Author

Topic: blockchain.info Android wallet security (Read 1907 times)

member
Activity: 63
Merit: 10
October 02, 2012, 08:25:26 PM
#7
Great warning,  This is intended for people who would like to secure their data and make sure it does not fall in the wrong hands.  I have a Galaxy Nexus with no removable SD card.
hero member
Activity: 588
Merit: 500
October 02, 2012, 03:27:26 PM
#6

Careful with this option.  I had it on, and will never use it again.  Read this thread:

https://forums.motorola.com/posts/b027ce4327

Basically data encryption doesn't just encrypt OS and/or application-crerated data, but all data on internal storage *and* any removable sdcard, including all files that existed prior to turning on encryption or were copied over later, i.e. it's not controlled by file, but by partition.

So if you take out the removable SDCard and try to use it anywhere else (in case phone dies, or you have to do a factory reset), you are screwed.  You can't even re-read it in the same phone and using same PIN after a factory reset, because there is some randomizing factor involved.  I got bitten by this a few days ago, had to do a reset due to Home button no longer working, and assumed the external SDCard was not encrypted as I bought the card a few weeks ago.  Just in case, I took it out during reset.  End result: putting the card back in, all files were unreadable.  Thankfully for me, 99% of the files on that card were podcasts that I could redownload.

Bottom line:

Without encryption...you will lose your data (BTC) if your phone is stolen.
With encryption...you will lose your data (BTC) if your phone is stolen *or* your phone dies *or* you forget to make a backup to an external device (not to the internal or mountable SDCard!) before factory reset.

member
Activity: 63
Merit: 10
hero member
Activity: 868
Merit: 1002
September 30, 2012, 03:45:56 PM
#4
PS - I had the same initial concern when I started using the phone app, so don't feel bad.

The site dev should really put a message above the phone sync screen that says "Use double encryption or your phone will become a huge security hole!"
legendary
Activity: 924
Merit: 1004
Firstbits: 1pirata
September 30, 2012, 03:45:19 PM
#3
I'm playing with a blockchain.info wallet. Their web security seems really great, and I use Google Authenticator as a second factor. I've installed their Android wallet on my phone and paired it to my wallet. This seems to bypass all security. It never asks for my password, and never asks for my second factor. It just opens my wallet. I don't know if it would allow me to transact, but it seems so.

This is no good. Phones are stolen and lost all the time. Is there some setting I'm overlooking, or is this a gaping deficiency in their Android app?

Nope, you're not overlooking anything, it just works that way. I recommend you password protect the wallet application if you have the ability to do it.
hero member
Activity: 868
Merit: 1002
September 30, 2012, 03:43:42 PM
#2
I'm playing with a blockchain.info wallet. Their web security seems really great, and I use Google Authenticator as a second factor. I've installed their Android wallet on my phone and paired it to my wallet. This seems to bypass all security. It never asks for my password, and never asks for my second factor. It just opens my wallet. I don't know if it would allow me to transact, but it seems so.

This is no good. Phones are stolen and lost all the time. Is there some setting I'm overlooking, or is this a gaping deficiency in their Android app?

Enable "double encryption" - this adds a second password to use when withdrawing. It's a good idea to use this anyway. It will ask for this second password when using the phone app.

sr. member
Activity: 444
Merit: 250
September 30, 2012, 03:15:33 PM
#1
I'm playing with a blockchain.info wallet. Their web security seems really great, and I use Google Authenticator as a second factor. I've installed their Android wallet on my phone and paired it to my wallet. This seems to bypass all security. It never asks for my password, and never asks for my second factor. It just opens my wallet. I don't know if it would allow me to transact, but it seems so.

This is no good. Phones are stolen and lost all the time. Is there some setting I'm overlooking, or is this a gaping deficiency in their Android app?
Jump to: