feat(spark): backup, recovery and safety nudges

 (#3755)

## Summary

Implements the backup, recovery, and safety nudge system for self-custodial wallets (Epic 3). Users can now secure their recovery material through multiple backup methods, restore wallets from any supported backup, and receive escalating prompts when funds are at risk without a backup.

Closes blinkbitcoin/blink-wip#648

## Epic 3 Tasks

### 3\.1 Backup method selection and Google Drive backup flow

- Backup method screen presents three options: Google Drive, Password Manager (Keychain), and Manual (seed phrase)
- Google Drive backup uploads encrypted/unencrypted seed phrase via `useCloudBackup` hook
- `BackupStateProvider` tracks backup status (`None`, `Pending`, `Completed`) and method (`Cloud`, `Keychain`, `Manual`), persisted to AsyncStorage
- `setBackupCompleted("cloud")` called on successful upload
- iOS cloud backup shows "coming soon" toast (Google Drive only on Android for now)

### 3\.2 OS-native secure backup

- Keychain backup via `useKeychainBackup` hook with `WHEN_UNLOCKED_THIS_DEVICE_ONLY` accessibility
- Added `read()` method to `useKeychainBackup` for restore flow
- `setBackupCompleted("keychain")` called on successful save
- Error handling with toast on save failure

### 3\.3 Manual backup flow with screenshot prevention and settings re-display

- `useWalletMnemonic` now reads real mnemonic from `KeyStoreWrapper.getMnemonic()` (replaced mock data)
- Deleted `spark-mock-data.ts` — no more hardcoded test words in production code
- `useScreenSecurity` hook wraps `react-native-screenguard` to prevent screenshots on backup phrase screen
- `setBackupCompleted("manual")` called on successful word confirmation
- Backup phrase viewable from Settings after backup is completed (`ViewBackupPhraseSetting`)
- `useBackupPhrase` hook loads words asynchronously from keychain

### 3\.4 Manual restore flow

- `useRestorePhrase` hook manages 12-word BIP39 input across 2 steps (6 words each)
- `useBip39Input` reusable hook: word validation, clipboard paste detection, BIP39 suggestions (3 suggestions after 3 characters), auto-advance on suggestion select
- `MnemonicWordInput` component: styled input with word number, green/red validation borders
- `SparkRestorePhraseScreen`: two-step word entry UI with suggestion bar, validation errors, loading/error states
- `useRestoreWallet` hook: calls `selfCustodialRestoreWallet`, sets `activeAccountId`, navigates to success. On failure: deletes mnemonic, reports to Crashlytics

### 3\.5 Google Drive and OS-native secure restore flow

- `SparkRestoreMethodScreen`: entry point with 3 restore options (Cloud, Keychain, Manual phrase)
- Keychain restore reads backup directly via `useKeychainBackup.read()` and restores inline
- `useCloudRestore` hook: downloads backup from Google Drive, handles encrypted (password prompt) and unencrypted (auto-restore) payloads
- `SparkCloudRestoreScreen`: multi-state UI (Loading → NotFound/Error → Password → Restoring)
- AES-128-GCM decryption with PBKDF2-derived key via `app/utils/crypto.ts`
- Added `download()` method to `useGoogleDriveBackup` hook
- Account type selection screen now routes self-custodial restore to `sparkRestoreMethodScreen` (was "coming soon" alert)

### 3\.6 Trust model and education content integration

- `useTrustModelSeen` hook: AsyncStorage-backed boolean flag, shown once per device
- `TrustModelModal` component: informational modal about Spark's operator-assisted trust model
- Shown on home screen for self-custodial users with balance > 0 who haven't seen it yet
- "I understand" button persists seen state

### 3\.7 Backup nudge state, dismissable banner, and settings banner

- `useBackupNudgeState` hook: determines banner/modal/settings-banner visibility based on:
    - Backup status (not completed)
    - Account type (self-custodial only)
    - BTC balance thresholds (configurable via Remote Config)
    - 24-hour dismissal cooldown (AsyncStorage)
- `BackupNudgeBanner` component: warning banner with dismiss button and "Secure now" CTA
    - Shown on home screen when BTC balance >= banner threshold (default 2100 sats)
- Settings screen shows orange warning banner when `shouldShowSettingsBanner` is true
- `BackupWalletSetting` and `ViewBackupPhraseSetting` added to security & privacy settings group

### 3\.8 Persistent backup modal at high-risk threshold

- `BackupNudgeModal` component: non-dismissable modal with "Secure Me" button
- Shown on home screen when BTC balance >= modal threshold (default 21000 sats)
- Cannot be closed — user must complete backup to dismiss
- Thresholds configurable via `backupNudgeBannerThreshold` and `backupNudgeModalThreshold` in Firebase Remote Config

## Self-custodial balance and real-time price fix

These fixes were implemented in this PR because the previous Epic 2 work used mocked data for self-custodial wallets, so the balance display issues only became visible once real wallet data was wired in Epic 3.

### Real-time price for self-custodial users

The Blink backend already exposes a public `Query.realtimePrice(currency)` endpoint that does not require authentication (registered under `queryFields.unauthed` in the backend). However, the mobile app was only consuming the authenticated version via `me.defaultAccount.realtimePrice`, which meant self-custodial users (who have no backend token) had no price data — the balance header showed `$0.00` even with sats in the wallet.

Added a new `realtimePriceUnauthed` GraphQL operation that calls the public endpoint. `usePriceConversion` now uses two sources:
- **Authenticated users**: `useRealtimePriceQuery` (unchanged, same as before)
- **Self-custodial users**: `useRealtimePriceUnauthedQuery` as fallback with 5-minute polling

The unauthed query only activates when there is no authenticated price data (`skip: isAuthed || Boolean(authedPrice)`). Custodial flow is completely unaffected.

### Wallet overview individual balances

`WalletOverview` component had an `if (isAuthed)` guard that prevented individual wallet balances (Bitcoin sats, Dollar amount) from rendering for self-custodial users. Changed to `if (isAuthed || hasWallets)` so that when wallet data is passed as props (from the SDK), balances render correctly regardless of auth status.

### Home screen loading state

The self-custodial loading check was `!activeWallet.isReady`, which included both `loading` and `error`/`unavailable` states. When the SDK failed to init (e.g., after a fresh restore), the home screen showed an infinite spinner because `error` status is not `ready`. Changed to `activeWallet.status === "loading"` so the spinner only shows during actual SDK initialization, not on error states.

### SDK reinit after wallet restore

After restoring a wallet, the `SelfCustodialWalletProvider` had already run its lifecycle with no mnemonic (since the provider mounts before the user completes restore). The SDK was stuck in `unavailable` status. Added `reinitSdk()` call (via `retry()` from the provider) after successful restore to re-trigger the lifecycle with the newly stored mnemonic.

### SDK initLogging resilience

`initLogging` from the Breez SDK can throw `SdkError.Generic` when called after certain SDK state transitions within the same app session (e.g., after a restore triggers a second lifecycle run). This was crashing `initSdk` entirely. Wrapped `initLogging` in a try/catch — logging initialization is non-fatal, the SDK works correctly without it.

## Additional work

### Infrastructure

- Added `react-native-screenguard` dependency for screenshot prevention
- Added `OnboardingScreenLayout` shared layout component for consistent onboarding UX
- Added `SettingsCard` reusable component for settings entries with icon, title, description
- Added `bip39-wordlist.ts` utility with `getBip39Suggestions` and `splitWords` helpers
- Added `crypto.ts` utilities: AES-GCM encrypt/decrypt, PBKDF2 key derivation, RSA-OAEP encryption
- Added `backupNudgeBannerThreshold` and `backupNudgeModalThreshold` to feature flags context

### Navigation

- 3 new routes: `sparkRestorePhraseScreen`, `sparkRestoreMethodScreen`, `sparkCloudRestoreScreen`
- All registered in root navigator with empty title headers

