[DIS] Mobile-Ready CKB Light Client (Pocket Node) for Android

CKB Community Fund DAO
,
32

Milestone 1 Completion Report

Project: Pocket Node: Mobile CKB Light Client Wallet for Android
Repository: github.com/RaheemJnr/pocket-node
Milestone: M1 — Mainnet Ready & Hardware-Backed Security
Releases: v1.1.0, v1.2.0, v1.2.1, v1.2.2

Deliverables Summary

All six accepted deliverables for M1 have been completed:

# Deliverable Status
1 Production mainnet configuration with cell dependencies and bootnode settings Done
2 BIP39 mnemonic generation with TEE/StrongBox encryption Done
3 Biometric authentication (fingerprint/face) with PIN fallback Done
4 Comprehensive mainnet testing with real transactions Done
5 Open-source repository on GitHub Done
6 Releases: v1.1.0 (Week 2), v1.2.0 (Week 4) Done

Feature 1: BIP39 Mnemonic with TEE/StrongBox Encryption

Pocket Node now generates wallets using BIP39 12-word mnemonic seed phrases with CKB’s standard derivation path (m/44'/309'/0'/0/0). The mnemonic and derived private key are encrypted using Android’s Trusted Execution Environment (TEE) or StrongBox hardware security module where available.

What was built:

  • MnemonicManager — BIP39 mnemonic generation, validation, and BIP32/BIP44 key derivation using the kotlin-bip39 library
  • MnemonicBackupScreen — 3-step backup flow: display 12 words in a numbered grid (with FLAG_SECURE to prevent screenshots), verify 3 randomly selected words, and success confirmation
  • MnemonicImportScreen — Recovery flow with word autocomplete from the BIP39 word list and real-time validation
  • KeyManager upgraded — Mnemonic-aware wallet creation, TEE/StrongBox-backed MasterKey encryption, and support for both mnemonic and raw key wallet types

PRs: #11, #12, #13

Feature 2: Biometric Authentication with PIN Fallback

The app now requires authentication before showing wallet contents. Users authenticate via fingerprint, face recognition, or a 6-digit PIN on devices without biometric hardware.

What was built:

  • AuthManager — Detects biometric hardware availability and enrollment status using BiometricManager
  • PinManager — PIN hashing with Blake2b + per-device salt, 5-attempt lockout with 30-second cooldown
  • AuthScreen — Automatically triggers BiometricPrompt on launch with manual retry and PIN fallback
  • PinEntryScreen — 6-digit PIN pad with dot indicators, shake animation on wrong entry, lockout timer display
  • SecuritySettingsScreen — Toggle biometric auth, set/change PIN, view security status
  • PIN re-verification required before changing security settings

PRs: #15, #16, #21

Feature 3: Mainnet Production Hardening

The wallet has been hardened for real CKB mainnet transactions with proper validation, error handling, and release configuration.

What was built:

  • NetworkValidator — Validates address-network consistency (rejects ckt testnet addresses on mainnet and vice versa)
  • Testnet support with network switching — users can toggle between mainnet and testnet, each with isolated data directories and configurations
  • Release signing and R8 minification configured
  • ProGuard rules for CKB SDK, BouncyCastle, secp256k1, and Room entities
  • Debug logging gated behind BuildConfig.DEBUG
  • AndroidManifest hardened: backup disabled, native library extraction enabled
  • 15 globally distributed bootnodes configured for both mainnet and testnet

PRs: #19, #22

Feature 4: Open Source & CI/CD

The repository is public on GitHub with automated CI/CD and community contribution infrastructure.

What was built:

  • GitHub Actions CI workflow — builds JNI library + Android app, runs unit tests on every PR
  • Release workflow — automated APK builds on version tags
  • CONTRIBUTING.md, SECURITY.md, issue templates, PR template
  • Google Play Store listing content prepared
  • UI/UX redesign to Material 3 standards with the Nervos team’s feedback incorporated

PRs: #20, #25, #42, #43, #44

Additional Work (Beyond Spec)

Several improvements were shipped beyond the original M1 scope:

  • Room database caching (Phase 1 & 2) : Transaction history and balance caching with transactions, balance_cache, header_cache, and dao_cells tables for offline-first performance (#49, #50)
  • CKB/USD price feed : Live CKB price from CoinGecko displayed on the home screen
  • Test coverage expansion : 232 unit tests covering JNI models, Extensions utilities, TransactionBuilder, TransactionRecord, DAO models, and more (#47, #52)
  • Sync mode selector after import : Users choose their sync depth (Recent, Full History, Custom) when importing a wallet (#41)
  • Website : Landing page for the project at the repo’s GitHub Pages

Releases

Version Highlights
v1.1.0 BIP39 mnemonic, biometric/PIN auth, mainnet hardening, testnet support, CI/CD
v1.2.0 Room database cache, DAO sync pipeline, UI/UX redesign
v1.2.1 Test coverage (67 new tests), website fixes
v1.2.2 Copy private key in backup, balance visibility toggle

All releases include signed APKs attached as assets.

What’s Next: M2 — Nervos DAO Protocol Integration

Work on Milestone 2 is already underway on the feature/m2-nervos-dao branch. M2 will add full Nervos DAO support including:

  • DAO deposit and withdrawal transactions
  • Compensation tracking and cycle visualization
  • DAO direction detection in transaction history
  • In-app update notifications from GitHub releases

Latest Release: Release v1.2.2 · RaheemJnr/pocket-node · GitHub

3 Likes
CKB Ecosystem Biweekly Update