Lightning Wallets — Final Scoring, Ranking & Analysis

Final, adversarially-audited scoring of selected Lightning wallets under a Bitcoin/FOSS/privacy maximalist sovereignty lens. The scope is Lightning capability only.

Mode: max-sovereign configuration Default behavior tracked separately (Default Trap Risk) Composite score: weighted 0–100

1) Framework (final)

Scores represent the maximum sovereignty configuration achievable by each wallet (self-hosted node where applicable, hardened networking such as Tor/VPN when supported, and avoidance of optional hosted/cloud paths). Because default onboarding often differs from a hardened profile, a separate Default Trap Risk flag is included to capture how strongly the “happy path” pulls toward centralization, SDK/LSP dependency, or expanded metadata surfaces.

Criteria and weights

Code Criterion Weight What it measures
SOV Sovereignty & topology 25% Key/channel control, ability to operate through operator-controlled infrastructure, structural dependence (or independence) from a single LSP/SDK provider.
NET_PRIV Network / LSP privacy 20% Effectiveness of Tor/VPN options, degree of metadata centralization, and how much of the payment graph is visible to intermediaries (especially LSP-centric designs).
CODE_TRUST FOSS + distribution trust 20% Open-source licensing and auditability, repo health, reproducibility / F-Droid compatibility, and absence of known proprietary/tainted dependencies.
OPS Lightning operator power 15% Channel controls, routing/fee tools, multi-node support, and whether the wallet acts as a serious operator console vs a simplified payment UI.
ALIGN Alignment 15% Bitcoin-only purity vs stablecoin/multi-asset “superapp” drift; whether the architecture reinforces node-running sovereignty vs centralized Lightning-as-a-service ecosystems.
LIFE Maintenance & survivability 5% Release activity, responsiveness, and practical longevity under protocol/platform changes.
Default Trap Risk is qualitative: Low = default onboarding stays close to sovereign posture; High = defaults strongly route through a centralized provider, cloud hosting, or multi-asset service layer.

2) Final scores (max-sovereign mode)

Rank Wallet SOV NET_PRIV CODE_TRUST OPS ALIGN LIFE Composite Default Trap Risk
1 BitBanana 999596909685 95.1 Low–Medium
2 ZEUS 979396979290 94.9 Medium
3 Electrum 959098859090 92.1 Medium
4 Blixt 938292909088 89.5 Medium
5 Alby Hub / Go 928090858590 87.0 High (Cloud)
6 BlueWallet 887880788855 81.3 Medium–High
7 Phoenix 605888887892 73.7 High
8 Breez 656088856092 72.2 High
9 AQUA 585082754090 62.7 Very High

Notes: CODE_TRUST blends license/auditability with distribution trust (e.g., F-Droid acceptance and reproducibility signals). BlueWallet’s reduced CODE_TRUST reflects its historical removal from F-Droid due to tainted dependencies (see issue #5047 and the related F-Droid forum thread).

3) Final ranking (top → bottom)

  1. BitBanana — 95.1
  2. ZEUS — 94.9
  3. Electrum — 92.1
  4. Blixt — 89.5
  5. Alby Hub / Go — 87.0
  6. BlueWallet — 81.3
  7. Phoenix — 73.7
  8. Breez — 72.2
  9. AQUA — 62.7

4) Wallet-by-wallet analysis

Each subsection below includes the core architectural profile, the primary drivers of the score, and inline sources. Links are embedded per claim to avoid a detached appendix.

1) BitBanana — Composite 95.1 Tier 1 — node-grade tool

What it is A native Android app that functions as a remote control for an operator’s Lightning node (not a standalone wallet). See: F-Droid listing, official site, GitHub, Google Play.
Key drivers
  • SOV: Designed explicitly as remote control — “not a wallet on its own” and “use your node as a wallet wherever you go” (F-Droid).
  • NET_PRIV: Max-mode privacy depends on the underlying node setup; BitBanana markets “zero data collection” and privacy warnings (bitbanana.app).
  • CODE_TRUST: F-Droid availability implies free-dependency compliance and reproducible build posture (F-Droid).
  • ALIGN: Bitcoin-only positioning (bitbanana.app).
  • Funding signal: OpenSats listed BitBanana among grant recipients (OpenSats grants (Dec 2023)).

2) ZEUS — Composite 94.9 Tier 1 — node-grade tool

What it is An open-source Bitcoin/Lightning wallet and remote node manager for LND and Core Lightning (GitHub), with distribution including Google Play (Play Store) and an official F-Droid repository feed (zeusln.com/download).
Key drivers
  • SOV: Remote-control architecture for operator-controlled nodes is explicit in the project description (GitHub).
  • NET_PRIV: Tor-connected nodes are supported (documented in multiple public listings; see the package summary in download docs).
  • CODE_TRUST: Open-source repo plus official F-Droid repo setup instructions (zeusln.com/download).
  • OPS: Remote management features and channel operations are central to the app’s purpose (GitHub).
  • Default Trap Risk: Optional hosted/LSP pathways and broad integrations can centralize flows for non-operator usage (see product positioning on Play Store).

