Site icon A Crypto Miner's Journey

Samourai Wallet — The Best Mobile Bitcoin Wallet Yet

Samourai is the Bitcoin mobile wallet I fell in love with immediately. It is still in development1I am running version 0.96.02 while writing this review yet it already has functionality that other wallet apps haven’t even dreamed of. Comparing Samourai to more popular wallets such as Electrum (Android) or Bread (Android, iOS) is nearly impossible: the only thing common among all three is that they enable you to send and received Bitcoins. Under the plain, elegant interface, Samourai gives you a combination of base functions and extra features that is nothing short of astounding.

The home screen of Samourai —simplicity & elegance

‘A Bitcoin Wallet for the Streets’

The developers of Samourai promise you ‘A modern bitcoin wallet hand forged to keep your transactions private, your identity masked, and your funds secure.’ They deliver on this promise by making the program uniquely developed in three aspects: security, transactional privacy and advanced spend control. Here is how this works.

High Security

Most mobile wallets allow you to limit access to the application with a PIN code. If you have a fingerprint-enabled phone, you can add a small layer of extra security by configuring your phone to ask for a fingerprint scan when launching the app. Samourai goes further than that when trying to protect your bitcoins. It still asks you for a 5-8 digit PIN but instead of the standard entry pad it shows you a special pad with shifting numbers positions each time so that screen recording spyware or a guy with a pair of binoculars cannot catch your keystrokes (and your greasy fingerprints can’t be used afterwards to guess the numbers).

Scrambled PIN pad

But the thing that blew my mind away was what Samourai is calling ‘stealth launcher’. This is a special mode in which the app will hide its icon from the app tray, desktop or task switcher. When you enable this mode, the only way to know that you have the app installed on your phone is by going to System Settings→Apps.

The developers have come out with a clever way to launch the app when there is no icon to tap on: you will be using the phone dialer instead. Samourai allows you to use either the PIN you have set up to unlock the app, or a different PIN that is used only for starting the application in stealth mode. You need to enter **YOUR_PIN# and press the dial button. How clever is that!

Transactional Privacy

Samourai uses different strategies to keep your Bitcoin payments private. For example, the app never reuses addresses and randomizes the number of change outputs to mask your spending habits. The developers state this wallet is the first one to support BIP 126, which further reduces leakage of personally identifiable information due to address reuse.

The app also comes with VPN and Tor support that gives you the ability to route transactions via anonymous IP addresses.

Advanced Spend Control

Bitcoin fees are a source of much contention in the community and are the single most likely reason for inexperienced users to complain. That is why most mobile wallet vendors take a cautious approach and try to determine the fee automatically so that the transaction clears quickly. Bread does not allow you to modify the fee, and Electrum is marginally better by asking if you want to create a RBF transaction or not.

Samourai gives you a choice between manually automatically payment fees. You can use either bitcoinfees.21.co or a bitcoin node run by Samourai devs to determined a low (within 6 blocks), normal (within 3 blocks) and priority (0-1 blocks) fee, or you can also enter a fee by hand. Figuring out how to enter a fee manually is a bit difficult — you need to tap on the current sat/b value. This is the single UI/UX issue I have found with the app.

Making Payments with Samourai Wallet

Ricochet

The Ricochet service is a unique optional feature baked into Samourai. Since Bitcoin is a public ledger, a merchant may track some UTXOs as ‘bad’ — for example if the coins at this address have been stolen or otherwise used inappropriately. Due to the nature of Bitcoin you may end up having coins coming from such flagged UTXOs, and your payment may be rejected through no fault of your own.

Ricochet helps you restore the fungibility of your bitcoins by extending the chain of UTXOs between you and the recipient. Since Bitcoin transactions usually generate multiple outputs that fork out and cascade at each payment iteration, tracking ‘bad’ UTXOs is resource-consuming and is usually limited to 4-5 transactions back.

Ricochet adds four additional ‘degrees of separation’ from potentially bad UTXOs by performing four extra transactions between your wallet and the recipient address. Should you choose to use this feature, bear in mind that Ricochet incurs an extra cost of 0.001 BTC per payment to cover the fees for the additional transactions.

