Walt Android

Privacy-focused NFC tap-to-pay wallet for Android.

Your transaction data stays on your phone. Never shared or sold or tracked.

Learn more at walt.is

Overview

Walt is a tap-to-pay Android wallet that prioritizes user privacy and data control. Unlike traditional mobile wallet apps, Walt encrypts and stores all transaction data locally on your device. All transaction data stays between you and the merchant you're buying from. The app provides tap-to-pay functionality without surveillance, data monetization, or user tracking.

Core Principles

• Privacy First: Transaction data never leaves your device
• Local Encryption: All sensitive data encrypted using Android Keystore
• Transparent Pricing: $3/month subscription (no hidden fees, no data sales)
• Open Development: Architecture and design decisions documented publicly

Architecture

Walt uses Clean Architecture with a hybrid approach:

• MVVM for simple features (cards, settings, onboarding)
• MVI with UDF for critical state machines (provisioning, payment)

Module Structure

android/
├── app/                      # Application entry point
├── feature/                  # Feature modules
│   ├── provisioning/         # Card digitization (MVI)
│   ├── payment/              # Tap-to-pay (MVI)
│   ├── cards/                # Card management (MVVM)
│   ├── settings/             # Settings (MVVM)
│   └── onboarding/           # Registration (MVVM)
├── core/
│   ├── domain/               # Business logic
│   ├── data-mtp/             # Payment SDK integration
│   ├── data-nfc/             # NFC/HCE layer
│   ├── security/             # Security & integrity
│   ├── telemetry/            # Local-only logging
│   ├── ui/                   # Shared UI components
│   └── common/               # Utilities
├── testing/
│   ├── fakes/                # Test doubles
│   └── contract/             # Repository contracts
└── build-logic/              # Build configuration

Why This Structure?

Separation of Concerns

• data-mtp handles payment provider integration
• data-nfc handles NFC protocol (independent of provider)
• security centralizes security logic for audit compliance

MVI for State Machines

• Card provisioning has complex async flows
• Tap-to-pay requires predictable state transitions
• Single source of truth aids security audits

MVVM for Simple Screens

• Less boilerplate for CRUD operations
• Natural fit with Jetpack Compose

For detailed architecture decisions, see Architecture Documentation.

Technology Stack

• Language: Kotlin
• UI: Jetpack Compose + Material Design 3
• Payment Infrastructure: MeaWallet Mobile Token Platform (MTP SDK)
• Architecture: Clean Architecture (domain/data/presentation)
• Dependency Injection: Hilt
• Async: Kotlin Coroutines + Flow
• Security: Android Keystore, Play Integrity API

MeaWallet Integration

Walt leverages MeaWallet's MTP SDK for:

• Card tokenization (I-TSP)
• NFC/HCE contactless payments
• Token lifecycle management
• Card network integration (Visa/Mastercard)

This allows Walt to focus on privacy, UX, and local data protection while using battle-tested payment infrastructure.

Requirements

• Android 8.0+ (API 26+)
• NFC hardware with HCE support
• Device lock screen enabled (PIN/password/pattern/biometric)
• Google Play Services (for Firebase Cloud Messaging)

Development

Prerequisites

• Android Studio (latest stable)
• JDK 17+
• MeaWallet SDK access (contact MeaWallet for partnership)

Build

./gradlew build

Run Tests

./gradlew test

Install

./gradlew installDebug

Code Quality

Walt uses automated code quality tools to maintain security and consistency:

Run all quality checks:

./gradlew detekt ktlintCheck

Individual tools:

# Static analysis (security, bugs, code smells)
./gradlew detekt

# Code formatting and style
./gradlew ktlintCheck

Auto-fix formatting issues (use with caution):

./gradlew ktlintFormat

Continuous Integration

Quality checks run automatically via GitHub Actions on all pull requests and pushes to main. The workflow will fail PRs with violations, ensuring:

• Consistent code style across the codebase
• Early detection of potential security issues
• Prevention of common bugs and anti-patterns

CI Workflow: .github/workflows/quality.yml

Configuration files:

• detekt.yml - Static analysis rules
• .editorconfig - Formatting rules

Security & Privacy

Local Data Only

• Transaction data encrypted with Android Keystore
• No server-side transaction storage
• No analytics sent to third parties
• No user tracking

Security Measures

• Play Integrity API for device verification
• Root/tamper detection
• Hardware-backed key storage (TEE/StrongBox when available)
• Encrypted local database (SQLCipher)

Audits

Annual security audits funded by subscriptions ensure Walt maintains high security standards.

Contributing

Walt is being developed with community transparency in mind. Contribution guidelines will be published as the project matures.