Author

Topic: Q re Android wallet security (Read 1368 times)

brand new
Activity: 0
Merit: 0
July 18, 2024, 07:51:14 PM
#19
YOU NEED AN ETHICAL HACKER FOR EVERYTHING ✅--I work as an ethical hackers you can relate your current financial situation with
Feel free to to hire me.C L E A N S P Y T E C H (@) G MAIL COM
I'm just as humans as everyone what makes me special is my hacking gifts and abilities . you want evidence to nail your cheating partner.
🟢Crypto scam money recovery
🟢lost loan money recovery
🟢money laundry recovery
🟢Device hack
🟢Bank issues
🟢Access to school/company/fellowship/organization files
🟢Lost cars tracking
🟢fraud payment
🟢Access to cheating husband/wife device
🟢. Loextending and subtracting of stamped file concerning a giving end line period of time
🟢tracing and recovering lost emails/ conversations/contacts /accessories
✳️  send a message straight to what ap+1(541)901-3390
CLEANSPYTECH  at(g) mail
2024 All right reserved
hero member
Activity: 672
Merit: 504
a.k.a. gurnec on GitHub
March 29, 2015, 08:29:22 AM
#18
You won't find an option named "Android debugging" in Settings. Correct name is "USB debugging"*.

* Settings -> Developer Options -> Debugging -> USB debugging.

FYI the Developer Options are only visible if you've gone through the unhiding procedure. If they're not visible, then USB debugging is disabled, and you're safe from this attack vector.

Coinbase isn't a good wallet because you can't access to private keys. You will have to trust them and if their server is down, you can't access your Bitcoin. They can easily steal your Bitcoin if they want to.

Recommended wallets are


This is a good list IMO. To help you decide:

Some wallets do strong (server-assisted) encryption of the wallet stored on your phone. If you lose your phone, a determined thief who is able to root your phone can steal wallets without strong encryption.

Strong encryption: GreenBits, Hive Wallet. Brute-forcible encryption (takes longer than no encryption, but still stealable): Bitcoin Wallet. No encryption (just a PIN check): Mycelium

Some wallets offer better privacy than others. Bitcoin Wallet is the best in this category; the other three share your transaction history with a centralized service as part of their operation.

Some wallets need to trust a centralized service to tell them about new inbound transactions, and to broadcast outbound transactions on the wallet's behalf. A centralized service could theoretically lie to the wallet -- it could withhold an inbound transaction or make up a fake inbound transaction. Mycelium and Hive Wallet fall into this category. Bitcoin Wallet and GreenBits do not depend on a centralized service for transaction verification.

Of those listed, only GreenBits offers two-factor authorization. (Of course, for 2FA to be effective you'd need a second device, e.g. a different phone or a laptop.)

All of the listed wallets are shared source, i.e. their source code is published and viewable. However Mycelium is not open source, you may not modify it nor redistribute it yourself. The other three are open source.
hero member
Activity: 560
Merit: 509
I prefer Zakir over Muhammed when mentioning me!
March 28, 2015, 11:26:06 PM
#17
Not sure if "Android debugging" is enabled or not.

Sorry! You won't find an option named "Android debugging" in Settings. Correct name is "USB debugging"*.

* Settings -> Developer Options -> Debugging -> USB debugging.

I use Coinbase on Android - what are the problems you're referring to with this setup?

Coinbase isn't a good wallet because you can't access to private keys. You will have to trust them and if their server is down, you can't access your Bitcoin. They can easily steal your Bitcoin if they want to.

Recommended wallets are

sr. member
Activity: 364
Merit: 252
March 28, 2015, 09:20:46 PM
#16
Can someone outline the potential security risks associated with a wallet on Android?

Like all OS, it has many risks. Java is worst in most languages.

1) What are the risks if the phone is in my possession the entire time (non-rooted Nexus 5)?

If you don't install any suspicious app, you are safe.

2) If the phone is stolen - there is still a password lock on the phone, so Bitcoin can't be sent out unless the phone is unlocked.  But in this event, can I not just access my Bitcoin account online via website on my laptop?

Thief maybe able to do a brute-force attack and also, if you have enabled 'Android debugging', thief can easily remove the lock. I highly recommend you to lock your phone and Bitcoin wallet. An additional app locker will be great too.

No, you can't. If you use Android app of an online wallet like Blockchain.info, Coinbase etc..., you can access your wallet from anywhere. I suggest not to use such wallets as many problems are there. If you really want to use one, Blockchain.info is the best.

You should always make a backup of your private_key/wallet, so that you can recover it if your phone is lost or damaged. If your phone is stolen or lost in a public place, you should move all the BTC to a new address ASAP.

Not sure if "Android debugging" is enabled or not.  I use Coinbase on Android - what are the problems you're referring to with this setup?
hero member
Activity: 560
Merit: 509
I prefer Zakir over Muhammed when mentioning me!
March 28, 2015, 01:43:50 PM
#15
Can someone outline the potential security risks associated with a wallet on Android?

Like all OS, it has many risks. Java is worst in most languages.

1) What are the risks if the phone is in my possession the entire time (non-rooted Nexus 5)?

If you don't install any suspicious app, you are safe.

2) If the phone is stolen - there is still a password lock on the phone, so Bitcoin can't be sent out unless the phone is unlocked.  But in this event, can I not just access my Bitcoin account online via website on my laptop?

Thief maybe able to do a brute-force attack and also, if you have enabled 'Android debugging', thief can easily remove the lock. I highly recommend you to lock your phone and Bitcoin wallet. An additional app locker will be great too.

No, you can't. If you use Android app of an online wallet like Blockchain.info, Coinbase etc..., you can access your wallet from anywhere. I suggest not to use such wallets as many problems are there. If you really want to use one, Blockchain.info is the best.

You should always make a backup of your private_key/wallet, so that you can recover it if your phone is lost or damaged. If your phone is stolen or lost in a public place, you should move all the BTC to a new address ASAP.
sr. member
Activity: 364
Merit: 252
March 26, 2015, 02:04:03 PM
#14
Can someone outline the potential security risks associated with a wallet on Android?

Couple example questions:
1) What are the risks if the phone is in my possession the entire time (non-rooted Nexus 5)?
2) If the phone is stolen - there is still a password lock on the phone, so Bitcoin can't be sent out unless the phone is unlocked.  But in this event, can I not just access my Bitcoin account online via website on my laptop?

Just trying to better understand what to do in these situations.
newbie
Activity: 35
Merit: 0
March 25, 2015, 11:52:08 PM
#13
Hey there!  Grin

Mobile wallets can be very convenient, with features that you can't do with your computer such as NFC and Bluetooth payments.

You seem to be doing the right things by keeping up with regular backups, I would just recommend that you don't keep more money on your mobile wallet than you can afford to lose.

Your mobile wallet is like a "spending wallet". I wouldn't keep your entire Bitcoin savings on your phone since it can be argued that your phone is more easily exploitable than your computer, especially when your computer has the option of utilizing tools such as Trucrypt, which your phone does not have.

Very good reminder to only keep small amounts on the Android. I forgot about that. Cheers,

Don't mention it! The last thing that I would want to hear is that somebody lost hundreds of dollars on a mobile wallet.
legendary
Activity: 2772
Merit: 2846
March 25, 2015, 07:05:50 AM
#12
Mycellium is a great option for android. Just save your words in a safe place and you'll be fine. It's so much more convenient to be able to scan qr codes and is way more fun  Smiley

+1

Any kind of typing is a nightmare on a mobile and leads to mistakes.
member
Activity: 69
Merit: 10
March 24, 2015, 01:42:20 AM
#11
Mycellium is a great option for android. Just save your words in a safe place and you'll be fine. It's so much more convenient to be able to scan qr codes and is way more fun  Smiley
member
Activity: 94
Merit: 11
March 23, 2015, 08:52:16 PM
#10
Is there anything that makes an Android wallet less secure than a wallet on a pc?

Generally speaking, Android wallets are a bit more secure than PC-based wallets because they're generally less vulnerable to malware. On the other hand, they're easier to lose (so make sure you have a copy of your Mycelium seed somewhere safe).

