Topic: As a crypto investor, the less app you install the better. (Read 474 times)

The more you use crypto wallets that allows screenshots the more chances you get your self scammed mostly when you install the wallets on your cellphones. Everyone's intentions are not the same, anyone can have access to your phone and screenshot your wallet others might see it and try to scam you on your absence. Many devices saves passwords  and logins detail, so advise one should always go to the password management section under settings to delete the wallet password.

Yes, having fewer apps installed on the devices we use for crypto-related activities is a good one for all cryptocurrency investors but it still doesn't provide the needed security and protection to prevent vulnerability. Besides, if we're still using Android and iPhone but never turn off certain settings on our phones we're still not far away from vulnerability and possible private information bridge based on how these phones are programmed by the manufacturer.
I created a thread last year that provided an insight assistant on this with the link to check the flaws of all the applications we installed or are about to install on our devices.

I don't think smartphones let users take screenshots of seed phrase, there is usually a kind of protection in the wallet app against that, otherwise it would be less difficult to hack HD seeds of wallets. But more globally you shouldn't leave large amounts of funds in your hot wallets. And if you need to use a smartphone to use some dApps with higher amounts, it's better to dedicate a smartphone to it if you can afford it.

Yeah, they are for the design of it and thinks that it's the best keyboard that they'll ever have. I don't usually download something like this and even plug ins. Any type of app that we're downloading that we're not familiar with, there's a huge risk that we're putting to ourselves if we're going to be careless just for the sake of aesthetic and liking the design of it. Honestly, we don't really need them if there are integrated keyboards or the default ones.

It's applicable to anything and not just with keyboards. And once we give these apps permissions to access our phones, that's like giving them a huge hole and gate to come forward and attack us easily.

That's a good advice because there are many people who actually install 3rd party keyboards because it looks all good and aesthetic.
I have already told my friends to avoid using such 3rd party keyboards because of security and data concerns.
We should only use the built in keyboards on our phones and also restrict permission to apps which doesn't require keyboard access.

I tried many keyboards but none of them are convenient as Gboard and if I am not it is the default keyboard for most Android devices.

Whatever I type something sensitive then I opt for the virtual keyboard whether it's entering seeds in electrum or logging into my internet banking that completely eliminated the concern we are talking about apart from that I just use Gboard in all my android devices.

Some third-party keyboards come with account synchronization and sometimes such keyboards can also have keyloggers attached to them which means that anything you type using the keyboard, is sent directly to the hackers that have injected the keylogger into that keyboard and you wouldn't even know about it. Before you come to know, they will have your accounts emptied and you will have nothing else to do than to regret.

Mobile applications are getting compromised a lot these days, so users need to be cautious when installing applications both from app stores and from third-party websites because they can contain malware and other material that can compromise their device and financial apps.

The highest safety comes from knowing how developers collect your data and what level of risk and privacy you will have using those apps, so we need to protect ourselves by knowing what steps to take that will guarantee our safety online and while using third-party apps.
I have been a victim of clipboard attacks before,  and to some extent, I learned a very bitter lesson from that experience since I did not know where the attack came from I became more skeptical about almost everything that came into my device.

The literal meaning of airgap is to isolate the network and prevent any external access or connection. This means if done correctly there is no route of access for a malicious app.

Definitely avoid unmaintained open source softwares, but also avoid closed source wallets.
It's a security advice and not everyone takes them seriously, so you don't necessarily have to see the threat.

You sounded so confident like this is the ultimate solution for hacking and fishing. Prevention has always been the best measure to take. Once a malicious app has access to your device, airgaped or not, there's a problem.

I don't see this as a big threat especially as you mentioned Trust wallet. Besides some closed source apps are better than unmaintained open source apps.

Presuming you are using Android.  The keyboard Google offers is very bad.  It is Closed Source and no body can guarantee the information never leaves toward their servers.

Use OpenBoard instead.  It works and looks just like Google Keyboard but is Open Source.  This guarantees you do not have information leaking through stupid 'features' such as data collection.

You can find OpenBoard here.  https://f-droid.org/packages/org.dslul.openboard.inputmethod.latin/

Maybe, he is mentioning Google keyboard which tracks all the user data knowingly or unknowingly from it's user for various purposes. I have been using Gboard for years and I try to disable all the possibilities where Google can track us which may not give complete privacy but better than letting them know everything about us.

AFAIK, Google  doesn't collect user data from keyboard unless the user enabled the next word suggetion so these small tweaks can give better internet security.

If you've so many apps installed on your phone, especially from unknown sources, there's a greater chance of getting your funds stolen by an hacker, as some of the apps may be developed and deployed on internet by scammers. My advice is that you get a hardware wallet for storing your funds offline while you use your phone for browsing and other activities.

I don't really get what you mean by keyboard can be compromised by account synchronization. Also, I don't think there's any such thing as offline keyboard. To avoid losing your funds to scammers, do not install fancy or third party keyboard, only use the factory installed stock keyboard.

The worse part of it is that any keyboard can get compromised with account synchronisation. So, the best thing is to use offline keyboards to avoid getting hacked or compromised with keyboad. I use my keyboard offline now.

True, but how is it possible to do that considering the fact that there are so many apps for airdrop and doing testnet these days. I literally do not even know the number of apps I have in my phone these days. Maybe, one needs to get a different phone for farming airdrops and testnet.

I strongly advise you to just avoid storing your crypto on your smart phone. We have to be careful about smart hackers as well. When we use a hardware wallet, hackers won't get access to your wallet unless you compromise your seed phrase. Our mobile devices and computers would be affected anytime when we installed something that we weren't well aware of. So we might lose everything, and our wallet would become empty. We have seen many cases where hackers attack through malware when installing something from untrusted sources.

In the cryptocurrency world, one feature that we like most and always prefer is what we call privacy and for that, any action that will expose us, we always try as much as possible to avoid, and just like installing multiple third-party apps on our devices because we don't know which one comes along with a malware that could affect our system.
So we all have to try as much as possible to only keep clean and secured apps on our phones or computer devices, this is very important to save us from every possible vulnerability attack that may come along the way.

Yeah, I don't recommend using mobile wallets to cryptocurrency investors in the first place. They are not secure and mobile phones or any devices connected to the internet are always vulnerable to hacks and exploits, so it's better to store your cryptocurrencies elsewhere even if you are using an online wallet which you shouldn't, make sure that it's not always installed and available for anyone to access through the device as your device can get in the hands of anyone.

People often make the mistake of having their wallets in their mobile phones and then saving their important credentials such as passwords and seed phrases inside that phone, in such cases, if your phone is lost or stolen, you basically lose all your funds since you have everything in that phone.

I do not get the point of inserting a Seed or other sensitive information using the Default Keyboard anyway.  A keylogger type of infection could easily pick up the keys you push on your screen but will likely not pick up any thing if the App you are using has its own keyboard unrelated to your phone system.

Using Third Party keyboards is the worst thing you can do.  You are compromising the Security of your Wallet for a more eye pleasing personalized experience.  It makes zero sense.

But then also be careful about Apps requesting permissions for Screen Overlay and such.  These can be just as dangerous.  It is always important to often check your Device Settings and see which permissions do your Apps have enabled.  But then again.  You probably should not have a Wallet installed on a phone which you use to install all sorts of suspicious Apps.

I have found many applications for non-default keyboards that have been modified and developed and added attractive features. These modified applications are not only for the keyboard but also for communication applications. You may find WhatsApp Gold or Telegram Plus and unofficial versions developed by unknown people. When someone uses one of these applications, these applications may collect essential and sensitive information, violate privacy, and expose his phone to big risks and his wallet to be exploited through the permissions obtained by them. The best thing is to use another phone for these wallets without downloading unofficial or non-default applications, whether on Google Play, the Apple Store, through the search engine, or any advertisements.

Thank you, OP, for this valuable advice.

It is always a good advice to go for the browser version of any service instead of installing the App in your smartphone: the data they are able to collect from you are much less via browser, and it is easier to control which you share. Of course, you have to trust your browser, but I think that they are safer from the design.

And, even better, do the exercise of evaluating which services are worth using and stop using all those you think that are dispensable. Not only from the point of view of security, but for a better use of your time too.

Updating your wallets frequently on an airgapped device is not necessary, unless there is a serious security flaw, you can use the older versions for along time. Furthermore the risks in getting a updated version is nothing compared to having your wallet on your regular device.

Ledger is not an open source wallet, I recommended you use that for more security.
Getting scammed by fake stores is a whole 'nother discussion which is unrelated to my initial comment.

Yes, all of this is understandable. There are many bitcoin users who don't have a hardware wallet to store their bitcoin, it's not a big problem and I think it's still okay. The problem is, they have to find a way to properly secure their bitcoins even if it is not completely risk-free. All wallet options have their own level of risk, but at least they know how to be safer by minimizing the risks.

Having a hardware wallet is certainly better in terms of minimizing risks, but it also doesn't completely guarantee that your bitcoins remain safe. However, if you have a large amount of assets, then the best choice is a hardware wallet rather than a software wallet.

that's 100% true.I experienced getting hacked 2, 3 times  myself by downloading different software. but mine was in desktop versions. thankfully never had this issue from mobile which is my primary source of wallets.
after experiencing those incidents, I stopped downloading any software program in my laptop.  too afraid to download even trusted software at this point.
As a Crypto user everyone should be careful about these things because hackers are everywhere nowadays.

