Mobile Bitcoin Wallets — Electrum vs BlueWallet vs BULL vs Blockstream Green

Executive summary

This report compares four Bitcoin wallets using two combined lenses: Bitcoin‑only / FOSS / privacy maximalism and sovereignty‑first (anti‑capture) systems design.

Evidence is embedded directly throughout the page via inline links (official docs, repos, issue trackers, and third‑party audits such as WalletScrutiny).

Final ranking (composite score)

Rank	Wallet	Composite	Primary posture
#1	Electrum Official Repo WalletScrutiny	93.35	Sovereign core baseline (Bitcoin-only, minimal capture surface)
#2	BULL Wallet (Bull Bitcoin Mobile) Official Repo WalletScrutiny	82.65	Privacy-heavy bridge tool (Liquid + fiat rails present)
#3	BlueWallet Official Repo WalletScrutiny	79.95	Protocol-rich privacy wallet with supply-chain/telemetry drag
#4	Blockstream Green / Blockstream App Official Repo WalletScrutiny	71.85	Corporate multi-asset portal (Liquid + stablecoin + server-key legacy)

Headline takeaways

Electrum ranks first due to Bitcoin-only scope (FAQ), strong Tor/self-hosting pathways (Tor docs), and minimal embedded capture surface (project site).
BULL Wallet ranks second as a feature-dense, privacy-forward mobile wallet that explicitly spans Bitcoin + Liquid and atomic swaps (Play Store description), with async Payjoin emphasis (announcement).
BlueWallet ranks third: PayJoin and coin control are advertised on its feature page (features), while telemetry and distribution concerns appear in public issues (Firebase issue) and F‑Droid status (F‑Droid thread).
Blockstream Green ranks fourth: multi‑asset Liquid + USDt support is explicit in distribution descriptions (Play Store / F‑Droid) and server‑key multisig heritage is described by Blockstream (blog).

Scoring framework

Each wallet receives a 0–100 score on the criteria below. The composite is a weighted average (weights sum to 100%). Criteria separate: distribution verifiability, telemetry, asset purity, key sovereignty, node/network sovereignty, privacy protocols, and capture gravity.

ID	Criterion	Weight	What it measures
C1	FOSS + reproducibility + distribution	15%	License freedom, public source, independent builds where possible (F‑Droid / signed releases), and distribution transparency (e.g., WalletScrutiny).
C2	Telemetry & trackers	10%	Known telemetry/analytics SDKs and reproducible evidence of phone‑home behavior (e.g., Firebase logging reports).
C3	Bitcoin purity vs synthetic multi‑asset	15%	Bitcoin‑only scope vs Liquid/stablecoin/token expansion; Lightning is treated as Bitcoin-layer.
C4	Key sovereignty	20%	Whether spend authority remains local (no mandatory remote cosigner; recovery schemes do not smuggle in custody).
C5	Node sovereignty & network surface	15%	Ability to rely on self‑hosted backends, Tor/.onion routing, and avoidance of descriptor‑level privacy leaks by default.
C6	On‑chain privacy arsenal	15%	On-chain privacy tooling: coin control, labeling, RBF/CPFP; PayJoin, payment codes, Silent Payments, etc.
C7	KYC gravity & corporate capture	10%	Degree of KYC gravity and corporate capture: embedded exchange rails, multi‑asset marketing, server-key dependency patterns.

Why these weights?

Key sovereignty (C4) and long-horizon capture resistance (C1/C3/C5) dominate weighting. Telemetry (C2) and protocol privacy (C6) are weighted slightly lower because privacy protocols can be neutralized by network topology or analytics leakage, while telemetry can sometimes be mitigated by distribution hygiene.

Scores matrix

Composite = Σ(score × weight) / 100. Exact composites are shown to two decimals.

Wallet	Composite	C1	C2	C3	C4	C5	C6	C7
Electrum Official Repo WalletScrutiny F‑Droid	93.35	90	95	100	98	88	85	98
BULL Wallet (Bull Bitcoin Mobile) Official Repo WalletScrutiny	82.65	78	80	75	95	85	93	60
BlueWallet Official Repo WalletScrutiny	79.95	60	45	100	92	72	95	80
Blockstream Green / Blockstream App Official Repo WalletScrutiny F‑Droid	71.85	85	80	45	82	78	75	50

Interpretation notes (hyper-adversarial)

Distribution-layer scores are conservative; WalletScrutiny links are included per wallet to keep the “source-to-device” chain explicit.
Network privacy (Tor/self-hosted backends) is scored separately from protocol privacy (PayJoin/payment codes/Silent).
Multi‑asset posture is scored under C3 and re-appears under C7 when marketed as a portal to tokenized/stable assets.

Deep dives (evidence-linked)

Each wallet section includes: (1) primary links, (2) criterion breakdown, and (3) evidence bullets with inline references.

Electrum

Composite score: 93.35

Official site GitHub Docs (FAQ)Docs (Tor)F‑Droid WalletScrutiny (Android)Play Store PayJoin planned (issue #6585)BIP47 planned (issue #4460)F‑Droid build log example

WeightsC1 15 • C2 10 • C3 15 • C4 20 • C5 15 • C6 15 • C7 10

Composite93.35

Criterion breakdown

ID	Criterion	Weight	Score	Evidence (inline links)
C1	FOSS + reproducibility + distribution	15%	90	MIT-licensed, public repository (license shown in repo header). Available on F‑Droid (built from source). F‑Droid build logs show build steps and signature verification against upstream APKs (example log). WalletScrutiny provides distribution-layer context for Android builds.
C2	Telemetry & trackers	10%	95	Electrum site contains privacy-policy language about information handling.
C3	Bitcoin purity vs synthetic multi‑asset	15%	100	Electrum docs explicitly state Bitcoin-only scope (no altcoins).
C4	Key sovereignty	20%	98	F‑Droid listing describes self-custody (keys on device; mnemonic recovery).
C5	Node sovereignty & network surface	15%	88	Electrum docs describe Tor usage and privacy/trust tradeoffs. Bitcoin.org page notes SPV model and random server usage by default.
C6	On‑chain privacy arsenal	15%	85	Native PayJoin support is tracked as an open issue (BIP78). Native BIP47 (PayNyms) support is tracked as an open issue.
C7	KYC gravity & corporate capture	10%	98	Project positioning is wallet-focused (no in-wallet exchange rail surfaced on the official site).

Final posture statement

Electrum functions as the sovereignty-first baseline: Bitcoin-only scope, long-lived FOSS codebase, and explicit Tor/self-hosting pathways. Deductions reflect default reliance on public servers and the absence of built-in PayJoin/BIP47 primitives (tracked as open issues).

BULL Wallet (Bull Bitcoin Mobile)

Composite score: 82.65

Official site Company blog (BULL wallet overview)GitHub WalletScrutiny (Android)Play Store Recoverbull Recoverbull whitepaper Async Payjoin announcement Payjoin Foundation note (async Payjoin in Bull wallet)BIP329 wallet label format BIP329 wallet support list (mentions Bull Bitcoin Mobile)

WeightsC1 15 • C2 10 • C3 15 • C4 20 • C5 15 • C6 15 • C7 10

Composite82.65

Criterion breakdown

ID	Criterion	Weight	Score	Evidence (inline links)
C1	FOSS + reproducibility + distribution	15%	78	Public repo shows MIT license and open development. WalletScrutiny review exists for the Android package.
C2	Telemetry & trackers	10%	80	Company blog claims “no push notifications” and “no data collection whatsoever” (self-asserted). Recoverbull describes local encryption and separate key-server storage model. Recoverbull design details in whitepaper repo.
C3	Bitcoin purity vs synthetic multi‑asset	15%	75	Play Store describes Bitcoin + Liquid scope and atomic swaps across Bitcoin, Lightning, and Liquid. WalletScrutiny reflects the same scope.
C4	Key sovereignty	20%	95	Recoverbull emphasizes encrypted backups with separate key storage model.
C5	Node sovereignty & network surface	15%	85	GitHub README describes wallet philosophy and advanced controls; includes Lightning/Liquid coordination.
C6	On‑chain privacy arsenal	15%	93	Bull Bitcoin blog post announces serverless asynchronous Payjoin. Payjoin Foundation post references async Payjoin work in Bull Bitcoin Mobile Wallet. BIP329 support list includes Bull Bitcoin Mobile (labels export).
C7	KYC gravity & corporate capture	10%	60	Public repo positions the app as both wallet and exchange app (exchange coupling).

Final posture statement

BULL Wallet (Bull Bitcoin Mobile) is a privacy-forward bridge wallet: strong day-to-day tooling (including async Payjoin and label export standards) plus a deliberately integrated fiat/exchange layer. Liquid-first design and exchange coupling carry the main sovereignty penalties.