I follow the following security practices on my Nexus 5: * Not rooted. *

Lots of people claim that a rooted phone is something terrible. It's actually not, if you're careful. A rooted Android phone will ask you before giving an app root permissions (and if you use SuperSU it can even be configured to prompt you for a PIN). If you're the type of person (and you don't sound like it Smiley) that always clicks "Yes" whenever they see a prompt, then rooting isn't for you. But aside from that, as long as you're careful with only installing very popular/trusted root-using apps, and you make sure any root security prompts are from a trusted app that you're expecting, you'd be fine.
The real issue isn't is your phone currently rooted, but rather can your phone be rooted? In other words, is there a known Linux kernel vulnerability that makes it possible to root your phone? If the answer is yes, then you have to be very careful about all apps that you install (it sounds like you already are), because any one of them could root your phone without your knowledge, and then it would be free to steal your btc. Practically speaking, this type of attack doesn't seem very prevalent today, but I suspect that will change as Bitcoin becomes more popular....

Do you think Android wallets are fine?

I do, I use GreenBits / GreenAddress.it (same devs, GreenBits is their newer semi-beta app; GreenAddress is their older one).
Honestly, the fact that you're asking these questions already puts you head and shoulders above many others....

I never sideload; only use Play Store apps (and I know they're not guaranteed safe). From what I've heard Google does what they can to keep malware out of the Play Store, but some will always sneak through.

I've thought about rooting my Nexus to see what extra features and functionality I could get from that. But I'm so busy with all my regular work that there's no time to sit down and learn the details. And I've been loving my Nexus just as it is, great phone and I love stock Android. I'm also exploring the Android Coinbase wallet since I have a Coinbase account. Thanks,
member
Activity: 94
Merit: 11
March 23, 2015, 08:44:49 PM
#9
Hey there!  Grin

Mobile wallets can be very convenient, with features that you can't do with your computer such as NFC and Bluetooth payments.

You seem to be doing the right things by keeping up with regular backups, I would just recommend that you don't keep more money on your mobile wallet than you can afford to lose.

Your mobile wallet is like a "spending wallet". I wouldn't keep your entire Bitcoin savings on your phone since it can be argued that your phone is more easily exploitable than your computer, especially when your computer has the option of utilizing tools such as Trucrypt, which your phone does not have.

Very good reminder to only keep small amounts on the Android. I forgot about that. Cheers,
hero member
Activity: 1372
Merit: 783
better everyday ♥
March 23, 2015, 05:39:40 PM
#8
Good method to use is Mobile Phone carrying less than $100 like you'd do your leather wallet in your back pocket.

For larger than $100, you'd use your PC or laptop wallet.

For anything in the $1000s or higher, you'd use a paper wallet or Hardware wallet like Ledger or Trezor.

So once again:

Less than $100 = Mycellium
Greater than $100 = Electrum
Greater than $1000 = Paper wallet, Ledger, Trezor
hero member
Activity: 672
Merit: 504
a.k.a. gurnec on GitHub
March 23, 2015, 02:52:19 PM
#7
I would be much more carefull with mobile wallets, than i am with pc wallets, simply because, on a pc you have somewhat more security.
First off, noone is going to steal your PC, i mean the chances are much smaller, and you have antivirus,anti mallware, firewall protection and what not, whereas on android
you have no such advantages, and there are increasing amounts of bitcoin  stealing mallwares on mobile phones. You can easily get infected by some app that u install etc..

cheers

Physical theft is an issue (as I mentioned above), but if you don't understand the security model used by mobile devices, you really shouldn't be offering advice on the subject....
legendary
Activity: 1456
Merit: 1000
March 23, 2015, 02:46:53 PM
#6
I would be much more carefull with mobile wallets, than i am with pc wallets, simply because, on a pc you have somewhat more security.
First off, noone is going to steal your PC, i mean the chances are much smaller, and you have antivirus,anti mallware, firewall protection and what not, whereas on android
you have no such advantages, and there are increasing amounts of bitcoin  stealing mallwares on mobile phones. You can easily get infected by some app that u install etc..

cheers

Very good point on being more careful.  With a phone wallet I would not keep a lot of BTC in it.   Remember cold wallets for majority of your bitcoins.
legendary
Activity: 1722
Merit: 1000
Satoshi is rolling in his grave. #bitcoin
March 23, 2015, 02:32:24 PM
#5
I would be much more carefull with mobile wallets, than i am with pc wallets, simply because, on a pc you have somewhat more security.
First off, noone is going to steal your PC, i mean the chances are much smaller, and you have antivirus,anti mallware, firewall protection and what not, whereas on android
you have no such advantages, and there are increasing amounts of bitcoin  stealing mallwares on mobile phones. You can easily get infected by some app that u install etc..

cheers
hero member
Activity: 672
Merit: 504
a.k.a. gurnec on GitHub
March 23, 2015, 12:50:35 PM
#4
Is there anything that makes an Android wallet less secure than a wallet on a pc?

Generally speaking, Android wallets are a bit more secure than PC-based wallets because they're generally less vulnerable to malware. On the other hand, they're easier to lose (so make sure you have a copy of your Mycelium seed somewhere safe).

I follow the following security practices on my Nexus 5: * Not rooted. *

Lots of people claim that a rooted phone is something terrible. It's actually not, if you're careful. A rooted Android phone will ask you before giving an app root permissions (and if you use SuperSU it can even be configured to prompt you for a PIN). If you're the type of person (and you don't sound like it Smiley) that always clicks "Yes" whenever they see a prompt, then rooting isn't for you. But aside from that, as long as you're careful with only installing very popular/trusted root-using apps, and you make sure any root security prompts are from a trusted app that you're expecting, you'd be fine.

The real issue isn't is your phone currently rooted, but rather can your phone be rooted? In other words, is there a known Linux kernel vulnerability that makes it possible to root your phone? If the answer is yes, then you have to be very careful about all apps that you install (it sounds like you already are), because any one of them could root your phone without your knowledge, and then it would be free to steal your btc. Practically speaking, this type of attack doesn't seem very prevalent today, but I suspect that will change as Bitcoin becomes more popular....

Do you think Android wallets are fine?

I do, I use GreenBits / GreenAddress.it (same devs, GreenBits is their newer semi-beta app; GreenAddress is their older one).

Honestly, the fact that you're asking these questions already puts you head and shoulders above many others....
newbie
Activity: 15
Merit: 0
March 23, 2015, 11:48:51 AM
#3
IT is very convenient.
newbie
Activity: 35
Merit: 0
March 23, 2015, 10:06:21 AM
#2
Hey there!  Grin

Mobile wallets can be very convenient, with features that you can't do with your computer such as NFC and Bluetooth payments.

You seem to be doing the right things by keeping up with regular backups, I would just recommend that you don't keep more money on your mobile wallet than you can afford to lose.

Your mobile wallet is like a "spending wallet". I wouldn't keep your entire Bitcoin savings on your phone since it can be argued that your phone is more easily exploitable than your computer, especially when your computer has the option of utilizing tools such as Trucrypt, which your phone does not have.
member
Activity: 94
Merit: 11
March 23, 2015, 09:42:28 AM
#1
Hi All,

Newbie here. I've got the Electrum btc wallet on my Win7 pc and it seems to work fine. I do daily backups to offline and remote media. I've also got a Nexus 5 Lollipop phone with Mycelium installed but I haven't sent any bitcoins to it. Is there anything that makes an Android wallet less secure than a wallet on a pc?

I follow the following security practices on my Nexus 5: * Not rooted. * Latest version of Android. * Only use Play Store to install apps. * Never sideload apps. * Do daily backups of important files on the Nexus. * Use a strong Pattern Lock.

So if I follow these practices and daily backup my Mycelium wallet to my pc, would that be considered pretty good security? Or is there something about having wallets on an Android that is inherently less secure?

Do you think Android wallets are fine? Or would you never use one?

I may get a diversity of opinions on this and that's good. Helps me learn various sides of the issue.

Thanks,

Advait
Jump to: