Use your other phone as a Monero hardware wallet.
Sidekick is a new companion app that you can install on a secondary phone to authorize access to your Monero wallets in Monerujo. That way, as long as you keep that phone offline, it works as a do-it-yourself Bluetooth-powered hardware wallet.
You're one search away from finding hardware wallets. Borderline affordable and enticingly specific, they do one thing and they do it well: keeping your private keys away from the device that is connected to the wild internet, and therefore keeping a slew of hackers eager to steal your coins at bay. Looks like another problem easily solved by buying stuff, but…
Which means that they are as secure as the companies behind them say they are. With the excuse of security, you're taking their word for granted. The whole point of crypto was to reduce trust, introducing it back isn't very appealing.
Every person has his or her own concern threshold but with prices ranging from $60 to $200, hardware wallets don't make a lot of economic sense unless you have the equivalent to thousands of dollars worth of crypto saved. But remember that fortunes are relative: having $400 in crypto could be a very important savings amount for the vast majority of people out there in the world. Sad but true. It'd be great if we can provide a greater level of security to everybody, regardless of their purchasing power.
Many times, countries with low purchasing power have shitty postal systems and abusive customs regulations. That may very well make an imported hardware device 100% more expensive. It also signals you as a potential wealthy citizen in a jurisdiction that clearly is not friendly towards (at least) economic freedom.
You're telling the company you buy it from that you're a crypto holder, and likely not a poor one. You're telling the reseller. If you used a credit card you're telling the bank. You're telling the post office and your government. That's lots of people involved and lots of databases waiting to be leaked. It has happened and will continue to happen. Before you even think you don't pass for a crypto whale, think about how it looks from the outside: you had enough crypto years ago to justify purchasing a hardware wallet. An attacker wouldn't know (or believe) you spent it all during the last bear market in a rush of fear.
What if we could address those problems? Sidekick is a new app developed by the handsome people behind Monerujo, your trusted Monero wallet since 2017. It should be installed on a secondary phone and works as a companion to your normal main phone wallet, connecting to it via Bluetooth. As long as you keep the Sidekick phone disconnected from the internet, it should be almost as safe as any other Bluetooth hardware wallet. The reason for that "almost" caveat is that it's up to you to keep it offline or not.
For the time being, it should be absolutely considered alpha but we welcome as many users testing it, playing with it, and finding things to improve. With that out of the way, give it a try! Just DO NOT USE IT WITH YOUR PRECIOUS FORTUNE YET, at least until we get more eyes on it.
You can get it from our Github or alpha F-Droid repository.
The first time you use it, you'll probably need to pair both phones over Bluetooth, just like you would do with a speaker or a set of headphones. In the future, they should pair automatically when they're both turned on and near enough.
This is needed if you have never used Sidekick before, otherwise skip this step. This new wallet does not need to be really new, you can restore any Monero wallet if you want. Sidekick will store this wallet's private key inside Android's secure storage, encrypted with the CrAzYpass. As always, please write down your seed and restore height.
Keep in mind that every wallet inside Sidekick is a different virtual hardware wallet, which means that opening each wallet is like plugging in a different device. Let that sink in: every wallet that you create in Sidekick works like a different Ledger or Trezor that you can connect to. You can have many free hardware wallets with one phone!
Open Monerujo on your hot phone (the one connected to the internet) and press on the Sidekick icon in the top right corner.
You should see your other phone in there ready to be linked. Select your Sidekick phone from the list. When they're connected, they show up on each other's screen with the same 4 numbers.
If you click on the + button at the bottom right, there should be only one option available: Restore from Sidekick. Enter a name for your wallet here, I would suggest you use the same name you used in Sidekick, so you don't get things mixed up, but you can use whatever you want. Notice that you won't and can't see the wallet's seed here. That was the whole point, the sensitive information never leaves the air-gapped Sidekick, so on the Monerujo phone the wallet is pretty dumb. That's it, you should see your newly created wallet on the main screen.
You could say that now you have two halves of the wallet on the phones: one half holds the keys to the castle, and the other is ready to get battle-tested.
From now on, every time you want to use that wallet, you'll need to do this steps:
When you use the wallet, it'll automatically start scanning the blockchain for your transactions. But you'll need to authorize spending from the wallet on Sidekick, since keys are not stored on Monerujo's side. That was the whole point! br>
There's no catch. It's just a cool idea. It's not perfect either, there are tradeoffs just like everything in life: having kids may give you warm hugs and the relief of perpetuating your DNA at the expense of heaps of deprived sleep and financial hurdles.
Unless you can physically sever the antennas or something like that, you're trusting Android to really turn both mobile and wifi data when you ask it to. If that were the case, it should still be pretty safe, wallet files are very strongly encrypted.
But even if Sidekick can be considered less secure against a very, very sophisticated attack, it's more secure against much simpler attacks. I'm talking about targeted, physical attacks. You can thank privacy for that. Which brings me to…
The Sidekick concept uses a commodity device that can be bought pretty much anywhere on earth, so it's inconspicuous (nobody knows what you have a phone for).
Unless you can stop people from having phones, you can't stop people from using Sidekick. And it's very difficult to keep people from having phones.
If you already have an old phone laying around somewhere it's basically free, but even if you had to purchase a second phone, you could buy a used and old-ish model for very little money.
Bluetooth is a wireless connection that could be tapped into, that is true. But it's encrypted and even if you break that, there's really no dangerous information being transmitted. An advantage of our approach is that since even an old phone is not that limited in memory, it can sign transactions and do all the crypto witchcraft in the Sidekick device. It doesn't need to share them with the hot device at all.
Even the crappiest phones are Ferraris compared to most hardware wallets' specs. With Sidekick you probably get a big touchscreen that you can interact comfortably with, plus a lot of room to visually check important information like destination addresses. You don't need a master's degree in tiny buttons fingering, nor scroll through endless arrays of characters as if you were a stock trader from the 80s.
You don't have to trust us. Sidekick's code can be audited by anyone, specially smarter people so we can discover and fix any potential problems. Sidekick itself is meant to be open. It can work with any Monero wallet that wants to implement it. You're not forced to use Monerujo to enjoy Sidekick.
We're repurposing gadgets that you may have lying around in a drawer somewhere, no need to melt extra dinosaurs or dig up more bloody rare metals for this one.
Not much else, enjoy it. Share it with friends, look sick af using it. Embrace the trip of seeing all the blinking lights when Sidekick is doing its thing.
Sidekick development was funded by amazingly generous anonymous people, in true cypherpunk style you know who you are but we don't. If you find it useful consider sending some XMR to our donations wallet, you grateful bastard. Use Sidekick to do so, for extra h4x0r points:
4AdkPJoxn7JCvAby9szgnt93MSEwdnxdhaASxbTBm6x5dCwmsDep2UYN4FhStDn5i11nsJbpU7oj59ahg8gXb1Mg3viqCuk
OpenAlias: monerujo.io
PD: If you want to watch Sidekick being presented by the cool guy behind it, check out this MoneroKon talk by @m2049r!