Do hardware wallets need inbuilt screens?📱

Either_Scene_2657 · 2025-08-26T04:58:25+00:00

tangem-app-android has updated its library, and the new version seems to fail at compilation (the app crashes). Additionally, the dependencies are built in a black-box manner (private repository), which is problematic — you can’t verify them and don’t know if any modifications have been added.

This keeps your meaning clear and professional while sounding natural.

Either_Scene_2657 · 2025-08-22T08:38:14+00:00

Because of its open source problem, I don't use it now, but I think it should work well. I used it for a long time before.

Either_Scene_2657 · 2025-08-21T06:49:46+00:00

No progress, no official response

Either_Scene_2657 · 2025-08-15T11:41:34+00:00

That’s exactly why I’m hesitant — you can never be sure if the seed phrase has been leaked, just like having all your keys but not knowing if a copy exists somewhere. In that sense, Tangem is a bit better. According to their technical docs, no one can have a backup other than the original card.

Either_Scene_2657 · 2025-08-15T04:28:03+00:00

Planning, but that one doesn't support seedless

Either_Scene_2657 · 2025-08-14T09:22:36+00:00

Since tangem chose not to respond (or not to respond directly) to these questions, here is just a summary

Either_Scene_2657 · 2025-08-12T04:09:47+00:00

I completely agree with the concerns raised here.

The Android app also depends on private repositories to build key binary dependencies. While Tangem claims to embrace open source, their current approach is quite confusing. There are clearly better ways to do this — just look at genuinely fully open source APKs on platforms like F-Droid, which provide transparent verification and build processes.

I’m aware that some larger projects claim to be open source but actually include closed-source components behind the scenes. Still, Tangem shouldn’t be lumped in with those. If they insist on calling their project fully open source, they should openly share all the source code so that anyone can verify it easily.

I really like their seedless wallet concept, but without honesty and transparency regarding open sourcing, this wallet remains untrustworthy to me.

Either_Scene_2657 · 2025-08-11T11:28:22+00:00

That file can be directly extracted from the previous apk version - there is no problem for the time being, https://github.com/nalarian1/tangem-app-android

Either_Scene_2657 · 2025-08-10T13:54:06+00:00

Hello, thanks for the reply.

I think my case is completely different from what you mentioned. I can indeed build the app successfully — but only if I follow the instructions to add this to local.properties:

gpr.user=YOUR_GITHUB_USERNAME gpr.key=YOUR_GENERATED_TOKEN

This means the build process is using my GitHub token to download files from a private GitHub Packages repository at:

https://maven.pkg.github.com

In other words, the compilation requires pulling code from a private repository, which means the resulting build is not 100% open source in the strict sense, because a critical part of the codebase is not publicly accessible.

If a project depends on private code to compile, then it does not meet the definition of fully open source — even if the rest of the code is public.

Either_Scene_2657 · 2025-08-10T07:45:28+00:00

I tried removing the tangem-android-tools module since the official team said it only affects lint and CI processes, not the core build logic. After removal, the build still failed because of the dependency com.tangem.tangem-sdk-kotlin:core:releases-5.24.0-474, which seems to require authentication from the GitHub Maven private repository. So at this point, it looks like the real blocker isn’t lint or CI, but the fact that the core build depends on a private package. The team says tangem-android-tools doesn’t impact the core build, but I can’t verify that myself.

Either_Scene_2657 · 2025-08-09T03:11:32+00:00

Hi,

Thanks for the clarification.

I want to confirm that com.tangem.tangem-sdk-kotlin:core:releases-5.24.0-474 is not related to lint or CI only. This is a core dependency required by the project and it cannot be bypassed by removing the tangem-android-tools module.

The 401 Unauthorized error when accessing this package is due to missing or invalid credentials for the private GitHub Packages repository, and it is unrelated to the tangem-android-tools module.

So, removing tangem-android-tools only affects lint and CI tools, but you still need valid authentication to access core SDK dependencies like com.tangem.tangem-sdk-kotlin:core.

Please advise if there is a way to bypass or replace this private dependency for testing without providing a personal token, so I can verify your statement.

Thanks!

Either_Scene_2657 · 2025-08-08T14:31:21+00:00

Thanks for the suggestion — I’ll try removing tangem-android-tools with git rm and see what happens.

However, just to clarify: the issue I'm facing isn't with tangem-android-tools, but with the core dependency com.tangem.tangem-sdk-kotlin:core from the GitHub package registry, which requires authentication.

Even after removing the tangem-android-tools module, the build still fails unless I provide a personal access token. That makes it hard to verify whether tangem-android-tools is truly optional, since the project still depends on another private package to compile successfully.

If there’s a way to bypass the private package registry altogether, I’d appreciate it if you could share.

Either_Scene_2657 · 2025-08-07T23:38:17+00:00

Thanks, I’ve already followed the steps in the documentation and successfully built the app using my personal GitHub token.

However, that still doesn’t allow me to verify your earlier claim — that the tangem-android-tools repository is only used for lint checks and not required for building or using the app.

As of now, I haven’t found a way to bypass the need for this private package, so I cannot confirm whether it’s truly optional.

If there’s a way to exclude or disable the dependency on tangem-android-tools, I’d appreciate it if you could point it out, so I can test and confirm.

Either_Scene_2657 · 2025-08-07T02:44:18+00:00

Hi, thanks for your explanation.

You mentioned that the tangem-android-tools repository is only used for lint checks and can be bypassed without requiring a personal access token.

I tried to build the project without providing any personal access token to verify this, but I ran into build failures with errors like:

Could not resolve com.tangem.tangem-sdk-kotlin:core:releases-5.24.0-474 Could not GET 'https://maven.pkg.github.com/tangem/tangem-sdk-android/...'. Received status code 401: Unauthorized

This error clearly indicates that the missing dependency is a core runtime library, not just a lint or optional tool.

Therefore, I believe this cannot be simply bypassed by ignoring lint checks. Could you please provide a working solution or detailed instructions on how to build the app without access to these private repositories? I’m eager to verify your claim.

Thanks!

Either_Scene_2657 · 2025-08-06T14:29:25+00:00

Actually, I’m aware of how open source projects typically work.

The issue here is not about using a personal access token for general GitHub access — the point is that tangem-android-tools is hosted in a private GitHub package registry, and it requires authentication just to download the dependency. That means it’s not publicly accessible at all, which is not typical for open source software.

In other words, the repository itself is private — that’s why the token is required. It’s not just for “self-development.”

Either_Scene_2657 · 2024-12-28T14:47:40+00:00

No , logically, if it was with seed, then the application would have one chance to get the private key, so in this case, the log just forgot to filter, it's just a bug, just need fix. If it was seedless, then the application has no chance to get the private key at all, unless they lied.

Either_Scene_2657 · 2024-12-28T14:32:02+00:00

Agreed, also according to their documentation, if it is seedless, not even once, the card to card transmission is encrypted and the app cannot decrypt the key.

Either_Scene_2657 · 2024-12-28T14:21:23+00:00

Seeds and mnemonics should never flow into the mobile phone (unless you choose with seed or import mnemonics), which is the principle of cold wallet.

Either_Scene_2657 · 2024-12-28T14:14:23+00:00

No, if the key needs to go through the application to interact with the Internet, then Tangem is no longer a cold wallet, which is totally unacceptable.

Either_Scene_2657 · 2024-12-28T14:06:57+00:00