Topic: Bitcoin wallet on phones (Read 485 times)

For almost 4 years been using a crypto wallet (3rd party/non-custodial), it is all just fine, never encounter troubles unlike the other platforms. But, I wasn't holding and stocking huge amounts in there as we know that it was not a safe wallet, and to anticipate hacking that can be possible. The good thing about this is we can make transactions anytime, less hassle.

Only the thing we need to do is to keep our phone untouchable to others as this might lead to some leaks especially when they access sites that contain viruses.

If you are active of making transactions phone wallet is your choice but of course, it will depend on how you want to balance everything. Like how you leave a certain amount of Bitcoin on your Trezor wallet if you are just planning to put it on-hold. It's not necessary you bring/put everything your Bitcoin on a single wallet especially in your phone wallet. So it just depends actually on what case or circumstances you think owning Bitcoin would be dangerous. It's just like bringing your wallet with full of cash instead of CC and I think you picture out already what I want you to see.

Phone wallets are ok , I have been using them since years now and been going along fine (possibly because amounts are peanuts, but let's not talk about it), I even locked myself up and realized these things are quite secure: https://bitcointalk.org/index.php?topic=5289504.40

It depends. The frequently asked question and continuous advice for traders especially for newbies is to never use the amount of money they can not afford to lose to trade which is actually true. But for holders, they have a kind of different mindset that believes fiat is not advisable to be used for holdings because of how the governments continually devaluing fiat. So they have most of their holding in bitcoin and other assets, not fiat.

This reminds me when my Blackberry phone whitened out when I was using it to play minions. All I heard was that the motherboard was faulty. I took it to slot for repair but I was told it can not be repaired. If I had my seed phrase on the device and never back it up on paper or metallic sheet, that would be all to my bitcoin which will be lost forever. I was not using bitcoin at the time, it was 2015, but supposing I have bitcoin wallet on the device without any offline backup.

I don't recommend using the Eclair Mainnet/Lightning Net Android wallet for storage of funds other than to test and then remove after a short while (and even then, don't create too many open channels which you will loose if there is a problem).

Same goes with BLUE wallet.

OTOH  From the little I have used the Ballet Wallets, this platform is stable.

The Phoenix Mainnet/Lightning platform whilst it appears to be stable, has absurdly high TX fees for both the Mainnet/Lightning Networks, so use it with that in consideration.

I have installed an instance of "Trust Wallet" for Android as well, but have used it very little to give a resounding thumbs up.

This is why it's advisable to copy out the passphrase on a piece of paper that one keeps safe and secured. It's bad idea to leave one's passphrase on one's phone. A real bad idea, I must add. Apart from the phone being stolen or lost, the device can jam and malfunction abruptly. It once happened to me. My device just went down without any warning sign while I was in the middle of something. I had to ransack all my documents for my passphrase and was able to recover my funds after several attempts as I could identify where I wrote it down initially. So, it was series of trials before I was able to get the right seed sequence. A lost passphrase or access to one's wallet is a nightmare no investor should experience.

We are the same ill put a password and enrolled my fingerprint to secure my wallets like you said if our Mobile phones are lost or be stolen the person who try to access the passwords won't be successful in the short period of time. And this proves that the gadgets or especially mobile phones are very high-tech and secure that previous models.
But we ned to remember our recovery seeds/phrase in order to secure our wallets and if our phone will stolen we have a chance to recover our funds inside our wallets.

Hardware wallet is much recommended to the whales since there huge balance is not secured if they used  mobile app wallets or web wallets. But for average joe for sure they will not think buying an expensive hardware wallet since for sure they will think twice since instead of spending there money on such thing they will just used a secure mobile app wallet which have strict 2fa requirements. That's why if you are a user of mobile app wallet just make sure to activate the 2fa feature and bind it to your email and phone which is separate to the device you used so that if the phone got stolen then the intruder will not get an easy access to your balances.

That's very correct. Even if I don't put a password on my phone, anyone who steals it will find it a hard time accessing my wallets as I put passwords and fingerprint locks on them. Even if they're able to view the funds in them; they still won't be able to move out the funds or assess the passphrase or private keys. But putting a password on phones even goes beyond wallets. There are other vitals one stores on phone. A thief can gain access to such if there's no password. With password, there's nothing a thief can do than flash it. That action will erase any data on the phone. So, it's a great idea to always put a password on one's phone no matter how trivial or cheap one thinks that phone is.

In 2022 mobile phones are very much secured as they have multiple levels of security features. The only drawback I think with mobile phones are people tend to lose it more often  and like computer devices they can be hacked. A lost phobe won't affect anyone who has created a backup of their Bitcoin wallet. But, a hacked phone can be of concern. Therefore hardware wallet and paper wallet are recommended as they fall under the category of cold storage.

If a phone is secured with a password and it got missing it will be very hard to have access to the wallet because a phone password can't be hacked.  The phone can only be flashed which will erase all the information on the phone including the wallets. But if the phone is not secure it can be somehow easy to get access the wallet, not all wallet though, depends on the wallet.

I use mobile wallets, mainly electrum. I know what consequences I will consider and I must know how I can minimize the risk. Using a mobile wallet of course we have to face some risks especially regarding damage or loss of the device and possible deletion of the app from the app market so we can't find any update. These two things should always be considered if you have a lot of bitcoin and want to keep them.

The main point is that your bitcoins are your bank and it is your responsibility to keep them safe. I practiced a few ways to worry less about mobile wallet security so far,

• Don't hold large amounts of bitcoin as a long term investment asset, just keep an amount you can afford to lose. The solution is to have a hardware wallet.
• Do not install any application carelessly.
• Use a strong password and back up your wallet include Private key and seed which allows you to access the wallet in the event of a demage or loss of the device.
• Make sure you scan for viruses and malware regularly.

A whole lot can happen. People store vital information on SIM cards apart from the mere contacts and those could be used to harm the victim by assessing sites whose passwords they've stored there. Another is that someone could assess the phone number and use it to get a loan from microfinance banks. That's very easy in my country. I've this sad experience happen to a cousin of mine. Her phone was snatched from her, she hesitated in blocking that sim in hope that it could be returned to her. Two days later she got debit alerts from her bank. I didn't even know she had that challenge until I got two different texts from two different microfinance banks as one of her supposed guarantors where the thieves had also gone to get loans with her phone number. It was when I put a call across to her to see how things took a downturn for her financially (she's someone financially independent) that I discovered what happened to her. It wasn't her but the thieves who took her phone. They accessed her SIM card and got some regular numbers she called and submitted them as guarantors to get loans. If her SIM had been locked, the thieves wouldn't have been able to assess her contact or known her sim number to the point of submitting it in getting those loans.

My SIM card allows me 16 characters.

Exactly! I've all three (that's four, if we add SIM lock) – password, facelock and fingerprint on my phone too. Occasionally, I tend to unlock it with the password for two reasons. One being that so I don't forget it. The second is that sometimes I'm forced to when the phone refuses to recognise my face or fingerprint.

Can I ask you a question? What can you learn if you pull out someone else's SIM card and insert it into another phone? I always thought it was just contacts. For me, it is not critical. In your case, I think that some important data can be stored in the SIM card? But I won't argue. We are from different countries, likely, I do not know something.
And also, a complex password on the phone, how many characters should it consist of in your opinion? How long will it take for the owner to regularly use it by logging in?
I prefer a fingerprint, or a photo, and the phone in the cold sometimes does not recognize my fingers and face. 

It depends on what are your capabilities to secure your assets such as bitcoin. In computers mostly we are using the Electrum wallet which comes from their website to prevent using fake/phishing platforms of course still there's a risk on it if you are using different suspicious files, downloads and platforms that you are allowing access to your computer. Next is the bitcoin wallet in phones previously im using the exodus and electrum wallet only I have is the seed phrase neglect mostly the passwords the problem is again you access and download applications to your mobile. Lastly, I'm upgrade into the HArdware wallet the probability risk is to lose the wallet and lose the seed phrase.

Some people don't like F-Droid and they can't find apps they use there, but great alternative is open source Aurora Store, if you like shiny look that is probably better than original G-store.
I didn't know about Sandboxed Google Play, but I guess it's good for people addicted on google software

One thing different from Firefox browser, most images you see browsing with Librewolf are in .webp format (developed by google) not in original formats, but I don't mind this and maybe it helps opening pages faster.

You've got F-Droid for most things, and if you really need to run Google Play or something dependent on it, then most good custom OSs will give you a safe and secure way to do that. See, for example: https://grapheneos.org/usage#sandboxed-google-play

I've poked about a bit more and found this in their documents: https://librewolf.net/docs/faq/#how-often-do-you-update-librewolf
Alright, so you've convinced me. I'll give it a go next time I'm setting up a new device or installing a new OS.

Android is not really open source but it is based on Linux open source operating system, in similar way like Chrome browser is not open source, but Chromium browser is.
I was not mentioning iOS because Android have bigger market share, but it's similar situation and only way is using degoogled phone with LineageOS, GrapheneOS or CalyxOS.
Installing Bitcoin wallet should work just fine after doing this, but you won't have access to any G-aps, and you will have to use alternative options.
You can always remove all ads from your phone with open source applications like Blokada 5 or some other alternative.

This was true for Waterfox, Palemoon and some other forks, but LibreWolf browser is most serious from all of them and there are almost no delays for receiving updates compared to normal Firefox.
I know that settings tweaking is always possible for Firefox, but some things you can't remove on your own and I am not sure how to completely disable telemetry.
I can say only good things about Librewolf, I think it is lighter on system resources compared to Firefox, and for full list of feature you can check the link bellow:
https://librewolf.net/docs/features/

Maybe some people don't know this but they accepto cryptocurrency donations:

- DivestOS is accepting Bitcoin and Monero donations.
- GrapheneOS is accepting Bitcoin and Monero donations.
- CalyxOS is accepting Bitcoin,Ethereum, Litecoin, Bcash, Dogecoin, and USDC donations.
- LineageOS is NOT accepting crypto donations.

Don't play with such things if you are not 100% sure what you are doing, because you can brick your smartphone. In addition, if the device is under warranty, you may lose it. Besides, as @o_e_l_e_o says, you probably won't achieve anything special if you change the OS on your smartphone, you'll just be fooled by some fake security.

I have had a well-known smartphone brand for years with Electrum, and I have never had a problem even though significant amounts have gone through it. It is crucial that the device regularly receives security/critical updates for the OS, and that I do not download any suspicious apps other than those that have millions of downloads and are relatively secure. Should I mention that an antivirus program on a smartphone also makes sense, and very few people pay attention to it.

Depends on your phone. GrapheneOS only really supports Pixel phones. If you have a different phone you might be better off looking at LineageOS, or its fork DivestOS. You'll find links to their websites and GitHubs here - https://privacyguides.org/android/ - where you will find documentation and install guides. If you want to revert back, then you'll need the original OS files to reinstall, so you'll need to look in to making a back up or sourcing the installation file from an official source first.

Be aware, though, that just because these are open source doesn't mean they are infallible. Plenty of open source software has bugs, vulnerabilities, or even malicious code slipped in to it. You shouldn't just switch to these for the sake of it and then think you are safe.

Thank you for this, is there any guide for help I can use to install it? I have not heard before that other OS can be installed on Android but hopefully I can be able to convert back to Android if anything happen and I want to convert back?

This is a discussion forum, do not take anything I say inappropriate or personal, I am trying to make a good discussion. What I am saying is that it will be easy to brute force short characters that people use for password to access their mobile phones, in reality people use short password for phone access. This is the question I am asking. To have just little amount of bitcoin on the mobile wallet for transactions and the remaining bitcoin will be on paper wallet. That is it possible to brute force the phone password using a tool, that is it possible. Try and get me correctly.

I think OP should get their facts right before making spurious assertions and then refusing to accept corrections. I don't see how what I pointed out here should be frowned at or what others did too as I see you also addressed other users as having missed your point. Get your facts right, and where you didn't; accept correction and move on.

