Free & open source · Reproducible builds on F-Droid

Turn any Android phone into a Bitcoin hardware wallet.

MetroVault is an air-gapped signing device. Your keys live on a phone that never touches the internet — transactions cross the gap as QR codes, and nothing else.

  • No INTERNET permission
  • AES-256 + Android Keystore
  • GPL-3.0 open source
  • Single-sig & multi-sig
MetroVault home screen showing several Bitcoin wallets in the vault

Air-gapped by design

Your keys live on a phone that never touches the internet. Transactions cross the gap as QR codes — no cables, no Bluetooth, no exceptions.

Defense in depth

AES-256 encryption wrapped by the hardware Keystore, biometric unlock, a decoy vault for duress, and optional auto-wipe.

Works with your wallet

Pairs with BlueWallet, Sparrow, or Electrum. Single-sig, multi-sig, and Silent Payments — every standard address type included.

All your wallets in one vault
All your wallets in one vault
Addresses, PSBT signing, and export per wallet
Addresses, PSBT signing, and export per wallet
Export keys, descriptors, and SP scan keys
Export keys, descriptors, and SP scan keys
Decoy password, biometrics, auto-wipe
Decoy password, biometrics, auto-wipe
Power-user toggles: BIP-85, accounts, Silent Payments
Power-user toggles: BIP-85, accounts, Silent Payments

Download

Get MetroVault — and verify it.

Install from F-Droid, grab the APK from GitHub, or build it yourself. However you install, you can check the result byte for byte.

Install

F-Droid independently rebuilds MetroVault from source and verifies it byte-for-byte against the release — reproducible builds.

Prefer to build it yourself?

git clone https://github.com/gorunjinian/MetroVault.git

Android Studio + JDK 17, then install on a device that never goes online. For production use, building from source on your own machine is the gold standard.

Verify your install

Package ID

com.gorunjinian.metrovault

Signing certificate SHA-256

1245554ceb17cea21e9912af7bf60d38d716f5884d4b3664e5338462cc76fd03

Compare the fingerprint of the installed APK against this value. How the reproducible build pipeline works is documented in FDROID_BUILD.md.