### Internationalization

- Added translation keys across 28 languages for: `RestoreScreen`, `BackupNudge`, `TrustModel`, `BackupScreen` sections
- Updated `BackupMethod.iOSComingSoon` key

### Test coverage

- 9 new test suites: `use-screen-security`, `use-wallet-mnemonic`, `use-bip39-input`, `bip39-wordlist`, `BackupStateProvider`, `MnemonicWordInput`, `BackupNudgeBanner`, `SettingsCard`, `ViewBackupPhrase`, `trust-model-screen`, `use-restore-wallet`, `use-restore-phrase`, `use-cloud-restore`
- 15 existing test suites updated for new mocks, async mnemonic loading, and backup state integration
- All 272 suites / 2882 tests passing

## Pending (not in scope)

- iCloud backup (iOS) — Google Drive only for now
- Backup verification re-prompt after restore
- Backup age expiration warnings

Author: esaugomez31

__mocks__/react-native-screenguard.js

@@ -0,0 +1,5 @@
+module.exports = {
+  initSettings: jest.fn().mockResolvedValue(undefined),
+  register: jest.fn().mockResolvedValue(undefined),
+  unregister: jest.fn().mockResolvedValue(undefined),
+}

__tests__/components/backup-nudge-banner.spec.tsx

@@ -0,0 +1,99 @@
+import React from "react"
+import { render, fireEvent } from "@testing-library/react-native"
+
+import { BackupNudgeBanner } from "@app/components/backup-nudge-banner"
+
+const mockNavigate = jest.fn()
+
+jest.mock("@react-navigation/native", () => ({
+  ...jest.requireActual("@react-navigation/native"),
+  useNavigation: () => ({ navigate: mockNavigate }),
+}))
+
+jest.mock("@rn-vui/themed", () => {
+  const colors = {
+    grey2: "#999",
+    grey5: "#f5f5f5",
+    primary: "#007",
+    black: "#000",
+    white: "#fff",
+  }
+  return {
+    makeStyles:
+      (fn: (theme: { colors: typeof colors }) => Record<string, object>) => () =>
+        fn({ colors }),
+    Text: ({ children, ...props }: { children: React.ReactNode }) =>
+      React.createElement("Text", props, children),
+    useTheme: () => ({ theme: { colors } }),
+  }
+})
+
+jest.mock("@app/components/atomic/galoy-icon", () => ({
+  GaloyIcon: () => null,
+}))
+
+jest.mock("@app/components/atomic/galoy-icon-button", () => ({
+  GaloyIconButton: ({ onPress }: { onPress: () => void }) =>
+    React.createElement("Pressable", { onPress, testID: "dismiss-button" }),
+}))
+
+jest.mock("@app/components/atomic/galoy-primary-button", () => ({
+  GaloyPrimaryButton: ({ onPress, title }: { onPress: () => void; title: string }) =>
+    React.createElement(
+      "Pressable",
+      { onPress, testID: "cta-button" },
+      React.createElement("Text", {}, title),
+    ),
+}))
+
+jest.mock("@app/utils/testProps", () => ({
+  testProps: (id: string) => ({ testID: id }),
+}))
+
+jest.mock("@app/i18n/i18n-react", () => ({
+  useI18nContext: () => ({
+    LL: {
+      BackupNudge: {
+        title: () => "Your funds are at risk",
+        description: () => "Secure your wallet now. It only takes a minute.",
+        cta: () => "Secure wallet",
+      },
+    },
+  }),
+}))
+
+describe("BackupNudgeBanner", () => {
+  beforeEach(() => {
+    jest.clearAllMocks()
+  })
+
+  it("renders title and description", () => {
+    const { getByText } = render(<BackupNudgeBanner onDismiss={jest.fn()} />)
+
+    expect(getByText("Your funds are at risk")).toBeTruthy()
+    expect(getByText("Secure your wallet now. It only takes a minute.")).toBeTruthy()
+  })
+
+  it("renders CTA button with correct label", () => {
+    const { getByText } = render(<BackupNudgeBanner onDismiss={jest.fn()} />)
+
+    expect(getByText("Secure wallet")).toBeTruthy()
+  })
+
+  it("calls onDismiss when dismiss button pressed", () => {
+    const onDismiss = jest.fn()
+    const { getByTestId } = render(<BackupNudgeBanner onDismiss={onDismiss} />)
+
+    fireEvent.press(getByTestId("dismiss-button"))
+
+    expect(onDismiss).toHaveBeenCalledTimes(1)
+  })
+
+  it("navigates to backup method screen on CTA press", () => {
+    const { getByTestId } = render(<BackupNudgeBanner onDismiss={jest.fn()} />)
+
+    fireEvent.press(getByTestId("cta-button"))
+
+    expect(mockNavigate).toHaveBeenCalledWith("sparkBackupMethodScreen")
+  })
+})