My issue with using forks of Firefox such as LibreWolf or WaterFox is that they can often lag behind when it comes to security updates, sometimes by weeks or even months. The last time I properly looked at LibreWolf, you can achieve almost everything it does by customizing Firefox manually, although that process is obviously time consuming and beyond the scope of the average user. Although if Mozilla continue down their current path of just doing whatever Twitter tells them to, then I may well make the switch at some point.

The core Android OS indeed open source, but almost every phone you can buy comes with a bunch of non-open source unremovable junk such as Google Chrome and other Google spyware installed on top, which kind of defeats the purpose. There are alternative open source OSs such as GrapheneOS you can install on Android devices to remove such bloatware.

I have mentioned all these before on the topic, check the bolded parts that I quoted above. Assuming, you do not have a hardware wallet, you can still use a paper wallet and computer together, your main coins will be on the paper wallet, but the computer is just for little amount of coins for daily transactions for convenience. If you do not have a computer, the you can use wallet on phone for this but which is more discouraged than using a computer. I have mentioned all these before that if the person do not hardware wallet an hardware wallet, the cheapest choice that can provide the security is a paper wallet. Try and read the topic very well. All I am just asking is if it is possible to brute force the password on phone.


The two common phones operating system are Android which is the google you are referring to, Android still claim their OS to be open source, I do not know but it is what I have found all over the internet, is that true? Is Android OS open source?  I am surprised you only mentioned google, but iOS is close source. iOS is one of the operating system that should not also be used. They are both the big brands in the market. I do not mean Android is recommended, they prefer ads than security and I am not tech to know how good it is but I hate Android and Google ads.


This can be off-topic but I think I have to reply to it. I did not mean everyone has phone, I do not know much about English, I would have given you the right figure of speech this belong to. The sentence does not mean everyone is using phone, I used it to mean that people use phone that other devices now, if someone just know about bitcoin, he may not have enough money for hardware wallet and computer, therefore not having option than to use paper wallet and mobile phone.


This is what I have found out among people, they are using 4 to 5  numbers or letters. You can increase it? Can you compare numbers, letters and other characters on bitcoin private key to the password that you use to access your phone? This second statement makes me to be perfectly right.

I prefer Librewolf browser now, it's the middle ground between regular Firefox (that is getting more and more like Chrome) and Tor browser.
It already has uBlock origin there and you can enjoy much better browser that follows all Firefox updates, without any telemetry and junk that comes with normal Firefox.
I know about Brave, but you can disable their adblocker and I think it's still better option than regular Chrome browser, but I still don't recommend it.
One group tried to fork Brave removing all that crap, and they sent bunch of lawyers to them scaring them to death, but it's their business model I guess

Wrong assertion. Not everyone has a phone in reality. Perhaps, you meant just this forum? Even at that, it's still debatable.

Not really. The only way to access the phone would be to "flash" it. Once that is done, all data on the phone are erased. So, in order words, the list or stolen wallet won't still have the wallet on it. You're safe.

That's not true. You can increase the strength of your password on your phone. The only reason people like to choose short passwords is for ease of assessment when they want to unlock their phones.

---

In all, my advice to anyone using a wallet or any other vital documents on their phone is to have not just secured and strong passwords on their phones. They should also ensure that they put passwords on their SIM cards (sim lock). That way, one is sure that the thief or whoever picked their lost phone won't be able to assess their SIM cards even if they get to remove it from the phone and insert into another.

Just because an app is downloaded from Google or Apple's official stores means nothing when it comes to how safe it. They both host plenty of malware and malicious apps.

Oh absolutely, but I can count on one hand the browser extensions which you should be running, such as uBlock Origin or HTTPS Everywhere, and they are all open source and have github repositories.

I've not seen that site before, but it seems like it tests every browser "out of the box", meaning Brave with in built tracking protection comes out on top. What it doesn't mention is that Brave accepts money from third parties to allow them to bypass the tracking protection, whereas installing uBlock Origin on Firefox achieves the same thing but without giving companies such as Binance a back door in to your browser and in to your data.

Even very own mobile operating system is a junk collecting personal information, behavior, movement and just about anything you can think of, so I would consider using degoogled phone or at least remove anything related with google.
Reset you phone and instead of Google Store use something like F-Droid or Aurora Store, uninstall apps that are not open source, install some good adblocker and Tor browser.
If you can't cope with this than use separate phone and use it only for Bitcoin crypto wallet like Electrum or Blue wallet, not connecting it to anything else.

That doesn't mean that you should not use some very good extensions like uBlock origin, but it's better to keep it on minimum.
You can do the same thing like with mobile phones, use separate browsers for crypto or bitcointalk forum and don't use it for anything else.
Here is one nice and useful comparison testing of web browser privacy, Tor, Brave and Librewolf stands out from all the rest:
https://privacytests.org/

That's very true which is why the only 2 options which are worth a try for a person desperate to use bitcoin wallet on phones are as I mentioned in my post above.



But even these are just options with lower risk compared to the wallets which we use on our regular phones with junk apps installed.
This is why they say that hardware wallets are the best of all options to hold cryptocurrencies since they don't have these kind of malware/spyware issues.

The problem here is just how much junk people download on to their phones.

As a small experiment, I would suggest everyone takes out their phone right now and go to the "permissions" section of their settings. It's usually under Settings -> Apps or Settings -> Privacy. Just look at how many apps have access to your keyboard, your storage, your screen, your camera, your location, etc. Maybe you've downloaded and verified a reputable open source wallet like Electrum. Good start. Are all your other apps open source and verified as well? Didn't think so.

Maybe you don't have any malware on your phone, but do you completely trust every other app you have on your phone. Even huge apps like TikTok have been found to be spying on users, snooping on their clipboard, etc. If an app which has been download 2.6 billion times can hide spyware in it without people realizing (or caring), then so can any app, from a game to custom themes to an alarm clock.

It's the same as when people start installing a bunch of extensions to their browser. Every additional app/extension/piece of software is a new risk.

Many refer to Bitcoin as digital gold. If that is the case, start treating it as such. If you had a gold bar, or 100 gold coins, would you carry them with you everywhere you go? Why do you do that with your Bitcoin? If you have $5.000 somewhere in your home, do you stuff it all in your pockets every time you leave your house? Then why would you do that with crypto?

It's dangerous to store your private keys/seeds on devices you use for everyday tasks. It doesn't matter if we are talking about computers or mobile phones. Those two worlds should be as separate as possible. If you don't want to use airgapped computers or paper wallets, at least get a good hardware wallet. With everything else, you are just using something with an increased possibility of things going wrong.

If you can afford those brand-new sneakers, going out drinking and partying with your friends, and buying a new iPhone every time a new model comes out, you can afford a hardware wallet as well. No excuses. If you can't, I am sorry. I hope one day things will be better for you.

I have been using bitcoin wallet on my phone for a long time so I think I can answer this question better. The thing is that it all depends on how good you are at phones.
You can very well use a good non-custodial wallet on your phone like Mycelium or Electrum. They have app password protection in addition to the security lock on the phone.
So a random user won't be able to access your wallet just like that unless he has access to your phone and knows how to penetrate through it (in most cases he should be a hacker).
Also, your phone should not be infected with a malware or a virus or a keylogger because those things can easily steal your funds from your wallet.
To avoid this you can keep a separate phone which has only the bitcoin wallet on the phone or you shouldn't download anything else on the phone from external sources which potential contains a virus.
The last thing is that if someone steals your phone then you need to remotely reset your phone and you must have that option enabled to be on the safer side.
Backup of the bitcoin wallet on your phone is mandatory and try to store the seed phrase on a piece of paper or somewhere very secure.
This way you can lower your risks and keep using the bitcoin wallet. So far these have been working for me well.

Even if you find the correct app on the Google play store, you are still inserting an unnecessary middle man in to your download process. Who is to say that someone at Google hasn't tampered with the file they received or even replaced it with their own before uploading it to the play store for download? The correct method to download Electrum for Android is to download the .apk file directly from electrum.org on to your computer, verify its signatures, and then transfer it to your phone for installation.

This is certainly far better than how most users use Electrum, but there is still a risk to your privacy. Every time you open your Electrum wallet, you are querying the server you connect to for the balance of every address in your wallet. If you use Tor then the server might not be able to see your true IP address, but they can certainly link all the addresses in your wallet together since you are querying all their balances simultaneously.

There are reasons why using a wallet that can be installed on phone is not recommended but it doesn't mean that you can't use it. It's up to you if you want to use mobile wallets or not as long as you keep it safe. I myself is using Trustwallet on my mobile phone and also electrum and I didn't have any problems with my wallet. I have been using these wallets starting from 2018 until now but I also have another wallet in laptop. The wallet I used is for receiving btc and i'll send the funds to my main wallet later on.

They are centralized, I am using Android, may be this what I want to say is possible on iOS too. They are centralized but there are fake apps on playstore, I have seen fake electrum and some other fake android wallets before on playstore. But there are ways you can easily know original apps on playstore but someone that is new may make mistake.

I use electrum with tor enabled, I change it also from one country to another for each connection. If I want to connect and make another transaction or accessing the wallet for whatever reason, I change the country again. Even if I want to change to another wallet, I change the country again. What is most important is the way you handle the wallet, I am good with electrum.

I use electrum and I do not download it from playstore, I download it from electrum.org which is the official site. There are ways to know original apps on google but what is I do not like is that most apps nowadays are close source.

I can not have my 2fa app on the phone I use for wallet or exchange and for other secure connections, that is foolishness, it has to be on different device. But this is a common mistake from people that are using wallets and exchanges now.

Electrum is available for Android platform as well so if you're going to store only the bitcoin then just use electrum which also allows you to have a password/pin to enter into the Electrum application so which is extra safety even though if someone stole your mobile and brute forced the pin/password/pattern lock.

If your device is stolen you can immediately import your Electrum wallet on any ither device and just send all the funds remaining there to a newly created wallet.

We wallets are okay if you are going to store less than $500 but using Electrum is a lot better than we wallet because it gives you private key so there will be no hassle like email Authorization needed when you try to login from a new device which is a big problem with coinbase or blockchain like wallet.

One of bad practice people usually do is they do multiple things on a same phone.

- Install bitcoin or crypto wallet
- Install exchange applications
- Install 2FA application
- Log in email which they use to create account on exchange

So what will happen if they lose that phone by any reason? They will lose their coins because bad people who get that phone, will have full access to their account, email, 2FA, etc.

Only hope that they won't get access to Bitcoin or crypto wallet.

So they have money to purchase smartphones and change them every few years or less, but they don't have money to purchase hardware wallet.
I find that hard to believe, but nobody is forcing you to buy it, you can also use old airgapped computer if you know what you are doing, or some old phone without sim card and internet connection.
Using your regular every day phone for storing keys for Bitcoin is just a nightmare scenario waiting to happen.

All smartphones have backdoors (demanded by governments) and they can be hacked easily by someone who knows what they are doing (read government agencies).
You can protect your phone from tiny criminals with strong passwords and encryption, but all that falls if they blackmail you or do $5 wrench attack on you.
Using your phone you are sending your location and behavior non-stop and I don't want to have that combined with my bitcoin addresses ever.

If your entire crypto holdings are worth $20, then sure, a mobile wallet might be enough, but if you are storing more than a few hundred dollars worth of crypto on a mobile wallet then you can afford a hardware wallet and it's a smart investment.

In terms of keeping your coins safe; simple, free, secure. Pick two.
Mobile wallets are simple and free.
Hardware wallets are simple and secure.

They don't even need access to you. Fingerprints can be lifted from anything you touch, including your phone itself, the very thing you are trying to use your fingerprints to control access to. Unless you wear gloves 24/7, fingerprints are a risk. And many facial recognition or iris scanners have been fooled with a simple photograph. Biometrics are not secure.

