Support Request Template - If you are seeking support, try to answer the following questions when creating your topic. It will vastly improve the speed at which someone can help. If you do not require support, delete this text and create your own topic intro.
What are you trying to achieve?
What steps are you taking to try and achieve this?
What are you seeing or experiencing to suggest that something is wrong?
What version of Envoy are you using?
Does your query relate to the mobile wallet or a Passport account?
I am setting up Envoy (2.2.12) on a new phone. I do not want to use the original wallet on Envoy from my prior phone. I installed Envoy on a Pixel 10 with Graphene os. I have no intention on installing Google Play Services on the phone. I plan on using the Magic backup. On Step 4 of the installation process we are directed to Android Backup, which I do NOT have. Is this a necessary step? What is an alternative backup that would satisfy this seed backup step?
Just so I am clear is this a backup of the Magic backup?
You’re right that the Passport Prime setup (Magic Backup) involves storing one part of your Master Key on Envoy, which is then backed up to your Apple or Google account via iCloud Keychain or Android Auto-Backup. Since you’re on GrapheneOS without Google Play Services, that automatic cloud sync path won’t be available.
The Android Auto-Backup step is not a backup of the Magic Backup as a whole. It backs up one specific piece of it. Passport Prime’s Magic Backup uses Shamir Secret Sharing to split your Master Key into three parts. Two parts go onto your physical NFC Keycards, and the third is stored on Envoy and synced to your cloud account. To recover, you need any two of the three parts. The cloud backup exists so that if you lose your phone, you can recover using one Keycard + the cloud-stored Envoy share. Without that cloud path, you can still recover using your two Keycards together.
Regarding Seedvault (GrapheneOS system backup) as an alternative:
We’ve confirmed that Envoy does not opt out of Android’s system backup, and that it specifically includes the Prime share in its backed-up data. Seedvault (the backup service built into GrapheneOS at Settings > System > Backup) uses the same underlying Android backup framework, so a Seedvault backup to USB or external storage should capture the Envoy-held share of your Prime Master Key.
That said, this is not a configuration we’ve explicitly tested or officially support, so here’s what we’d recommend:
Proceed with Magic Backup setup as normal. The two Keycard shares and the Envoy share will all be created correctly. The only difference is the Envoy share won’t automatically sync to Google’s cloud.
Configure Seedvault (Settings > System > Backup) to back up to a USB drive or other external storage, and run a backup after completing Prime setup. This should capture the Prime share from Envoy.
Store your two Keycards in separate secure locations. This is your most reliable recovery path and doesn’t depend on any cloud or phone backup at all. With two Keycards, you can always restore your Master Key.
Optionally, retrieve your BIP39 seed words from the Backups screen in Prime’s settings. This gives you an additional independent backup of the Master Key that doesn’t rely on Keycards, Envoy, or any backup service.
Hope that helps! Let us know if you have any other questions.