__tests__/components/backup-nudge-modal.spec.tsx

@@ -0,0 +1,153 @@
+import React from "react"
+import { render, fireEvent } from "@testing-library/react-native"
+
+import { BackupNudgeModal } from "@app/components/backup-nudge-modal"
+
+const mockNavigate = jest.fn()
+
+jest.mock("@react-navigation/native", () => ({
+  ...jest.requireActual("@react-navigation/native"),
+  useNavigation: () => ({ navigate: mockNavigate }),
+}))
+
+jest.mock("@rn-vui/themed", () => {
+  const colors = {
+    grey0: "#ccc",
+    grey2: "#999",
+    grey5: "#f5f5f5",
+    primary: "#fc5805",
+    black: "#000",
+    white: "#fff",
+  }
+  return {
+    makeStyles:
+      (fn: (...args: unknown[]) => Record<string, object>) => (props?: unknown) =>
+        fn({ colors }, props ?? {}),
+    Text: ({ children, ...props }: { children: React.ReactNode }) =>
+      React.createElement("Text", props, children),
+    useTheme: () => ({ theme: { colors, mode: "light" } }),
+  }
+})
+
+const mockGaloyIcon = jest.fn<null, [Record<string, unknown>]>(() => null)
+
+jest.mock("@app/components/atomic/galoy-icon", () => ({
+  GaloyIcon: (props: Record<string, unknown>) => {
+    mockGaloyIcon(props)
+    return null
+  },
+}))
+
+jest.mock("@app/components/atomic/galoy-icon-button", () => ({
+  GaloyIconButton: ({ onPress }: { onPress: () => void }) =>
+    React.createElement("Pressable", { onPress, testID: "close-button" }),
+}))
+
+jest.mock("@app/components/atomic/galoy-primary-button", () => ({
+  GaloyPrimaryButton: ({ onPress, title }: { onPress: () => void; title: string }) =>
+    React.createElement(
+      "Pressable",
+      { onPress, testID: "secure-button" },
+      React.createElement("Text", {}, title),
+    ),
+}))
+
+jest.mock("@app/components/atomic/galoy-secondary-button", () => ({
+  GaloySecondaryButton: () => null,
+}))
+
+jest.mock("react-native-modal", () => {
+  const MockModal = ({
+    children,
+    isVisible,
+  }: {
+    children: React.ReactNode
+    isVisible: boolean
+  }) => (isVisible ? React.createElement("View", { testID: "modal" }, children) : null)
+  MockModal.displayName = "MockModal"
+  return MockModal
+})
+
+jest.mock("@app/utils/testProps", () => ({
+  testProps: (id: string) => ({ testID: id }),
+}))
+
+jest.mock("@app/i18n/i18n-react", () => ({
+  useI18nContext: () => ({
+    LL: {
+      BackupNudge: {
+        modalTitle: () => "Secure your funds",
+        modalDescription: () =>
+          "We highly recommend you backup your wallet to prevent a complete loss of funds in case you lose this device.",
+        secureMe: () => "Secure wallet",
+      },
+    },
+  }),
+}))
+
+describe("BackupNudgeModal", () => {
+  beforeEach(() => {
+    jest.clearAllMocks()
+  })
+
+  it("renders when visible", () => {
+    const { getByTestId } = render(
+      <BackupNudgeModal isVisible={true} onClose={jest.fn()} />,
+    )
+
+    expect(getByTestId("modal")).toBeTruthy()
+  })
+
+  it("does not render when not visible", () => {
+    const { queryByTestId } = render(
+      <BackupNudgeModal isVisible={false} onClose={jest.fn()} />,
+    )
+
+    expect(queryByTestId("modal")).toBeNull()
+  })
+
+  it("renders title and description", () => {
+    const { getByText } = render(
+      <BackupNudgeModal isVisible={true} onClose={jest.fn()} />,
+    )
+
+    expect(getByText("Secure your funds")).toBeTruthy()
+    expect(
+      getByText(
+        "We highly recommend you backup your wallet to prevent a complete loss of funds in case you lose this device.",
+      ),
+    ).toBeTruthy()
+  })
+
+  it("renders secure wallet button", () => {
+    const { getByText } = render(
+      <BackupNudgeModal isVisible={true} onClose={jest.fn()} />,
+    )
+
+    expect(getByText("Secure wallet")).toBeTruthy()
+  })
+
+  it("navigates to backup method screen and closes on button press", () => {
+    const onClose = jest.fn()
+    const { getByTestId } = render(
+      <BackupNudgeModal isVisible={true} onClose={onClose} />,
+    )
+
+    fireEvent.press(getByTestId("secure-button"))
+
+    expect(onClose).toHaveBeenCalledTimes(1)
+    expect(mockNavigate).toHaveBeenCalledWith("sparkBackupMethodScreen")
+  })
+
+  it("uses primary color for warning icon", () => {
+    render(<BackupNudgeModal isVisible={true} onClose={jest.fn()} />)
+
+    expect(mockGaloyIcon).toHaveBeenCalledWith(
+      expect.objectContaining({
+        name: "warning",
+        size: 52,
+        color: "#fc5805",
+      }),
+    )
+  })
+})