Payment Codes

As if all of the above isn’t enough, Samourai allows you to use reusable payment codes instead of Bitcoin addresses as described in BIP47 by Justus Ranvier. This is another clever feature that enhances the privacy of both parties in a Bitcoin transaction. Reusable payment codes can be made public but each payment made based on a certain payment code will be routed to a different Bitcoin address. Nobody is able to scan the blockchain and see what payments you receive, and senders are equally well protected because they pay to brand new, never before seen addresses.

Samourai Wallet: Payment Codes

Note: Setting up payment channels requires you to spend some bitcoins, and it seems payment codes are not an universally accepted feature. This GitHub post explains why server-linked wallets such as Electrum should be fine but true SPV wallets like Breadwallet might choke on it. Also, an arguably better alternative (BIP75) is mentioned there. Do your research before you decide to use this feature.

Remote Control

If none of the features described so far has managed to impress you, then I am fairly certain this one will: Samourai allows you to command it remotely via SMS.

Samourai Wallet: SMS Remote Control

There are only a couple of commands you can issue: obtain your wallet seed remotely or wipe the whole wallet. If your device gets stolen and the thief inserts a different SIM card, the app will send you the associated phone number so that you can still perform the remote wipe. Awesome… just awesome.

Custom Settings

The Samourai wallet sends a clear message: this is not a toy; this is a sophisticated instrument. The app has a huge list of custom settings that change the way you can use it. Use a trusted node (like your very own Bitcoin full node) for improved security — check. Select among different services for exchange rate conversion — check. Choose a block explorer to view transactions in your browser — check. Extract ‘standard’ XPUB (PIB44) and SegWit XPUB (PIB49) — check. Extract the seed/master key, or a private key associated with a specific UTXO — check.

Caveats

I haven’t used Samourai wallet extensively yet, and I cannot vouch for its stability — it is still in Alpha/Early Access stage. There is a single issue I have found so far, and it is not so much as a bug as a consequence of a feature implementation, combined with a particular setting of the Android OS.

The issue concerns remote functionality. When you send an SMS command to reclaim your private key, the phone will signal receipt of message, and the response (with your private key) will be stored in the “Sent items’ folder messaging app. If your phone is locked and set up not to reveal incoming message contents, a thief may not realize what you’re trying to do. But if he somehow manages to unlock your phone, your Samourai private key will be exposed. This means that if you are stupid enough not to have PIN lock + encryption enabled at all times, trying to reclaim your private key will actually make you more vulnerable to Bitcoin theft than relying on the PIN protection of the Samourai app alone.

That is why trying to extract your key via SMS should be a very last resort in case you don’t keep your seed phrase. Even so, you should only attempt it if you are prepared to immediately sweep this key and transfer the funds to a different wallet. Otherwise, it is much better to simply issue a remote wipe command and be done with it.

Bitcoin Politics

SegWit support: Samourai supports SegWit addresses and uses them by default. Your transactions cost less and take less space on the ledger. None of the other mobile wallets I’ve tested so far does that, even the almighty Electrum, which is supposed to support SW since version 2.8 yet it somehow doesn’t offer it in version 2.9.3.

Stance on SegWit2x: The Samourai developers are vocally opposed to SegWit2x and consider this effort an attack on the network. When the S2X fork approaches, the wallet software will detect the fork and warn the user about it. Also, the devs seem to be working on some sort of replay protection that will allow users to safely access their Bitcoins. They also plan to offer an option to automatically convert S2X balance to BTC but there isn’t much info yet on how/when this is going to happen. You should follow @SamouraiWallet on Twitter to stay updated.

In Conclusion

To those who have reached the end of this blog post, thanks for sticking around! I hope I have convinced you to give Samourai Wallet a try and prepare to be amazed. The solid feature set is unlike anything else I’ve seen for Android or iOS so far. Heck, even desktop wallets and hardware wallets lack some of the features Samourai is pushing.

I plan to use Samourai as much as possible, and I see it easily becoming the single wallet I keep on my Android phone (sorry Electrum, Breadwallet & Mycelium…)

Visit the Samourai Wallet website
Exit mobile version