💎 Gem Wallet - Android

Gem Wallet is a powerful and secure mobile application designed for Android and iOS. It provides users with a seamless and intuitive experience to manage their digital assets and cryptocurrencies.

The app is developed using Kotlin/Compose. The codebase also includes a Core library implemented in Rust, providing efficient and secure cryptographic operations for enhanced data protection.

🤖 Android available on the Google Play Store

📲️ iOS available on the App Store

✨ Features

• 👨‍👩‍👧‍👦 Open Source & Community Owned with web3 ethos.
• 🗝️ Self-Custody Exclusive ownership and access to funds.
• 🔑 Secure and Privacy preserving wallet.
• 🔗 Multi-Chain Support: Supports Ethereum, Binance Smart Chain, Polygon, Avalanche, Solana, and more.
• 🔄 Swaps: Exchange cryptocurrencies quickly and easily.
• 📈 Staking: Earn rewards by staking assets.
• 🌐 WalletConnect: Secure communication with decentralized applications (dApps).
• 🌍 Fiat On/Off Ramp: Easily convert between cryptocurrencies and traditional currencies.
• 🗃️ Backup and Recovery: Simple backup and recovery options.
• 📈 Real-Time Market Data: Integrated with real-time price tracking and market data.
• 🔄 Instant Transactions: Fast and efficient transactions with low fees.
• 🔔 Customizable Notifications: Set alerts for transactions, price changes, and important events.
• 🛡️ Advanced Security: Encryption and secure key management.

🏄‍♂️ Contributing

• Look in to our Github Issues
• See progress on our Github Project Board
• Public Roadmap

See our Contributing Guidelines.

🥰 Community

• Install the app Gem Wallet
• Join our Discord
• Follow on Twitter or join Telegram

🙋 Getting Help

• Join the support Telegram to get help, or
• Open a discussion with your question, or
• Open an issue with the bug

If you want to contribute, you can use our developers telegram to chat with us about further development!

🚀 Getting Started

Android Development

Note

We recommend using Apple silicon Macs for development (arm64), if you're using Intel Mac, you need to add x86_64 to targets under cargoNdk in build.gradle.kts.

1. Download and install latest Android Studio
2. Install JDK 17, preferably using SDKMAN
3. Install just by running brew install just if you don't have it already.
4. Run just bootstrap to install all nessesary tools (Rust / NDK).
5. Generate a GitHub personal token with read:packages permission and add it to your local.properties file:

gpr.username=<your-github-username>
gpr.token=<your-github-personal-token>

Optionally, you can generate models and kotlin bindgen by running just generate, Gem Android consumes wallet core library as a local module, if you need to update it, ping us or create an issue on here.

🔐 Security Scanning

We run MobSF mobsfscan to catch insecure patterns in our Kotlin/Java sources.

• Local usage: Install uv and run uv tool install mobsfscan once. After that, just mobsfscan (internally uv tool run mobsfscan -- --type android --config .mobsf --exit-warning) scans the Android codebase with the repo-wide configuration and fails on WARNING and ERROR findings.
• CI enforcement: .github/workflows/mobsfscan.yml runs the same command on every push/PR to main, uploads a SARIF report to GitHub code scanning, and fails the workflow if issues remain.

Only suppress detections when you fully understand the risk—ideally fix the code; otherwise, add a targeted // mobsf-ignore: rule_id comment with context.

♻️ Reproducible Release Verification

Use the helper script to rebuild a tagged release in Docker and compare it against an APK you downloaded from a trusted endpoint (e.g., the GitHub release assets). By default it runs :app:assembleUniversalRelease and copies the resulting APK from app/build/outputs/apk/universal/release; override VERIFY_GRADLE_TASK / VERIFY_APK_SUBDIR if you need another flavor.

curl -L --fail -o official.apk http://apk.gemwallet.com/gem_wallet_universal_v1.3.48.apk
./scripts/verify_apk.sh v1.3.48 official.apk

The script will:

• (re)build the gem-android-base image if necessary;
• build Dockerfile.app for the requested git tag/branch using the selected Gradle task;
• copy the produced APK directly out of app/build/outputs/apk/...; and
• store the rebuilt + official APKs plus their hashes in artifacts/reproducible/<tag>/.

If the bytes match, the script exits with success; otherwise it returns status code 2. Set VERIFY_ALLOW_MISMATCH=true when you only need the artifacts/hashes (our CI job uses this to avoid red builds while still surfacing the comparison result). When diffoscope is available, the script also unzips both APKs (stripping signing metadata) and writes an HTML diff report to artifacts/reproducible/<tag>/diffoscope.html; set VERIFY_SKIP_DIFFOSCOPE=true to skip generating this report.

👨‍👧‍👦 Contributors

We love contributors! Feel free to contribute to this project but please read the Contributing Guidelines first!

🌍 Localization

Join us in making our app accessible worldwide! Contribute to localization efforts by visiting our Lokalise project

⚖️ License

Gem Wallet is open-sourced software licensed under the © GPL-3.0.