BlueWallet

Composite score: 79.95

Official site Features page GitHub WalletScrutiny (Android)Play Store Firebase logging issue (#6555)Tor option missing issue (#5931)F‑Droid forum thread (disabled/tainted)F‑Droid removal tracking issue (#5047)BIP47 + Silent send announcement (NoBS Bitcoin)BlueWallet v7.0.0 highlights (BIP47 + Silent)Silent Payments library repo

WeightsC1 15 • C2 10 • C3 15 • C4 20 • C5 15 • C6 15 • C7 10

Composite79.95

Criterion breakdown

ID	Criterion	Weight	Score	Evidence (inline links)
C1	FOSS + reproducibility + distribution	15%	60	Public source repo (React Native + Electrum). F‑Droid thread notes disabling due to proprietary/tainted code. GitHub issue tracks F‑Droid removal and cites dependency taint. WalletScrutiny review exists for the Android package.
C2	Telemetry & trackers	10%	45	Issue reports background connections to firebaselogging.googleapis.com even with analytics disabled.
C3	Bitcoin purity vs synthetic multi‑asset	15%	100	Features page lists on-chain, multisig, and lightning wallet types (Bitcoin-only posture).
C4	Key sovereignty	20%	92	Features page states private keys/seed remain on-device and supports export/import backups (BIP39).
C5	Node sovereignty & network surface	15%	72	Tor toggle disappearance reported in issue #5931. Features page documents plugging into self-hosted Electrum servers (EPS/ElectrumX/Electrs).
C6	On‑chain privacy arsenal	15%	95	Features page documents Coin Control and PayJoin. NoBS Bitcoin post describes BIP47 and sending to Silent Payments addresses (v6.6.8). BlueWallet post highlights BIP47 payment codes and Silent Payments sending. BlueWallet maintains a Silent Payments (BIP-352) library repository.
C7	KYC gravity & corporate capture	10%	80	Play Store description includes “buy Bitcoin” positioning (non-specific provider coupling).

Final posture statement

BlueWallet is privacy-protocol rich (coin control, PayJoin, plausible deniability; plus public BIP47 and Silent Payments milestones), but the distribution/telemetry footprint is materially heavier (F‑Droid taint history, Firebase logging reports, and Tor toggle removal in later versions).

Blockstream Green / Blockstream App

Composite score: 71.85

Official site F‑Droid WalletScrutiny (Android)Play Store QuickSync / Waterfalls explainer Multisig security overview (Liquid wallets)nLockTime recovery (2FA accounts)Blockstream blog: Green now on desktop (server-key 2-of-2)

WeightsC1 15 • C2 10 • C3 15 • C4 20 • C5 15 • C6 15 • C7 10

Composite71.85

Criterion breakdown

ID	Criterion	Weight	Score	Evidence (inline links)
C1	FOSS + reproducibility + distribution	15%	85	WalletScrutiny describes the app as open source (GPLv3) and provides distribution-layer context. F‑Droid distribution page (source-built variant).
C2	Telemetry & trackers	10%	80	QuickSync/Waterfalls: descriptor-based syncing (descriptor sent to server).
C3	Bitcoin purity vs synthetic multi‑asset	15%	45	Play Store description explicitly mentions Liquid-based assets such as LBTC and Tether’s USDt. F‑Droid description likewise mentions Liquid assets (LBTC, USDt).
C4	Key sovereignty	20%	82	Blockstream blog describes a 2-of-2 multisig model with one key on device and another on Blockstream servers. Help article describes 2-of-2 multisig requiring a server signature for Liquid wallets. Help article describes nLockTime recovery and use of pre-signed transactions from servers in some flows.
C5	Node sovereignty & network surface	15%	78	QuickSync/Waterfalls: server derives addresses/history after receiving a wallet descriptor.
C6	On‑chain privacy arsenal	15%	75	WalletScrutiny page enumerates features and security model; advanced privacy protocols are not core product emphasis.
C7	KYC gravity & corporate capture	10%	50	Official product page positions the app as supporting Bitcoin + Liquid assets.

Final posture statement

Blockstream Green/Blockstream App is a capable multi-platform wallet, but explicitly multi-asset (Liquid + USDt) and historically centered on server-key multisig security models. Descriptor-based QuickSync/Waterfalls improves sync performance while centralizing descriptor exposure when using hosted infrastructure.

Notes & constraints

Temporal drift: wallet code, releases, and defaults change. This report is a snapshot (2026-02-26). Evidence links point to primary sources that can be re-checked.
Distribution-layer caution: even fully open-source wallets can ship binaries that are not easily reproducible. WalletScrutiny is included for systematic “source-to-device” scrutiny.
Privacy ≠ single feature: protocol privacy (PayJoin/payment codes) and topology privacy (Tor/self-hosted backends) can move in opposite directions for the same wallet.