Author

Topic: Lost smartphone with Coinomi wallet and private keys? (Read 275 times)

STT
legendary
Activity: 4102
Merit: 1454
That's a tough question.
The storage is encrypted, by default.

I have a really old phone from 2011 era that was never updated.   Can I access this easily to back it up now.   Its obviously old and failing and I want to be able to use the files as a virtual android phone or something similar if possible.   I did figure this is the one thing in my favor that security will be poor for such an old phone and I can just backup/view the old files quite easily.
  Anyone know the best route/software to take in order to do this, the battery on this thing is quite terminal so its only getting worse.  Can I just copy across the files/directories and thats enough to later recover the program data, I have no interest in plain documents etc.
legendary
Activity: 3472
Merit: 3217
Playbet.io - Crypto Casino and Sportsbook
^ FYI, you can setup both password and fingerprint simultaneously plus with applock you can lock Coinomi app access itself.

Most use screenlock on phone, so it makes multiple security layers before someone can transact your funds (unless app itself is compromised, ofc).

Actually, phones right now can easily bypass those passwords or fingerprints if you have tools that are mostly used by phone technicians like the eMMC jtag tool then they can easily bypass it or directly download all data from Nand IC or eMMC.

However, I don't know how Coinomi encrypt all those private keys if the phone technician knows about crypto and have knowledge about brute force attack then there is a possibility that they can extract the private keys from the data that they downloaded from Nand IC or eMMC.
Everything is possible in software but I don't think that random people who picked up the phone have knowledge about crypto or brute force attack or even extract those files from Nand or eMMC using Jtag tools it can't be easy to do. So that random people have 0 chance to extract the private key from the lost phone except for phone tech with knowledge about crypto and brute-forcing.
hero member
Activity: 2520
Merit: 952
^ FYI, you can setup both password and fingerprint simultaneously plus with applock you can lock Coinomi app access itself.

Most use screenlock on phone, so it makes multiple security layers before someone can transact your funds (unless app itself is compromised, ofc).
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
You should use Biometric security to protect your phone so that no one can access it but only yourself
Password is safer as DaveF commented, if only password is used, can the wallet also be accessed if the password is unknown, it will be difficult. Also what if you are sleeping and someone that is close to you make use of your finger to be unlocking your phone, apps including your wallet to compromise it. Biometry can be good for easy access, but not as secure as passwords.

Do not even have to be sleeping. If you are out drinking or whatever, and (being sexist here deal with it) those attractive women at the end of the bar come over to talk to you it's going to be easier for them to get you to unlock your phone so they can 'put their info into it' or to get you to take a picture then it is to have you enter the password 87g7w458w%Y$W!(SERGdvf

Also, on that note. I am surprised that more apps don't have geo fencing on them. Yes you can unlock you wallet with a fingerprint. But you have to be at home to do it kind o thing. There is at least 1 BMS app that I know of that you can only connect to the controller if you are in the area. Surprised more apps / things don't do that. Or if they do exist I have not seen them.

-Dave
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
If someone gets access to your Coinomi wallet it's obvious that he/she will have access to your private keys without any difficulties too.
Getting access to the private key will require tools like Iancoleman as private key can not be gotten directly from Coinomi, correct me if wrong. But the seed phrase can easily be revealed directly on the wallet which is enough for another person to steal the bitcoin and all altcoins leaving the wallet compromised.

You should use Biometric security to protect your phone so that no one can access it but only yourself
Password is safer as DaveF commented, if only password is used, can the wallet also be accessed if the password is unknown, it will be difficult. Also what if you are sleeping and someone that is close to you make use of your finger to be unlocking your phone, apps including your wallet to compromise it. Biometry can be good for easy access, but not as secure as passwords.

Also do not forget to save your private key somewhere safe aside from your phone,
Yes, but while private key which you cannot get directly from Coinomi, you can save the 24 words passphrase offline and having like three copies at least in different locations.

if you have two email Ids maybe gmail and outlook then you can send it from your one email to another so that you can have it forever in your two emails.
If your email is compromised, then your seed phrase or the backup is revealed whcih can be used to compromise your wallet and lead to coins stolen.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
...
If someone gets access to your Coinomi wallet it's obvious that he/she will have access to your private keys without any difficulties too. You should use Biometric security to protect your phone so that no one can access it but only yourself....

Never ever ever rely on biometic security. There have been many vulnerabilities found over the years. And more keep popping up.
A long c0MpL3x password is the only way to go.
Now, also if you never keep more then $50 in your phone wallet, then you probably care less then if you keep $5000
It's a matter of time and effort vs. security vs. possible loss.

https://marketresearchtelecast.com/face-id-ios-15-removes-weaknesses-in-apples-face-recognition/161163/
https://www.cs.tufts.edu/comp/116/archive/fall2017/sdevanahalli.pdf
https://www.komando.com/security-privacy/samsung-fingerprint-vulnerability/773497/


-Dave
jr. member
Activity: 222
Merit: 8
Bounty Campaign Manager
If someone will get access to my Coinomi wallet on Android 10 they can get access to my private keys? I mean if this someone have understanding of situation and get access full hardware access to my Android 10 smartphone storage.

