Topic: Share Your Suggestions About Security For Bitcoin Wallet Android Users (Read 265 times)

Honestly...i really don't know if my Android is safe or not. I'll only find out when something bad happens, whether it's an account hack or maybe I get hit with a hijack. But I also don't want to lose too much over something I own just to find out that my security is at risk.... it's not worth the hassle for an experience like that.

Even when you mention the default factory firmware being suspicious, I already feel unsafe here. And there's really no big reason for me to keep a large balance on my Android wallet with a sketchy operating system. High mobility doesn't need big balance.

If you're having a bitcoin wallet, you must always take some good measures on the security aspects of your kind of wallet in question, as we know that wallet are of different types and their risks also varies in terms of their vulnerability, so make use of a cold storage on your Android device, avoid malicious links and downloads, watch carefully the web address you're login into, use a 2FA security measures for your wallet security, don't allow anyone have access to your device and always be careful of copy and paste malicious attacks through wallet address.

Here is a helpful thread on Android device wallet security measures using 2FA

2FA in using Electrum wallet.
https://electrum.readthedocs.io/en/latest/2fa.html

Pretty much what dkbit98 said. Mobile phone is the exact opposite to an airgapped device. It is designed to connect to as many networks as possible. If you're cautious on security, then you shouldn't be using a Bitcoin wallet on a smartphone with default stock Android pre-installed.

Instead, carry a small amount there. I'm using my phone for small, lightning-only transactions. Just as when when going out, I don't take my entire wallet with all my cash, same applies for my bitcoin.

How would you even know if you had secret malware program running on your phone?
Some Chinese phones probably have hidden code running on firmware level and you can't even detect it's there.
Even with best phones you are constantly connected to internet, so only way to make it more secure is to use secondary offline phone device.
This can be your old phone or hardware wallet with installed wallet, and this can be used with other hot wallet that is connected with internet.
Even better if you have Pixel phones, because you can install open source Graphene OS on them.

All the security you need.

It's a hot wallet. Don't leave more then spending cash in it. Period. Full Stop.

If you still don't like the above answer. Pair it with some form of hardware wallet. If can be a physical card like a tapisgner or any hardware wallet that works for you.

Could be worse, you could have an iPhone

https://www.theverge.com/2023/9/8/23864150/ios-16-6-1-iphone-security-vulnerability-0-day-exploit-patch-update
https://www.bleepingcomputer.com/news/apple/apple-emergency-update-fixes-new-zero-day-used-to-hack-iphones/

-Dave

Many vendors custom ROM for some smartphones do include an Update for each fix.
Custom ROM has more feature additions with improved Original features from Official ROM.

And when it comes to Custom ROMs and custom ROMs for crypto, there are ChiperOS, Lineage OS, Copperhead OS, CalyxOS and GrapheneOS which focus more on security.
But the use of Custom ROM will be the responsibility of each user.

Source:
[1]https://androidfoss.com/best-custom-roms-for-privacy/
[2]https://xdaforums.com/t/rom-official-11-0-rmx2020-cipheros-1-5-crypto-aosp-2021-03-20.4250137/

If you ask useful or not, Then I say it is useful for initial protection.
I know about Google Protect's weakness to ward off Xenomorph malware, but thanks to that Google Protect has been updated to address attacks of the same model.
 
As long as you still use Android Google Protect will be the first layer of protection and additional antivirus, I only trust antivirus vendors that are already well-known such as Kaspersky, Norton, and others.
Even now every Android smartphone has supporting protection that works together to become the default antivirus besides Google Protect.

Do not install antivirus applications that you do not know and usually the latest Android smartphones already have a built-in antivirus,
so there is no need for additional antivirus.

My computer was once infected with a virus that manipulated the copy-paste function. Whenever I copied a wallet address, whether it was from BSC, ETH, or BTC, the paste action resulted in the same wallet address. I could prevent this copy-paste manipulation by carefully checking the last few characters of the wallet before pasting it.

on Android, I haven't encountered a similar issue.

Is this app genuinely useful for protecting our Android devices? I'm always skeptical about what Google Play Store offers, such as the antivirus apps available there. Despite many ratings claiming that they are top-notch antivirus programs capable of warding off numerous viruses, I find it hard to trust them easily.

even Google Play Protect can be bypassed by viruses, let alone antivirus apps on the play store... is it still wise to install antivirus on Android?? just feel unsafe installing that antivirus because it requires so many permissions.

Use Official ROM and it will be safer and more recommended and don't do Root-ing.
A few years ago before knowing Bitcoin, I was quite active in flashing ROMs and Custom ROMs for several smartphones that I used.

Indeed Custom ROM will be more dangerous because there are many vulnerabilities that cannot be fixed,
it will be easily infected with Malware because Rooting that is done opens all entrances for Malware or ransomware.

Some naughty people modify a Custom ROM and Porting ROM usually they embed phishing links,
or Malware that will work to take advantage of smartphone users and even steal the identity of all logins made.

---

Malware is now even more sophisticated and smarter.
Even multi-device can attack any device.
Like Xenomorph, which caused an uproar with its powerful intelligence to hide from Google Protect antivirus detection by hiding in commonly used applications.

Xenomorhp even came again with more powerful power to steal all the identity of the device used such as bank data, account data, and crypto wallet Seed Phrase.
It is very dangerous if you are not aware of the security of the device used.

https://www.threatfabric.com/blogs/xenomorph#xenomorph_is_back_once_again

As long as your phone is connected to the internet, there's always the tendency for vulnerability and in that case, I'd advise that you keep only a small amount of digital assets on your wallet.

Download apps from Play store and not from unknown sources. Whenever you want to download an app, always check that you're downloading the original app and not a clone.

Be careful of the apps you grant permission to access your device.

Never store your seed phrase electronically such as emails, note app, cloud storage etc.

Don't screenshot your seed phrase and save on your phone, it could be compromised by an infostealer.

Don't use third party keyboard applications, your seed phrase or other sensitive information could be stolen by keyloggers. Stick with the factory installed stock android keyboard.

In general, you can expect any malware/virus that appears in desktop versions, with the only difference being that malware adapts to mobile applications on such devices. If you follow all the advice that you could read in this topic, you have a small chance of infecting your device with something malicious, although you should always count on something new and unpredictable that can slip under the radar and infect millions of smartphones in a very short time.

Since you want to know more, the following link has a good summary of what you are interested in -> https://en.wikipedia.org/wiki/Mobile_malware

Unless your Android phone is Rooted or you install APKs from Unknown Sources.  You should be fine.  Do not visit random websites and do not install less known Play Store applications.  You should stick to the well known and to the ROM your phone came with.  Do not flash another ROM because it will only build more vulnerabilities.

This is how most of the Android users get infected and inflicted damage upon their Wallets.  They do not stick to what is safe and start experimenting while their Bitcoin is still on their phone.  Big mistake.  Just be careful about the websites you visit, what you download, open, install and flash.  Always check many times if what you are doing is safe before actually doing it.

The most common malware that affects crypto wallet users on Android are clipboard hijackers and fake wallet apps but the point is, it is not just limited to it and the potential list can be endless.

Apart from the malware directly targeting crypto wallets, the platform is highly prone to be attacked by spyware, trojans, adware, backdoors, etc which will be a threat to the security of your funds along with any data stored like wallet backup, seed phrases, passwords.

I've implemented something like this before, even the BTC wallet I installed on Android is sometimes only used for small transactions like depositing on a casino platform or exchanging it for altcoins for small purposes. I've minimized the risks with these precautions.

However, the big question is... what kind of malware and spyware has affected BTC wallet users on Android? It's true, I haven't encountered any malware and spyware on Android that threatens my security, but it's essential for me to know what their models are... this way, my vigilance will be more appropriately tuned without compromising my security.

It's true, this is secure... but unfortunately, it eliminates the high mobility function that I desire in an all-in-one Android phone. I can't carry two gadgets when going somewhere, even if their sizes fit in my bag. It's not much different from installing my wallet on a private laptop with small size.

• Do not try to download programs from unknown sources.
• Do not try to download programs with low downloads from Google Play.
• Download only trusted applications that have thousands of downloads.
• Try to reduce the number of programs you download, as there is no need to download any application or game you like.
• Do not store seeds in digital form or give permissions to any application to do so, including keyboard.
• Check the address several times before sending.
• Avoid random browsing and linking your wallet to any service.
• Make the phone specific for sending Bitcoin and receiving calls.

You cannot ensure the safety of any wallet that is in an online device, that's because it is not possible to be totally sure that your device is free from malware, even if you try to look out for them. Any wallet on any online device is prone to hacking, so instead of you looking for possible kinds of malware, only store a small amount of BTC in your online wallet, that's an amount that you can afford to lose. Take note that a mobile phone is not also a good device to store a large amount of BTC, in that case you should buy a hardware wallet for your funds, or set up an airgapped wallet if you have the knowledge to do so.

Before having two androids, which I have now separated, androids that had an open source and trusted wallet installed (BlueWallet), I didn't install many applications other than the default ones.

Even though my Android version supports capacity if I play games, there isn't a single game installed so as long as I'm still carrying out my activities as usual and the battery life can last all day even if the internet is active unless I fall asleep (the internet connection is dead and I turn off the Android so it won't be disturbed when I sleep) .

There is a separation between Androids that have a wallet installed and Androids that do not have a wallet installed.
Android with a wallet installed, I limit the internet connection by activating airplane mode as long as I don't need internet access.

Open source and well-reputed wallet like Electrum is go to options for Android bitcoin users and keeping it updated along with software updates and patches don't mitigate the risk of malware. Android is prone to such attacks because users are likely to install premium versions of applications from pirated sites which we call modded APKs is the biggest and most common mistake an Android user which puts the user's privacy at high risk.

Users of Android phones since 2014 will certainly have many Android security updates and that is your protection until now.

If you use it daily and are constantly exposed to the internet, it will be more at risk for malware and some other viruses or ransomware that might infect.

The statement about "I'm smart enough" seems to need to be changed, because no matter how smart you are to avoid it there will be times when you unknowingly and carelessly click on some foreign files or links that lead to Malware.
Don't get caught up with clever words, because it will take away your vigilance.
Remember that scammers are constantly upgrading their ability to hack into any system.

Some of the security measures you should be aware of are
- If possible, the primary wallet should be installed on a smartphone that you do not use intensively for internet and other online purposes.

- Do not install unknown apps, or apps from untrusted third parties, There will now be a warning about installing new apps.
There is Google Protect for Android which will provide information on whether the app is safe or not.

- Do not connect your device to unknown networks such as free Wifi in cafes or other places.
Some scammers usually trap their victims with Free Wifi.

- Remove apps that have lots of ads such as games and some apps that provide pop-up ads.
The beginning of malware comes from applications like that.

Stay vigilant and always check every detail that is done.
Danger can come from anywhere, My device has even been attacked by Ransomware made my files locked,
it was a valuable lesson for me to stay alert in any case.

From my experience, using open-source wallet apps from verified sources is a good way to stay safe. Stick to well-known and reputable wallet providers to minimize this risk. Also, keeping your Android and everything on it updated helps prevent potential vulnerabilities.

But above all, ensure your wallet usage aligns with the security risk it inherently carries. These mobile wallets, or hot wallets as we call them, are made for everyday use - for making frequent payments and transactions. So it's best not to rely solely on your mobile wallet or use it for long-term storage. If you wanna keep your coins secure for a good while, go with a cold wallet instead.