Dear, you raised a good point about "fancy keyboards" These kinds of applications that provide such kinds of styles to the user keyboards are open-source applications because most of them are available on Google websites. I used to avoid downloading any open-source applications from Google But I remember when I was the newbie in the crypto space I used to make these kinds of mistakes and when I came to know about these things I started to avoid them. Most of the applications were movie applications but I deleted all of them later when I came to know about it.

Having so many apps on your phone with a good portion of your funds is not advisable, it exposes you to more risk. Fake applications can avoided by verifying the signature before downloading, but to save yourself the stress, just get a hardware wallet and keep your coins or use your device to create an airgapped wallet. When you do this, you'll be less worried about a malware such as keylogger that can take record of your key strokes and send it to the scammer.

You can simply boil this entire post down to one conclusion: if you are a crypto investor, do not store your funds on your phone. Some amounts are needed for certain operations, but the entire amount should not be trusted, even with a pure iPhone or an Android.
Just buy yourself a device that will not come into contact with the Internet or a hardware wallet that has only one purpose: to keep your crypto safe.

Who told you that they don't have to worry about what they download? What about trying to update the hardware wallet? Most hardware wallets still update only by connecting them to a PC and using a USB cable, are you saying that this is not a risk of using a hardware wallet?

What about those Ledger users that got scammed by fake Ledger apps on third-party stores? People still fall victims to this isn't it? You are talking as if once they buy the hardware wallet all risks are over.

As a hardware wallet owner, you still need to write down your recovery seed in a safe location, isn't it? A lost recovery seed makes a hardware wallet useless, as funds can be moved out, just like when your softer wallet is compromised, tell me that hardware wallet is risk free...

The main purpose of my topic is for software wallet users not hardware wallet users, many crypto beginners still use software wallets like Electrum and other open source software wallets, not everyone can afford hardware wallet and it's not completely free of scam risks if they can get a hardware wallet too.

Although you can import the wallet into your Unstoppable wallet and never use the Trust wallet again because you no longer require it, I'm amazed that you still have the Trust wallet given the capabilities and functionality of the Unstoppable wallet.
There's no need to have many apps on the phone, or operating system you use for your crypto.

As crypto investor, you should have separate environments for your investment activities and for your other stuff. If you are trading thousands of dollars worth of coins, you should just get a cheap laptop for trading instead of using apps on your phone which is always online and does whatever it wants on the Internet. And for your wallet you should have a hardware wallet or a cold storage PC/laptop. Mobile wallets should be only for tiny daily expenses.

It's not about making installations because you will at the long run needed some apps to be installed for one or two purposes, but the advice I will give in this condition is to make use of a different device for your wallet which may not even have an Internet connection at all, this will help prevent you from using the google to browse or make downloads of apps that may be risky to your system, treat your wallet on a different device not accessible to everyone.

I feel this is a serious warning to most crypto-newbies, who are very reluctant about the security of their crypto-asset, or probably because they don't know the kind of risk that those non-deafult keyboard-Apps can put their asset. Some people like those Keyboards because they have fancy colors and nice design, unknown to them that they can contain some malware that can possibly steal every secret information from their device or grant their device access to hackers.

I was aware of it already because those applications that you install from Google are open-source applications that may have loopholes in them which can help scammers or hackers to scam your information or money. I used to install these kinds of applications before and when I came to know about them I deleted them at all. Those applications were movie applications that I used to use in my spare time. So these kinds of applications may cause to compromise of your data. My suggestion is to avoid them all. Espacially do not install any open source application in the device where you hold your personal data or crypto assets.

Your crypto is your responsibility, meaning you are the first person who is fully responsible for whatever assets you own. Storing all your assets on your smartphone especially in an online wallet is a risky choice, but if you understand it and are able to bear all the consequences then it is good for you.

Wherever you keep your assets (any wallet), just know, don't tell anyone except people you trust. You never know who will take it from you, whether it's a hacker or a robber, so it's best to avoid it. Here we can only give you advice, but the best practices are in your own hands.

Most mobile phones have second space or Dual user mode these days. You should not use the same user to do everything. Use the default user interface for your daily use and use another interface just for crypto-related things. It would be better if you could use a completely different device for crypto currency alone. But, you have to think if it's worth it.

You don't have to buy another device just because you want to safe your $50 crypto. You should go for a hardware wallet or a different device if you are an investor yourself. Even though I do use my regular device for crypto as well, I am planning to have dedicated device for crypto only.

Do people still use crypto wallet that allows taking screenshot? I don't know for others but right from setting up a wallet, if I discover that it allows taking screenshot of keys phrases, I will instantly discard it without a second thought because it is a sign of weak security protocol from the developers. On the aspect of keyboard, I don't know what third party keyboards offer that phone built in keyboard doesn't offer which makes people to use them despite knowing the risk involved nowadays. I remember back then when I used third party keyboard but whenever I enter any site or app that requires typing of password or other sensitive information, my phone will automatically switch to phone built in keyboard. That's how things are supposed to be but I don't know what's wrong this days. Some of these security threats can be avoided by us using simple measures but we choose to overlooked it until it causes harm.

For security, yes, I agree with you. because most applications require permission to access location, contacts on the smartphone, and even access our files. they don't steal, but we allow the app to access it all.
So all of us need to minimize these risks. If possible, use a special smartphone that is not used for activities other than opening a wallet.
Not only applications but sometimes we are too curious about advertisements or emails sent to our devices. We must be careful and vigilant in using our devices.

I didn't say a hardware wallet is the solution to all problems, there's isn't a singular security advice that offers 100% security neither is there a best advice, rather we have an application of several precautions and security tips which we are constantly learning and improving.

Combining a hardware wallet and a airgapped device deters majority of online threats like clipboard malwares or seed stealers.

AV and firewall make sense, but only the paid ones. I won't say that they do their job perfectly and don't spy on the user, but all those AVs that are free are very bad at their job and collect all possible data from your computer that they can get their hands on. However, if you already have such software on your computer, you don't need to worry too much about updates, because everything is set to be updated automatically - whether it's about antivirus definitions or upgrading the program itself.

Most wallet developers don’t even need your KYC before getting your personal information just the moment when you install the app in device and you grant them access to your phone they will automatically be extracting any information they they need from your phone without your knowledge from your pictures down to your contact.

Even when you want to install the crypto wallet which you want to use always make sure you are getting them from the direct source because downloading crypto wallet from random sites are also very dangerous as it can expose your wallet to hack and you don’t know what that one you downloaded is capable of aside from your crypto being stolen they can also do some other danger to the wallet.

There is one thing I do lately in regards to my crypto wallet, both on my laptop and my mobile phone. My wallets are on my old device, so I wipe both the PC and mobile phone and turn them into my personal wallet gadget. It's only the wallet app that is installed on both devices.
 
I'm a gamer and graphic designer, and I know most of these online gaming apps and other apps I download on my phone for other uses are not safe, but I still need them in one way or another to help with whatever I want to use them for.

There are apps that we might really need for something, and we might want to get them by all means, but most of these apps are not open source and can be dangerous to anything relating to crypto. This is why I have to use a separate device for my daily life as an activist and also a separate device for my wallet.

If anyone can, avoid anything that has third party to it. I feel that the security risks associated with them is very high. From the OP it is a kind of security measures put in place that blocks third party keyboards when it thinks that the individual is entering a very sensitive information.

Yes, this is the best advice. This takes me to my point earlier. 3rd party apps on mobile devices are like family. They are filled with so many tracking software that the user is oblivious of. On the other hand, even if you use a desktop wallet, it is your responsibility to ensure that it is up to date with the anti-virus and firewall.

Most of this mining app are dangerous because a hack to their network reveals data of the users, that’s why you see many people receiving emails of even wallets that they do not have. As for your choice of wallets I will say the your bitcoin wallet choices are great but those trust wallet and meta Mask are not advisable because they are closed source, because with close source wallets you don’t know what exactly is happening behind close doors, you can go for open source wallets like unstoppable wallet.



This days with the away seed phrases are getting either compromised or people are accepting fake transactions due to phishing attacks on this Hardware wallets I will even advise the use of wallet on airgapped devices rather than hardware wallets but the problem is most newbies do not understand how to set this up so the best thing is for them to just stick to hardware wallets but it most certainly be an open source one such that any breach will be notice by experts.


Instead of having multiple mobile devices you can simply go for a cold storage wallet either airgapped device or an open source hardware wallet like passport. I think the amount of a new mobile phone is equivalent to getting any of this devices.

One or two are good enough. Besides, it is useless to have 3 different wallets when we just use the two. I have Electrum on my PC and Trust Wallet and 1 exchange site on my phone, and I have no problem in regards to hacking incidents ( I hope it won't happen). If we believe that is all we need, then that is good already.

It was not a sort of app collection that we needed to have them all but what we just needed it the useful one.
We can have them on the other phones but not a single phone for some security reasons.

A device, either desktop computer, laptop, smart phone or tablet, must be only used for storing your bitcoin or cryptocurrencies. Ideally it should be your practice but if you can not assign a specific device for this, you can use it with other tasks but always try to limit your application installation.

Because risk from downloading files, installations is big in practice.

Don't be too much curious and fall into malicious things.

An example is a senior Bitcoin developer, an ex-staff, Lukedashjr.

Bitcoin developer @lukedashjr's wallet was hacked.

HW is not the ultimate solution to all problems, because those who do not understand the risks are still at risk from threats such as clipboard malware or seed stealers that such devices are not immune to. Regardless of where you store your coins, I would not agree that we should download apps just like that, because we still run the risk of infecting our devices with various malicious programs that can cost us a lot.

---

The best advice you can get is to not keep more in your mobile wallet than you can afford to lose - because there is not only a risk of malware, but also of someone physically attacking you and forcing you to give them access to your wallet.

yes, absolutely! A non-default keyboard can get your typing recorded and pose a risk of scamming, which is called a keylogger. To be clear, according to Malewarebytes (click the  link), "keyloggers are a particularly insidious type of spyware that can record and steal consecutive keystrokes (and much more) that the user enters on a device. The term keylogger, or “keystroke logger,” is self-explanatory: software that logs what you type on your keyboard ".That's why you should just use the default ones, and the secure apps come from a legitimate source. 

As a crypto investor, you should invest in a good open source hardware wallet or keep your coins on an airgapped device. This way you don't have to worry about what you download on your mobile or desktop cause it's not linked to your holdings.

If you have to use a regular mobile device, you have to take necessary precautionary measures.
• Don't use third party keyboards,
• Don't use closed source wallets like trustwallet,
• Don't store passwords or seed phrases on the device,
• Don't click on unsolicited links.

Most people don't reason what would be the gain of most mining app to the developer.  Most mining app aim is to gathe Most individual personal information (personal data) with all means mostly with the used of kyc. The only wallet have installed in my device for multiple coins are trust wallet and meta mask while for my BTC I'm just using electrum and bluewallet.
That why before thinking of installing any app you should make proper research concerning that app. Because they are also Decentralized mining app but they are few.

The only crypto wallet app I have stored in my Smartphone is Trustwallet and metamask, and other cryptocurrency exchange app, lately have stopped to install these mining app and any other cryptocurrency wallet for account security and security of my phone. Somes we get our phone stock with these app and we don't know when any hack would come especially when a particular airdrop ask to install app and claim their token from then i never pay heed to install more app in phone because i don't want my assets to be touched or hacked from my phone since we now have our money in our palm walking with it.

The best are wallets' virtual keyboards and the wallets that will only allow you to select the words for verification that you have backup the seed phrase.

There are many close source third party apps on applications stores. Using third party keyboard is not good at all. I do not know why people like it. I prefer the keyboard that my devices come with.

Not only apps but there are other things to avoid. I set my apps not to install file from third party and I do not download any file from any site. On the online device that I have my little of my coins, I only use it for wallet and exchange purposes and nothing more than that.

To be on the safest way, use cold wallet, multisig wallet or combine both. But also still be very careful of malware.

I second it's the same for the desktop users that are into crypto. The risk is on those folks that are mostly getting into airdrops and joining those tests and requirements that they need to fulfill through downloading certain apps from those projects.

Before downloading, always verify the source of that app. Because if might look genuine and official but with a few jumbled characters on its name, you might not notice it quickly when you're not meticulous on it.

If you are not the type that downloads a lot of things, you have nothing to worry about.

The image below is mine, I took this screenshot because Unstoppable wallet, a open source crypto wallet is the only crypto wallet that I have on my phone that warned me about using a non default keyboard, and I have many other crypto wallets on my smartphone including metamask and trust wallet.



This shows that all these apps are sensitive to everything we do on our smartphone, I will like to advice beginners to avoid non default keyboards, as they have the potential to collect every data on your phone, the sensitive ones and the less sensitive, even the words we type through them.

---

This is just a reminder for this new year, if you are just starting your crypto journey avoid doing this with your phone.

Avoid using a non-default keyboard, stick with the default keyboard

Avoid taking screenshot of your wallet seed phrase, somehow this can get to the hands of the wrong ones.

Avoid unlocking your phone bootloader, all OEM security is gone after the unlock, unless you know what you are doing.

---

My final advice for all smartphone users is that the less apps you install on your phone the better, the less likely you are exposed to data leaking apps or malicious app, and don't use any app store to install apps, directly find their official website, that should direct you to the right apps on stores or direct download.