Enabling automated backup on Eclair Wallet

TL; DR: Latest release of Eclair Wallet Testnet includes automated encrypted backups using Google Drive. Will be rolled out to mainnet ASAP.

A bit #Reckless until now

Until now, upon installing Eclair Wallet for Android, a huge scary disclaimer warned users that funds allocated to Lightning channels weren’t being backed up. In other words, funds stored in channels would be lost if the user uninstalled the app, or even deleted application data, or simply lost their phone with open channels (of course, on-chain funds are always protected by the seed and can be recovered).

Backing up Lightning channels is difficult

The reason for this is that backing up Lightning channels is far more complex than backing up on-chain funds. On-chain is easy: everyone is used to writing down a list of words once and for all. But there are two problems with the backup of Lightning funds. First the backup needs to be updated every time the state of the channel changes (which happens several times during a single payment!). The second problem is even worse: if you restore channels from a backup that you think is up to date, but is actually an old stale state, then your counterparty could believe you are attempting to cheat on them, and take all your money as a punishment.

How it works

We decided to use Google Drive to store channel backup data. It is updated every time a channel’s state changes. Note that only the channel data is saved, not the routing table which can be fetched from the network. To be more precise, the data we store is encrypted using a key derived from the main seed, and its name is also derived from this same seed. This allows users to seamlessly restore their Eclair Wallet app, using only the 12 words they are used to; it also supports having an unlimited number of different wallets simultaneously, and restore one or the other.

We know that some may not like the fact that we rely on Google Drive (which means having to create a Google account) for that — especially those who install Eclair Wallet straight from our GitHub repo —, but this is both the easiest and most convenient way we found to meet our needs for now, and there is little privacy concern since everything is encrypted on-device. We should add that it wouldn’t be too difficult to change the back-end in the future.

If for some reason you try to restore an outdated backup (this shouldn’t be possible, but still), then you will still be fine, provided that your peer supports dataloss protection (this is the case for Eclair and LND nodes, and soon for c-lightning).

Given how sensitive this feature is, we are very interested in getting user feedback before rolling out the mainnet version. Please download the testnet app, and report any bugs!