If someone can afford a smartphone of, say, $50, then they can also afford a hardware wallet that costs about the same. It seems that some still live in the past and think that HW costs a minimum of $150 + shipping. Security should have no excuse, especially if it is quite cheap today.



The security of smartphones is actually trivial, whether it is a simple PIN or a fingerprint - someone who knows what he is doing, easily bypasses such protection. Since mobile phones are most often lost, this is another reason why they are a bad choice for a crypto wallet. In addition, locking smartphones with a fingerprint is very risky, because anyone can use it while you sleep or are in another unconscious state.

There are a number of problems with mobile wallets.

First, app stores are filled with fake and malicious apps. Even if you find the "right" wallet, most are closed source. Even the ones which are open source are often not reproducible from the published code.

Secondly, you aren't just trusting your wallet app, but you are trusting every single app on your phone. Most other apps are not open source, and even if they are, you probably haven't reviewed the code. Apps which can access your keyboard can steal your seed phrase. Apps which can access your storage can steal your private keys. Apps which can access your clipboard can change your addresses. Apps which can access your screen can take screenshots of your seed phrase. Apps which have elevated permissions can run arbitrary code. And so on.

Third, you are carrying your phone around every day and it is one of the most likely things you own to get stolen, far more likely than a hardware wallet or a paper wallet.

Now, I still use a mobile wallet, but I use it in the same way I used cash - a small amount which I can afford to lose which I carry on my person for daily spending. The bulk of your money should be in a more secure wallet . You wouldn't carry your life savings around in cash, and so you shouldn't put them in a mobile wallet.

Just a quick suggestion. Have a backup phone that has a copy application of your wallet and authenticator so that you can reset everything when your phone got stolen or broke. I use this method after my original phone got broke and I didn't backup all my apps especially the authenticator for all my exchange account. I experience too much hassle by contacting all the support of exchange I'm using and suffer some loss on my electrum since I save my seed phrase on the note of that same too.

I always have a backup now after all the hassle I experienced that time.

I don't think so, from a non-technical standpoint. Bruteforcing mobile phone security is difficult, especially if you have a 6 to 8 pin passcode. Both 6 and 8 pin passcodes could generate hundreds of thousands of combinations, making it difficult for the attacker to gain access. Worse, after multiple attempts, the device would forcefully reset itself, wiping all applications, including the wallet.

However, if your phone is stolen and your lock screen is set to biometric authentication, the likelihood of gaining access is quite high due to the fact that a $5 wrench attack^[1] can occur, forcing you to unlock your own device. Much worse, if the attacker is not dumb enough, they can replicate^[2]your fingerprint allowing them to have access on your device later on.

Even if you cannot afford a hardware wallet, the only way to reduce the risk is to avoid storing large sums of money on a mobile wallet, particularly if it is stored on a phone that you use on a daily basis, where gaining access or stealing is almost unavoidable.

[1] https://cryptosec.info/wrench-attack/
[2] https://www.forbes.com/sites/daveywinder/2019/11/02/smartphone-security-alert-as-hackers-claim-any-fingerprint-lock-broken-in-20-minutes/?sh=2d40582a6853

Keep in mind that if you use a mobile wallet, the danger may lie in the applications you download, which can be programmed to send your private key to an attacker. We often see hacks of mobile applications that steal money from users.
There are also many instructions on the Internet on how to make reliable storage out of your smartphone. But again, this phone cannot be used for all other purposes. It must be disconnected from the Internet. But since you write that the problem is in finance, even this method will not be an option. It remains only to save and purchase Trezor or Ledger wallets in the future.

It's going to depend on the security of the phone. Some phones locks up the phone for longer and longer periods of time if the user gets the phone's passcode wrong a good amount of times. At the same time, if the phone's memory isn't encrypted, the thief can simply plug the phone into a computer and start digging for the private keys.

Also, phone wallets aren't necessarily bad. It's just not a good security practice if you own a good amount of bitcoin(probably more than $500 worth). But if you only have like a hundred dollars worth of bitcoin, then a reputable mobile wallet will suffice.

Shall i will say is very diabolic, infact it's very hard to comprehend such, because i believe that if your phone is been stolen and if the thief want access the phone it most passed through the process of formatting of the phone and input it personal security code after formatting the phone, before you could reset existing password, you will have the details of the initial password, so i believe resetting of password is not possible because it requires to input the Old one before it will grant access and become successful.

So this is applicable to the wallet, because before penetrating into wallet you import the phrase code and without having the pass phrase it will very rigid to open.

People will recommend you the safest since this is what they know can make those people safe if they ask about best wallet to secure their funds. But actually wallets on phones(apps) is totally fine if they are registered on the country where you belong and been regulated by finance agancies. Also if you know the danger and can able to handle well your balances.

I'm actually using a "wallet on phone" for so long or shall I say from start of my venture here in crypto and so far never get any headache nor got any problem for using it on my daily transactions.

It's possible but it depends. If you imported the private keys from the paper wallet, then yes. One can always try and crack the phone's or the wallet's password. However, if you just sweep the private keys instead of importing them, spend the funds, then anyone who gains access to the phone afterward shouldn't be able to access your paper wallet but then, sweeping has its downsides as well because if your phone has already been infected by a malware, then the hacker would have access to the PKs.

I remember when I had my phone stolen a few years back (pre-crypto journey), I went to one of our Government Agencies to lock it. After it was successfully locked, the officer asked for my emergency number to contact me if my old phone was unlocked by the thief or anyone who bought it. What can we conclude from this? I don't have the technical knowledge how they do it but there are tools to reset passwords or passcodes on your device.

Do you know why we have most wallet on PC, it's because developers built them and most of the time it is a collective efforts of people combined. They keep improving to satisfy the need of people and the one you see mostly recommended is Bitcoin core(you get both privacy and proper security) and ready for download for everyone and their source code is always available on Github repository, another mostly used is Electrum but privacy wise, it's not recommended, they are both available for Linux and windows.

Android and IOS controlled the device they produce and they are very centralized with the App you upload on their store, it undergoes series of test before they publicly published for the masses, you see the stress and that's why developers don't waste time on Android and IOS due to their centralized nature.



I think ETFbitcoin suggestted Samourai wallet if you want something portable for mobile bitcoin wallet.

For your security, avoid paper wallet, this is 2022.

Phone wallet can only be compromised if the phone is not secure activities such as password and if the person can have access to your email account and your private keys. For me phone wallet is ok but I will make sure only I have access to my password and give my private key to a trusted second party like my wife or kid.

If asked the best wallet to use that is secure, experts will advice people to use hardware wallet like Trezor or Ledger Nano. But not everyone can afford it, some people will prefer to use other wallet.

If the person can not afford hardware wallet or because he just want to store bitcoin for years, experts will advice the person to read about paper wallet very well and use it.

Some people will want to be spending bitcoin frequently and they can not afford hardware wallet, paper wallet can not be used for convenience. The person will be advised to use online wallet. Experts will recommend desktop wallet for the person like electrum but only small amount will be said to have if the person is using desktop wallet.

Some people will want to use bitcoin and be using it for transactions very well, the person do not have hardware wallet and computer, the person will use mobile wallet because he has phones, everyone has phone.

I have noticed people do not recommend wallets on phone, but in reality, some people do not have money to buy hardware wallet and do not have computer but having it in mind to buy it later when they have money.

Let us say the person want to use phone temporary and he is using it for small amount but the remaining amount is on his paper wallet. Let us aay the phone is stolen, can the person that stole it be able to steal his bitcoin? The phone have password.

Is there a way the password can be bypassed to access the wallet. Phone password are not long, is it possible for the pilferer to hack the phone password to have access to the phone.

Or is it just because of online safety that experts are telling others people not to use phones for wallet? I know some dangers why we should not use mobile wallet but I want to gain more knowledge about this. And what I want to gain is about if a pilferer stole a password phone, how can the pilferer access the contents in the phone which can cause wallet hack and bitcoin to be stolen.