If someone gets access to your Coinomi wallet it's obvious that he/she will have access to your private keys without any difficulties too. You should use Biometric security to protect your phone so that no one can access it but only yourself. Also do not forget to save your private key somewhere safe aside from your phone, if you have two email Ids maybe gmail and outlook then you can send it from your one email to another so that you can have it forever in your two emails.
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
Coinomi would be such a fantastic wallet if only its code were open-source.  I've never had any problems with them, but I can't say it doesn't make me just a little bit nervous knowing that the code hasn't been reviewed by any independent parties.  I guess I could say the same thing about Ledger, too. 
One thing about Ledger nano is that its secure element which it is using to generate and store seed phrase is close source, it is operated with an extension like the ledger live or wallet like electrum which is open source, some people still believe it can be trusted because of that, unlike wallets that spyware or other vulnerabilities can be introduced. But, also still very possible the secure element can have vulnerability in which predetermined seed phrase can be generated, that is why open source hardware wallet like Trezor is still better, but with the use of passphrase in case of physical theft.
legendary
Activity: 3556
Merit: 7011
Top Crypto Casino
If this person can unlock your phone and open your Coinomi app, he can just open the App and view the seed. This can be done at anytime using coinomi.
This is why I don't store any crypto on my phone anymore, and I used to use Coinomi and Electrum for Android.  I tend to be a bit careless as far as keeping my phone secure, and if I had lost my phone when I had those wallets someone could certainly have taken all the funds off of them (not that I ever kept a huge amount on my phone).  I figured that it's just too damn easy to lose your phone that I didn't want to take a chance and quit using mobile wallets altogether.

but is one of the best close source wallet
Coinomi would be such a fantastic wallet if only its code were open-source.  I've never had any problems with them, but I can't say it doesn't make me just a little bit nervous knowing that the code hasn't been reviewed by any independent parties.  I guess I could say the same thing about Ledger, too. 
newbie
Activity: 8
Merit: 0
And if you didn't set that bip39 pass it's just a matter of days to get yoyr keys
hero member
Activity: 2520
Merit: 952
Did you set up password while setting up wallet? If yes, they can't get to your seed without password.
legendary
Activity: 1624
Merit: 2481
If someone will get access to my Coinomi wallet on Android 10 they can get access to my private keys?

If they gain access to your coinomi wallet, i.e. access to the wallet application on your device? Then definitely, yes.



I mean if this someone have understanding of situation and get access full hardware access to my Android 10 smartphone storage.

That's a tough question.
The storage is encrypted, by default.

If you have an older model, some vulnerabilities might exist which allows to extract the master key.
If the device is running (and decrypted) when someone gains access to it (i.e. it is booted and has been unlocked once by you), then a cold-boot attack might be possible where the whole device is cooled down, memory extracted and then directly accessed.
The latter one is a sophisticated attack and not achievable for a random person.


In general i'd say you are fine if the mobile is turned off. If it was turned on, the risk is higher but still low enough to not completely freak out if you don't store tons of crypto on it.
Definitely make sure to never use these keys again tho and move your funds away as soon as possible.

Don't store more money on a mobile wallet than you would carry with you in cash, and you are fine.
copper member
Activity: 2142
Merit: 1305
Limited in number. Limitless in potential.
If someone will get access to my Coinomi wallet on Android 10 they can get access to my private keys?
Possible, but as for the technology used in coinomi wallet, hackers won't mind getting your private keys, they just need your recovery seed in able them to access your funds, which can be access on your coinomi account. Only possible if you didn't set a security to coinomi app.

In case of phone lost, import your recovery seed to a new installed coinomi app and transfer your funds to a new wallet asap to avoid lossing funds.
legendary
Activity: 2352
Merit: 6089
bitcoindata.science
If someone will get access to my Coinomi wallet on Android 10 they can get access to my private keys? I mean if this someone have understanding of situation and get access full hardware access to my Android 10 smartphone storage.


If this person can unlock your phone and open your Coinomi app, he can just open the App and view the seed. This can be done at anytime using coinomi.


If you believe someone might have done something like that, you should straight away move your coins to a new Coinomi wallet, with a fresh new Seed.
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
First of all, I will like you to know that Coinomi is now a close source wallet some years back, but is one of the best close source wallet, although close source wallet can not be trusted nor recommendable. I was using Coinomi before and so conversant with ways to protect my wallet if my mobile phone or device is stolen.

1. The first layer of protection is to password your phone, anytime you want to use your phone, it will need the password.
2. The second layer of protection is to password Coinomi wallet itself, anytime you want to open the wallet, it will ask for the Coinomi password.
3. The third layer of protection is to encrypt your wallet with a password in a way anytime you want to spend from Coinomi wallet, you will need to input the password.

Note: Never store your seedphrase, passphrase and passwords on device, having it offline is better.
jr. member
Activity: 60
Merit: 1
Looks like Android 9, 10 has encrypted storage by default. This is good news.
legendary
Activity: 2212
Merit: 7064
If someone will get access to my Coinomi wallet on Android 10 they can get access to my private keys? I mean if this someone have understanding of situation and get access full hardware access to my Android 10 smartphone storage.

It's possible but he would need to unlock and break your phone password (if you have it like you should) and break password for your Coinomi wallet, than he could in theory extract your private keys.
Always have good password protection and enable phone encryption in settings, but I would never keep a lot of coins on mobile it should be more as a pocket money.
In case you lose your phone you should import keys to other wallet and send funds to other wallet address asap.
jr. member
Activity: 60
Merit: 1
If someone will get access to my Coinomi wallet on Android 10 they can get access to my private keys? I mean if this someone have understanding of situation and get access full hardware access to my Android 10 smartphone storage.
Jump to: