airgap-it / airgap-vault

The AirGap Vault is installed on a spare smartphone that has no connection to any network, thus it is air gapped. This app handles the private key.
MIT License
386 stars 109 forks source link

Release page does not list install requirements #58

Closed yeru83 closed 8 months ago

yeru83 commented 3 years ago

Special thanks to Alessandro for his great help via Telegram.

First my question is - shouldn't there be some specific OS/build version ranges listed for each release?

(1) I've been breaking my head for days trying to install any version at all of Vault over OTG to an Android 6.0 build FlymeOS 6.7.8.8, and then build FlymeOS 7.8.8.31.

Every release I tried installed, but then would not run. Object.entries is not a function.

(2) Then I've gone and updated the WebView to a 59 version, and then a 90 version.

Sidenote: As my main device has always been on iOS and I'm just flailing around with Android for the first time on a friend's "old phone," it's wacky to me that a user has to "know" to go and download specific OS components, which should have been included in the build, but weren't.

Again, even with the new WebViews, there's the same error. I've tried Vault 1.6.0, 3.7.0, 3.6.2, now trying 2.7.1 as I type.

2.7.1 installs, opens, shows the Vault + aeternity logo, and then shows:

Unexpected token =
SyntaxError: Unexpected token =

webpackJsonp is not defined
ReferenceError: webpackJsonp is not defined at file:///android_asset/www/build/main.js.1:1

(3) I realize this Flyme thingy might be an edge case. Maybe users could submit their failed installs into a wiki. Or maybe the requirements could be listed for each release, whether iOS, Android, etc.

https://github.com/airgap-it/airgap-vault/releases

AndreasGassmann commented 3 years ago

After updating the webview to version 90, does the error screen actually reflect the updated webview version? The screenshot you sent in telegram (which I think you sent after you created this post) still shows webview version 44.0.xxx. Was that screenshot taken before you updated the webview?

vault-error

Some Android distributions/versions seem to have a "system webview" and third party webviews. If that is the case, then it should be possible to switch them somewhere in the settings.

Because of the vast amount of android distributions and different "environments", it is impossible for us to create such a list without community help. We have recently started building a "documentation" page for AirGap that contains Guides, FAQs and more. We were planning to add a guide on how to update the Webview (along with instructions on how to set it up on an offline device), but haven't gotten around to it yet. We can also create a list of distributions and versions that we know are working or not working (with community help). This is the new page, it's still not completely finished yet and contains some empty pages: https://support.airgap.it. We appreciate any feedback and contributions.

The source files for the documentation are located here: https://github.com/airgap-it/airgap-docs

yeru83 commented 3 years ago

After updating the webview to version 90, does the error screen actually reflect the updated webview version?

Right, I did notice that the webview did not change -- according to the error report -- even though webview was changed in the device prior to that run attempt and error report.

I definitely took that error report and screenshot AFTER updating webview.

In settings > about phone there's no mention of webview. I've since downgraded the OS back to build number "Flyme 6.7.8.8G beta" just to try that OS again with the WebView 90, and still none of the installs will properly run.

Yes, I'll be happy to contribute to the airgap docs.

AndreasGassmann commented 3 years ago

After a quick google search I found these 2 sites, maybe they will help you to track down the error: https://forum.xda-developers.com/t/how-to-change-android-webview.3944297/ and https://github.com/Magisk-Modules-Repo/bromitewebview

Regarding the airgap-docs, feel free to create a PR if you know how, otherwise you can also open an issue so we can plan something.

yeru83 commented 3 years ago

Thanks! I'll check into those. If not, what would I be looking for if I go buy another android, to avoid these problems? Would an old iPhone be more/less secure in running Vault, compared to Android?

As for the airgap-docs page - I'll check into PR creation, and otherwise open an issue.

On the Meizu android, I downloaded an app "full system info 2.6" apk from "it geeks" and it showed me that webview is in fact v.90.

I installed Vault 3.7.0 again, and ran it, and got the exact same error, reading "44.0.2403.146."

I have screenshots.

yeru83 commented 3 years ago

the comments seem to suggest that magisk is a root procedure - which is not what we want to do to maintain security.