__tests__/components/info-banner.spec.tsx

@@ -17,16 +17,53 @@ describe("InfoBanner", () => {
     expect(getByText("Banner content")).toBeTruthy()
   })
 
-  it("renders multiple children", () => {
+  it("renders title when provided", () => {
     const { getByText } = render(
+      <ContextForScreen>
+        <InfoBanner title="Warning title">
+          <Text>Content</Text>
+        </InfoBanner>
+      </ContextForScreen>,
+    )
+    expect(getByText("Warning title")).toBeTruthy()
+  })
+
+  it("renders icon when provided", () => {
+    const { getByText } = render(
+      <ContextForScreen>
+        <InfoBanner icon="warning" title="With icon">
+          <Text>Content</Text>
+        </InfoBanner>
+      </ContextForScreen>,
+    )
+    expect(getByText("With icon")).toBeTruthy()
+  })
+
+  it("renders without title and icon", () => {
+    const { getByText, queryByText } = render(
       <ContextForScreen>
         <InfoBanner>
-          <Text>First part</Text>
-          <Text>Second part</Text>
+          <Text>Only content</Text>
+        </InfoBanner>
+      </ContextForScreen>,
+    )
+    expect(getByText("Only content")).toBeTruthy()
+    expect(queryByText("Warning title")).toBeNull()
+  })
+
+  it("accepts custom iconColor and titleColor", () => {
+    const { getByText } = render(
+      <ContextForScreen>
+        <InfoBanner
+          title="Custom colors"
+          icon="warning"
+          iconColor="error"
+          titleColor="error"
+        >
+          <Text>Content</Text>
         </InfoBanner>
       </ContextForScreen>,
     )
-    expect(getByText("First part")).toBeTruthy()
-    expect(getByText("Second part")).toBeTruthy()
+    expect(getByText("Custom colors")).toBeTruthy()
   })
 })