3) Electrum — Composite 92.1 Tier 1 — node-grade tool

What it is A long-standing, open-source Bitcoin wallet with Lightning support: electrum.org, F-Droid listing, Google Play.
Key drivers
  • SOV: Self-custodial design; private keys remain on-device (F-Droid).
  • NET_PRIV: “Instant On” uses servers indexing the blockchain; max-mode hardening typically implies pinning to trusted servers / own infrastructure (electrum.org).
  • CODE_TRUST: Mature FOSS posture + F-Droid availability (F-Droid).
  • OPS: LN support is present but UX is less mobile-first than operator consoles (F-Droid).

4) Blixt — Composite 89.5 Tier 1 — node-grade tool

What it is An open-source Lightning wallet for Android, “powered by lnd and Neutrino SPV”: GitHub, blixtwallet.github.io.
Key drivers
  • SOV: Runs a real Lightning stack on-device (LND + Neutrino) rather than outsourcing to a custodial service (GitHub).
  • NET_PRIV: Neutrino reduces some SPV leakage; defaults and peer selection still matter (blixtwallet.github.io).
  • OPS: Operator-grade capabilities relative to typical “invoice-only” wallets (release notes).

5) Alby Hub / Go — Composite 87.0 Tier 2 — sovereign hub / wrapper

What it is A self-custodial Lightning hub that connects to apps over Nostr Wallet Connect: GitHub, product page.
Key drivers
  • SOV: Self-hosting is supported; the hub can run as a desktop app or HTTP/Docker service (GitHub).
  • NET_PRIV: Nostr Wallet Connect expands metadata surfaces unless relays and client scopes are tightly controlled (GitHub).
  • Default Trap Risk: The product page prominently offers “Start Instantly with Alby Cloud,” implying a high-centralization default for newcomers (getalby.com/alby-hub).

6) BlueWallet — Composite 81.3 Tier 2 — sovereign when self-hosted

What it is A Bitcoin wallet that previously provided custodial Lightning via lndhub.io, which was sunset in 2023: official announcement.
Key drivers
  • SOV: Post-sunset Lightning use requires connecting to an operator-controlled LndHub (or another trusted backend), rather than relying on BlueWallet’s hosted node (BlueWallet).
  • CODE_TRUST: BlueWallet’s F-Droid builds were removed due to a tainted dependency chain (react-native-camera) (GitHub issue #5047).
  • Distribution signal: F-Droid community thread documenting the disablement (F-Droid forum).

7) Phoenix — Composite 73.7 Tier 3 — LSP-centric architecture

What it is A self-custodial Lightning wallet by ACINQ: official site, GitHub.
Key drivers
  • Topology: Phoenix uses splicing and manages “a single dynamic channel” in its third-generation design (ACINQ blog).
  • NET_PRIV: Even with self-custodial keys, centralized routing/infra concentrates metadata in the provider’s node role (design context in ACINQ post and App Store listing).
  • CODE_TRUST: Open-source repo for the mobile wallet (GitHub).

8) Breez — Composite 72.2 Tier 3 — SDK/LSP gravity

What it is A non-custodial Lightning client plus a developer-oriented SDK stack: breez.technology, SDK page, Liquid SDK docs.
Key drivers
  • SDK centralization: The SDK is explicitly designed to remove node-management complexity for app developers (Breez SDK).
  • Liquid nodeless model: Users swap BTC→L-BTC and transact on Liquid, described as overseen by a federation of 15 functionary operators (Liquid blog).
  • CODE_TRUST: Liquid implementation source is public (breez-sdk-liquid).

9) AQUA — Composite 62.7 Tier 3 — superapp / multi-asset rails

What it is A self-custodial Bitcoin & Liquid wallet positioned as a “superapp,” supporting BTC and USDt: aqua.net, GitHub (MIT), Play Store.
Key drivers
  • Seed storage statement: Seed phrases are saved locally via Keychain (iOS) / EncryptedSharedPreferences (Android) (aqua.net FAQ).
  • Mixed licensing trajectory: JAN3 announced the Marketplace would later become proprietary (JAN3 blog), while later support docs state Marketplace is currently open source but future versions will add proprietary Marketplace code (JAN3 support).
  • Release cadence: GitHub releases show continued development, with v0.4.0 tagged Feb 10, 2026 (releases).
This page captures the final scores and rationale. The numbers are deterministic within the stated framework; disagreements typically arise from different assumptions about “default mode vs max-mode,” and from how aggressively LSP/SDK centralization is capped under sovereignty-centric evaluation.

5) Tier map (fast classification)

Tier 1 — Node-grade sovereignty

Architecturally compatible with fully sovereign Lightning operation (operator-controlled infrastructure, optional Tor/VPN hardening, minimal forced intermediaries).

Tier 2 — Sovereign hubs / wrappers

Can be sovereign when self-hosted or paired with operator-controlled infrastructure, but defaults and ecosystem gravity increase metadata/centralization risk.

Tier 3 — LSP / SDK / superapp architectures

Self-custodial keys may still exist, but topology is structurally tied to a provider (or to multi-asset service layers), concentrating metadata and policy risk.

Quick provenance

Core sources used repeatedly across sections: