Currently, migrating from one phone to another with only the 12 word backup comes at a loss of metadata and absent of some extra work even at the loss of accounts. In line with BIP44, Mycelium does not explore accounts, so users are left to (re)create them on the new device and same goes with the accounts covered by the masterseed in extension to BIP44, namely the coinapult accounts. Lastly, on top of that meta data, there are unrelated accounts that are not covered by the 12 words backup. The current "solution" of BIP38 encrypted keys is cumbersome and users can lose these backups or do them wrongly too easily. They are required to create a pdf, print it, write a key on it and never lose it.
If we trust our cryptography, we should be able to do better. In order to have no security degradation I propose to use the same primitives as in BIP38 but with a symmetric key derived from the masterseed to store the necessary encrypted data at a place of the user's choice (just like the legacy backup pdf) or propose to store it on our servers or other services (google drive, dropbox, ...).
Things to store:
address book
transaction labels
BIP70 payment requests
list of activated/archived account indices
account labels
unrelated xpriv accounts
unrelated single key accounts
state of Coinapult activation
(date of backup)
Workflow
Format
JSON
Backup
A user who never did this kind of backup should be presented a list of options of where to store backups.
Services that can then work without further user interaction after an initial setup should be "recommended"
Trigger the backup mechanism every time any of the backupable data changes.
If a service that can work automatically was selected, store backup.
Else, show missing backup warning.
Restore
When a user restores an account from his 12 words backup, ask him if he might have a backup.
Allow users to load backups from settings menu, in case they remember later.
Further thoughts
Users paying BIP70 invoices a lot might need to store more data than others and frequently.
We might want to speed backup up by splitting the backup into many smaller files.
Related issues
124 is about exporting things for use in Excel or do bookkeeping.
298 is about exporting/importing non-private key material in unencrypted form.
Currently, migrating from one phone to another with only the 12 word backup comes at a loss of metadata and absent of some extra work even at the loss of accounts. In line with BIP44, Mycelium does not explore accounts, so users are left to (re)create them on the new device and same goes with the accounts covered by the masterseed in extension to BIP44, namely the coinapult accounts. Lastly, on top of that meta data, there are unrelated accounts that are not covered by the 12 words backup. The current "solution" of BIP38 encrypted keys is cumbersome and users can lose these backups or do them wrongly too easily. They are required to create a pdf, print it, write a key on it and never lose it.
If we trust our cryptography, we should be able to do better. In order to have no security degradation I propose to use the same primitives as in BIP38 but with a symmetric key derived from the masterseed to store the necessary encrypted data at a place of the user's choice (just like the legacy backup pdf) or propose to store it on our servers or other services (google drive, dropbox, ...).
Things to store:
Workflow
Format
JSON
Backup
Restore
Further thoughts
Related issues
124 is about exporting things for use in Excel or do bookkeeping.
298 is about exporting/importing non-private key material in unencrypted form.