission.CAMERA" />
<uses-permission android:name="android.permission.USE_BIOMETRIC" />android.permission.INTERNET, the operating system itself refuses the app any network access. It isn’t a setting you trust — it’s structural.Wallet data is encrypted with AES-256-GCM using a key derived from your password (PBKDF2, 210,000 iterations), then wrapped again by the hardware-backed Android Keystore.
Optional fingerprint or face unlock using BIOMETRIC_STRONG, cryptographically bound to the Keystore — not a cosmetic lock screen.
Set a second password that opens a separate decoy vault. Under duress, you can unlock the app without revealing your real wallets.
Failed logins trigger exponential backoff rate limiting, escalating to a 24-hour lockout. Guessing passwords gets expensive fast.
Turn on Wipe Data on Failed Login and the vault destroys all sensitive data after 4 wrong passwords.
GPL-3.0 code, reproducible F-Droid builds verified byte-for-byte against the source, and a fully documented security model.
Honest comparison
Dedicated signers are excellent devices, and this table is fair to them. MetroVault exists because a spare phone gets you real cold storage today — for free.
| MetroVault on a spare phone | Dedicated hardware signer | |
|---|---|---|
| Price | $0 — reuse a phone you already own | $70–$250 for a new device |
| Verification screen | Full-size touchscreen — read every address and output comfortably | Often a small display with abbreviated details |
| Supply chain | Any phone, from any shop, bought any way — nothing links the purchase to bitcoin | Shipped to your address; the purchase itself says you own bitcoin |
| Secure element | Android Keystore (StrongBox/TEE on supported phones) under a general-purpose OS | Dedicated secure element with a tiny attack surface — the category’s core strength |
| Source code | Fully open, GPL-3.0, reproducible builds on F-Droid | Varies — some fully open, some partially or fully closed |
If you already own a dedicated signer you trust, keep using it. MetroVault shines as a zero-cost entry into self-custody, a backup signer, or one independent key in a multi-sig quorum alongside other hardware.