Another comment mentions TiBU but a web search reveals: https://forums.androidcentral.com/verizon-galaxy-nexus-rooting-roms-hacks/192528-how-tibu-easy-way.html

But I'm not sure if Galaxy info would pertain to a Meizu.

This is why I use Apple. None of this nonsense. But yeah, it's a closed system, which has its drawbacks, but still.

yeru83 commented 3 years ago

TiBU = Titanium Backup. "Root needed." That doesn't make sense, as it removes all the security the phone has. Am I right?

After all these wacky OS problems with Android OS, I have a hard time believing that an Android has a better secure element than an iPhone; but maybe I'm not seeing all the info.

https://play.google.com/store/apps/details?id=com.keramidas.TitaniumBackup

yeru83 commented 3 years ago

IMG_7436

IMG_7437

IMG_7438

IMG_7439

IMG_7440

AndreasGassmann commented 3 years ago

"Root needed." That doesn't make sense, as it removes all the security the phone has. Am I right?

Yes. In fact, AirGap Vault will not run if your device is rooted (there will be an error message).

As an iOS user myself, I have never heard of "Flyme" or "Meizu". Can't you just install a regular, plain Android installation with Play Store?

[...] what would I be looking for if I go buy another android, to avoid these problems? Would an old iPhone be more/less secure in running Vault, compared to Android?

I can't give you any direct recommendations, but we have a couple "Galaxy" test phones and they all work fine. We also tested one of the newer budget Nokia phones, which also worked.

Regarding iOS vs Android, this is really a personal choice. I personally would choose an iPhone if I have the option, it's just more familiar to me. But the handling on Android (once everything is set up) is easier because you can use SD Cards to update the app, whereas on iOS you have to wipe the phone and start over to do it securely.

yeru83 commented 3 years ago

Meizu does not allow any other install, other than their own Flyme Android OS. Unless I've missed something.

So they're using Android to attempt make a closed system.

I'll look for a low end Galaxy or Nokia as long as it does Android 6.0 minimum.

yeru83 commented 3 years ago

I bought a 2nd hand brand new X50 phone that runs Android 10. It was not messed with or rooted.

Trying to install any Vault 3.x gave a parse error (unable to parse package)

Vault 2.7.1 installed but would not run.

Green and Mycelium installed ok and run.

image

image

yeru83 commented 3 years ago

Parse error:

image

AndreasGassmann commented 3 years ago

Are you sure that phone is running Android 10? The error message indicates that it is running Android 4.4.2, which would also explain the very low WebView version of 30.0.0.

Can you make sure that you update both the WebView (as mentioned above), and also install the last version of the Chrome browser? And could you also post a picture of the settings screen that shows you that it's running Android 10?

yeru83 commented 3 years ago

Vanilla android is not available on the Play Store, for install on just any Android device. I see forums on the internet like XDA forums and it's a super complicated endeavor to do that, and it involves sw tools and ROM that roots the device, and even then it might brick the device.

Apparently the android world is full of craziness and incompatibilities between so many hardware mfg and little OS sw standards...

On May 6, 2021, at 2:24 PM, AndreasGassmann @.***> wrote:

"Root needed." That doesn't make sense, as it removes all the security the phone has. Am I right?

Yes. In fact, AirGap Vault will not run if your device is rooted (there will be an error message).

As an iOS user myself, I have never heard of "Flyme" or "Meizu". Can't you just install a regular, plain Android installation with Play Store?

[...] what would I be looking for if I go buy another android, to avoid these problems? Would an old iPhone be more/less secure in running Vault, compared to Android?

I can't give you any direct recommendations, but we have a couple "Galaxy" test phones and they all work fine. We also tested one of the newer budget Nokia phones, which also worked.

Regarding iOS vs Android, this is really a personal choice. I personally would choose an iPhone if I have the option, it's just more familiar to me. But the handling on Android (once everything is set up) is easier because you can use SD Cards to update the app, whereas on iOS you have to wipe the phone and start over to do it securely.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/airgap-it/airgap-vault/issues/58#issuecomment-833446963, or unsubscribe https://github.com/notifications/unsubscribe-auth/ATFLNTKKB3CB6BQKAGRAVHLTMJ36HANCNFSM44D7DF4Q.

AndreasGassmann commented 3 years ago

I have to agree with you that the Android landscape is very confusing compared to the iPhone world. But I have to say that I'm surprised you had so many issues with 2 separate phones. If I recall correctly, there was not a single phone (unless unable to install Android 5) where we weren't even able to get the app running. In 99% of the cases the solution is to update the WebView. The others were usually resolved after resetting the device. We also have a couple older phones that we use for testing and never had any issues.

Let's create a list for this so users can contribute. I have something like this in mind:

Mobile Phone Model Android Version Works Issue
Samsung Galaxy S8+ SM-G955FD 9 Yes
Samsung Galaxy A5 (2016) SM-A510F 7.0 (latest) Yes
Meizu (?) ? FlymeOS 7.8.8.31 No https://github.com/airgap-it/airgap-vault/issues/58
X50 (?) ? 10 No https://github.com/airgap-it/airgap-vault/issues/58

How does that look?

yeru83 commented 3 years ago

So for iphone it's not secure to download the Airgap updates from the App Store?

At some point I could check into updating the Meizu chrome browser to see if that does it.

Yay - I got rid of the X50 and bought a Galaxy A11 which installs and runs for Vault 3.7! Still need to connect it to the Wallet on the iPhone.

The chart looks good, seems like a fine layout. There can also be a space for update steps; to show the user that for iphone the secure method to install and update Vault is Wipe phone, Import new app into iTunes, etc, and what steps (if any) would do for the Meizu M5s for example. Steps could either be there in the chart (if concise enough) or your link to a issues page is probably also good since it shows the thought processes in checking the problem for that phone model.

AndreasGassmann commented 3 years ago

My idea would be to include the steps to make it work in a separate issue to not overload the table. If in the end it's usually solved by simple things like updating the WebView, we can consider adding it to the table as well.

So for iphone it's not secure to download the Airgap updates from the App Store?

Well, the fact that you have to connect the phone to the network to do that is the problem. An air-gapped / offline device should NEVER be connected to any network again. Sadly, for iPhones this means that there is no way to install updates (eg. you cannot load the update onto an SD card like you can on android). So, to securely update, you will have to wipe the phone and start from scratch, because wiping the phone will erase all the data.

One thing to note here. Apart from KSM and DOT, which seem to be having frequent breaking changes, you usually don't have to update your Vault when a new version is released, unless you want access to the new features. We always try to make as few breaking changes as possible in the communication protocol between Vault and Wallet.

yeru83 commented 3 years ago

Good to note that updates mostly don't break the connections between your apps.

Sounds good to have really short fixes in the chart, but anything longer simply links over to an issue page. I like the chart idea.

I won't have a Mac to check near me for awhile since I'm traveling - but I seem to remember updating apps by downloading the updates into the iTunes app on the desktop, and then syncing the updates with a Lightning cable to the phone. However Apple may have killed that method with one of their recent iTunes updates.

AndreasGassmann commented 3 years ago

We created a page now where we track compatibility of the Vault on different phones: https://support.airgap.it/airgap-vault/supported-devices/

yeru83 commented 3 years ago

That's really great. I'll be sure to take a look

Sent from my iPhone

On Jun 23, 2021, at 5:22 PM, AndreasGassmann @.***> wrote:

 We created a page now where we track compatibility of the Vault on different phones: https://support.airgap.it/airgap-vault/supported-devices/

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or unsubscribe.

babhong commented 2 years ago

Hi, I have a Samsung Galaxy S4, and AirGap Vault doesn't seem to work on it. I have updated both Android System Webview. Have updated Chrome as well. The phone is running stock OS. When I open AirGap Vault, it just gets stuck on the loading screen, with the white background and the AirGap logo. When I I leave the app and the screen goes dark, though — when I come back and wake the phone, I can briefly see the setup screen that I'm supposed to see — but it's very brief, and then the loading screen comes back, and I'm stuck there again.

debeldami commented 8 months ago

we now have a page that showa the requirement for AirGap.