Author

Topic: Three questions about a possible vulnerability on Mycelium (Read 161 times)

HCP
legendary
Activity: 2086
Merit: 4361
A lot of this will depend on the specific device and version of the Android OS that the device is running. Newer devices and/or versions of Android support full device encryption, or encrypted app storage etc.

This means that any information that someone might be able to recover from such a device would be effectively useless to them without the appropriate decryption keys etc.

2. If the above statement is true (could be), the possibility of recovering an encrypted data that have been deleted from a device is 1?
There are numerous (unknown) factors at play here (device, android OS version, potential vulnerabilities, attackers resources like budget/time/skill/equipment etc), so it's really impossible to quantify the possibility with any certainty... so while the possibility may not be 0, it's not necessarily 1 either.


...just need to clarify (To know) if they is a loophole that can be sealed or have a reason to avoid or proceed with the “Mycelium single wallet account" for people that use them as the best way to secure large amount of bitcoin.
And given this particular use-case involves dealing with a "large amount of bitcoin"... I'd be inclined to say "No"... it's not suitable. Unless the use-case is simply spending the coins from an existing private key that was created offline etc... ie. import the private key, send ALL the coins (and any change sent to new address created offline etc), consider the old private key "compromised" and never use that old key/address ever again.

Even then, I'd only use Mycelium as a last resort or in an emergency...
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
I don't know why you would use them and it seems an outdated practice by now...

If you do use them, I'd recommend defragmemtkng your device after using them. The private key that's stored is probably pretty small so it's quite likely the information just gets lost from your phone via defragging it. After that there may be a small chance of your data being compromised but I certainly wouldn't put it as high as 1 or even 0.5...
jr. member
Activity: 172
Merit: 8
I'm writing to know if a possible loophole is correct about “Mycelium singe wallet account". Could it be a Barrier now or in the future that a deleted encrypted private key can be recovered using a recovery app.

1. What happens if a phone is misplaced while I make use of the single wallet account?

Mycelium single address account featured on their website, states that “it's an old way of storing large amount of bitcoin, by deleting your private keys from your device and importing it back when needed."

Now when a file is deleted from a device (phone or PC) It is still on the computer unless you overwrite the file. And can be recovered using a good recovery software or App, If it's not overwritten.

2. If the above statement is true (could be), the possibility of recovering an encrypted data that have been deleted from a device is 1?

3. Is it recommendable to make use of the “single address account" that Mycelium supports, knowing that somebody can get hold of my device (either by buying or stealing) and recover the deleted private keys using some recovery Apps.?

Please be receptive about these questions, I want to learn some information. No bad intentions, just need to clarify (To know) if they is a loophole that can be sealed or have a reason to avoid or proceed with the “Mycelium single wallet account" for people that use them as the best way to secure large amount of bitcoin.

Thanks

Source: https://www.quora.com/How-can-I-recover-deleted-encrypted-files-from-an-Android
Jump to: