Bitcoin Forum>Bitcoin>Development & Technical Discussion>Wallet software
Pages:
Author

Topic: WARNING when using mobile device wallets (Android, iOS) (Read 755 times)

Cricktor
hero member
Activity: 714
Merit: 1010
Crypto Swap Exchange
WARNING when using mobile device wallets (Android, iOS)
August 22, 2023, 02:29:11 PM
#66
Quote from: NotATether on August 22, 2023, 02:08:51 AM
But the only problem at this point would be, how do you remember to use the simple keyboard for the wallet, if you were using the default keyboard for the past two hours inside other apps? Let's assume there are no other 3rd party keyboards. As far as I know, the default keyboard can't be disabled, so maybe if there was the ability to change the color of this simple keyboard, which should be possible since it's open source, then it would be easier to remember which one to use it for wallets.

I can only speak for myself here and I don't think I would have to remember it to switch to a privacy oriented keyboard app when I have to enter some sensitive data. My mobile phone makes it easy to switch between installed keyboards and I'm used to do it, too. If you care about confidentiality of sensitive data, then it should be a no-brainer to switch to the proper keyboard.

As libert19 said, you can color Simple Keyboard mostly to your liking.
libert19
hero member
Activity: 2520
Merit: 952
Re: WARNING when using mobile device wallets (Android, iOS)
August 22, 2023, 06:31:29 AM
#65
Quote from: NotATether on August 22, 2023, 02:08:51 AM
But the only problem at this point would be, how do you remember to use the simple keyboard for the wallet, if you were using the default keyboard for the past two hours inside other apps? Let's assume there are no other 3rd party keyboards. As far as I know, the default keyboard can't be disabled, so maybe if there was the ability to change the color of this simple keyboard, which should be possible since it's open source, then it would be easier to remember which one to use it for wallets.

By clicking 'keyboard' icon at bottom right, this icon will appear whenever you are in text input field [1]. You can disable default keyboard, I have Google keyboard in my device but it's disabled, so it doesn't appear in keyboard list [1].

Simple keyboard supports themes [2].


[1] https://www.talkimg.com/image/MEflf

[2] https://www.talkimg.com/image/MEJ6Z

NotATether
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Re: WARNING when using mobile device wallets (Android, iOS)
August 22, 2023, 02:08:51 AM
#64
Quote from: Cricktor on August 20, 2023, 03:40:33 PM
Quote from: libert19 on August 20, 2023, 07:19:00 AM
Or you may use barebone keyboard apps like Simple Keyboard [2] which doesn't require Internet acess in first place.

[2] Simple Keyboard

Here's the open-source code on Github for Simple Keyboard and the app is also available on F-Droid.

On mobile devices that use some sort of input method apps, aka keyboard apps, it's crucial to have a secure keyboard app that doesn't spread input data all over the manufacturer's cloud or backend (or Google's/Apple's). Probably every current modern mobile phone has a too fancy keyboard apps that likely don't respect your input's privacy at all. I wouldn't want to enter any important and valuable wallet's mnemonic words for setup/recovery with any pre-installed keyboard app that has typing correction or swipe features.
(Yes, such features can all be implemented locally and securely, but can or do you trust big companies?)

That would be the ideal solution for wallets that do not utilize their own keyboards. But the only problem at this point would be, how do you remember to use the simple keyboard for the wallet, if you were using the default keyboard for the past two hours inside other apps? Let's assume there are no other 3rd party keyboards. As far as I know, the default keyboard can't be disabled, so maybe if there was the ability to change the color of this simple keyboard, which should be possible since it's open source, then it would be easier to remember which one to use it for wallets.
Cricktor
hero member
Activity: 714
Merit: 1010
Crypto Swap Exchange
Re: WARNING when using mobile device wallets (Android, iOS)
August 20, 2023, 03:40:33 PM
#63
Quote from: logfiles on August 17, 2023, 03:33:24 PM
I would rather suggest one only chooses to use software wallets that have their own virtual keyboards for typing in passwords, seeds...

This is important and preferable as long as the software wallet itself is also open-source. Electrum does this on Android devices. I haven't checked other common and reputable software wallet apps for Android like Bluewallet or Unstoppable with respect to private virtual keyboard usage yet. (I try to avoid having a hot wallet on my mobile phone for more than pocket money amounts).


Quote from: libert19 on August 20, 2023, 07:19:00 AM
Or you may use barebone keyboard apps like Simple Keyboard [2] which doesn't require Internet acess in first place.

[2] Simple Keyboard

Here's the open-source code on Github for Simple Keyboard and the app is also available on F-Droid.

On mobile devices that use some sort of input method apps, aka keyboard apps, it's crucial to have a secure keyboard app that doesn't spread input data all over the manufacturer's cloud or backend (or Google's/Apple's). Probably every current modern mobile phone has a too fancy keyboard apps that likely don't respect your input's privacy at all. I wouldn't want to enter any important and valuable wallet's mnemonic words for setup/recovery with any pre-installed keyboard app that has typing correction or swipe features.
(Yes, such features can all be implemented locally and securely, but can or do you trust big companies?)
libert19
hero member
Activity: 2520
Merit: 952
Re: WARNING when using mobile device wallets (Android, iOS)
August 20, 2023, 07:19:00 AM
#62
Quote from: logfiles on August 17, 2023, 03:33:24 PM
Quote from: Flexystar on August 17, 2023, 09:14:20 AM
Definitely no other way but to stick to original apps within our smartphones OR lets just switch to the Hardware Wallet and Paper Wallets. Best on the market so far.  Smiley
I don't think sticking to the default or stock keyboard app of the smartphone would be the best piece of advice. For example, Google also collects all kinds of data. That's why those keyboard apps can even try to predict the word you wanted to type but misspelled it, and what you might type next.

I would rather suggest one only chooses to use software wallets that have their own virtual keyboards for typing in passwords, seeds...

Keyboard can collect and share data if it's granted Internet access, block it using firewall app like NetGuard [1] (some android skins have this functionality built-in). Of course this will restrict the functionality and some keyboard apps might even refuse to open until you grant Internet access.

Or you may use barebone keyboard apps like Simple Keyboard [2] which doesn't require Internet acess in first place.


[1] NetGuard

[2] Simple Keyboard
logfiles
copper member
Activity: 2170
Merit: 1822
Top Crypto Casino
Re: WARNING when using mobile device wallets (Android, iOS)
August 17, 2023, 03:33:24 PM
#61
Quote from: Flexystar on August 17, 2023, 09:14:20 AM
Definitely no other way but to stick to original apps within our smartphones OR lets just switch to the Hardware Wallet and Paper Wallets. Best on the market so far.  Smiley
I don't think sticking to the default or stock keyboard app of the smartphone would be the best piece of advice. For example, Google also collects all kinds of data. That's why those keyboard apps can even try to predict the word you wanted to type but misspelled it, and what you might type next.

I would rather suggest one only chooses to use software wallets that have their own virtual keyboards for typing in passwords, seeds...
Flexystar
full member
Activity: 1092
Merit: 227
Re: WARNING when using mobile device wallets (Android, iOS)
August 17, 2023, 09:14:20 AM
#60
That's interesting. I never thought those cool font changing keyboards could be disaster like this? I believe this has got something to do with the key loggers type of application where one can remotely watch what is being typed on the other devices if they have those tracking software's installed.

Obviously if we are installing these keyboards then they will give us notifications that what permission to set and let me guess reading and writing data on the device would be first requisite since it is a keyboard.

I am pretty sure one can only be cautious about the app authenticity but the audacity is they will have five star reviews and let me guess they are also from cheap paid task sites and mostly bought one. Definitely no other way but to stick to original apps within our smartphones OR lets just switch to the Hardware Wallet and Paper Wallets. Best on the market so far.  Smiley
Volgastallion
sr. member
Activity: 616
Merit: 314
CONTEST ORGANIZER
Re: WARNING when using mobile device wallets (Android, iOS)
August 10, 2023, 12:56:42 PM
#59
Quote from: NotATether on August 10, 2023, 05:41:45 AM
Quote from: Volgastallion on August 08, 2023, 12:59:13 PM
One last thing i have to say or noted, maybe its only me in conspiracy, but the explorers on mobiles are also tracking us in the keyboard?, i mean they also read what we are typing no matter the keyboard its from other source? Example its Opera collecting what im typing asides o using a Gboard? i think YES. What its you point of view?

Google used to be strictly "don't be evil". We all know how that went.

Assume that all data being collected and sent over the network is being stored somewhere where it can either be hacked or sold to third parties, who will basically do whatever they want with it.

But why is Opera included in the mix? I'm curious, since they just have a browser AFAIK (and might track you through that, rather than through a keyboard).

No i only mention one browser like an example nothing to do with Opera.


[/quote]
Quote from: o_e_l_e_o on August 10, 2023, 11:33:20 AM
Quote from: NotATether on August 10, 2023, 05:41:45 AM
But why is Opera included in the mix? I'm curious, since they just have a browser AFAIK (and might track you through that, rather than through a keyboard).
Somewhat off topic, but Opera have a built in free VPN which is absolute trash (just like every other free VPN), not to mention being owned by a Chinese consortium with links to the CCP. I wouldn't trust it for a second.

Quote from: joniboini on August 10, 2023, 05:53:16 AM
Browsers always collect user data regardless of what keyboard apps you are using.
Some browsers like Chrome and Opera spy on you constantly, sure, but not all browsers. Just use Tor or Firefox instead.

Yeah i tried it when it was released and..... i never try something worst, also normal pages cant be accessed. THe speed? we normally can expect lower speed on VPN, but this its beyond low.

 I dont know that fact about chinesse consortium, but any VPN its something shady, one day i see some video who show 90% of the VPN are owned by ex Mossad and IDF guys.....
o_e_l_e_o
legendary
Activity: 2268
Merit: 18711
Re: WARNING when using mobile device wallets (Android, iOS)
August 10, 2023, 11:33:20 AM
#58
Quote from: NotATether on August 10, 2023, 05:41:45 AM
But why is Opera included in the mix? I'm curious, since they just have a browser AFAIK (and might track you through that, rather than through a keyboard).
Somewhat off topic, but Opera have a built in free VPN which is absolute trash (just like every other free VPN), not to mention being owned by a Chinese consortium with links to the CCP. I wouldn't trust it for a second.

Quote from: joniboini on August 10, 2023, 05:53:16 AM
Browsers always collect user data regardless of what keyboard apps you are using.
Some browsers like Chrome and Opera spy on you constantly, sure, but not all browsers. Just use Tor or Firefox instead.
Pmalek
legendary
Activity: 2730
Merit: 7065
Re: WARNING when using mobile device wallets (Android, iOS)
August 10, 2023, 06:27:51 AM
#57
Quote from: Volgastallion on August 07, 2023, 12:57:05 PM
Also if you can, you can use them, b ut in  the long run who can assure you they are not gonna change something and make a backdoor in one update? and yes you can check that, but are you gonna be always checking every update in a cellphone? most people no.
No one can guarantee that. The difference is that if you want to and know how to, you can check what the software does and what was changed in the newer versions. There are no guarantees that the code is safe or free of bugs and vulnerabilities. Turn off automatic updates and download those that you want manually. Most people don't have the skills to check and read code. The best you can do then is to wait with installing the newer versions until some weeks or even months have passed. If no one reports anything suspicious, go ahead and upgrade. I doubt keyboard apps have many updates anyways. There isn't much to update. 
joniboini
legendary
Activity: 2170
Merit: 1789
Re: WARNING when using mobile device wallets (Android, iOS)
August 10, 2023, 05:53:16 AM
#56
Quote from: Volgastallion on August 08, 2023, 12:59:13 PM
Example its Opera collecting what im typing asides o using a Gboard? i think YES. What its you point of view?
I don't think that's news though. Browsers always collect user data regardless of what keyboard apps you are using. I don't recall any popular Android/iOS browser having its own secure keyboard. Even if they do, we can't tell if they really keep no log or just log you as usual. You can probably avoid extensive logging with open-source and privacy-oriented browsers or keyboard apps just like mentioned before. CMIIW.
NotATether
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Re: WARNING when using mobile device wallets (Android, iOS)
August 10, 2023, 05:41:45 AM
#55
Quote from: Volgastallion on August 08, 2023, 12:59:13 PM
One last thing i have to say or noted, maybe its only me in conspiracy, but the explorers on mobiles are also tracking us in the keyboard?, i mean they also read what we are typing no matter the keyboard its from other source? Example its Opera collecting what im typing asides o using a Gboard? i think YES. What its you point of view?

Google used to be strictly "don't be evil". We all know how that went.

Assume that all data being collected and sent over the network is being stored somewhere where it can either be hacked or sold to third parties, who will basically do whatever they want with it.

But why is Opera included in the mix? I'm curious, since they just have a browser AFAIK (and might track you through that, rather than through a keyboard).
Volgastallion
sr. member
Activity: 616
Merit: 314
CONTEST ORGANIZER
Re: WARNING when using mobile device wallets (Android, iOS)
August 08, 2023, 12:59:13 PM
#54
Quote from: NotATether on August 08, 2023, 02:14:54 AM
Quote from: DYING_S0UL on August 07, 2023, 07:47:52 AM
By the looks of it now I think I need to be a software developer. That way I can build my own keyboard and use it to import export my keys. Without this I have no other ways. I will always be in risk of being hacked. Currently I'm using stock keyboard with Custom Rom installed on my phone (Not stock OS). And you guys talking about security over a simple keyboard!! Now I think even the OS isn't even secure enough. Yes Android maybe Open source but many company doesn't use pure Android os, rather they would modify it and give it a custom skin job as they prefer.

On desktops, the keyboard is hardware and cannot be rewired to do other stuff.

But on phones and tables, the keyboard is software based, and not only that, but developers can make their own keyboards, some of which violate privacy by collecting all kinds of data about you to sell. And it may just so happen that that they sell this data to malicious entities, where even anonymizing your key strokes will not protect you, because other people don't need to know who was typing it, just what was typed.

Yes indeed, also this its really easy to check to anyone, when you start to type or type in the Gboard in your cellphone you can see the three words recomendation to autofill by Gboard and..... yes that words are the words you sometimes write, so they are really know what you are typing.

One time i made a experiment and start to write seed words (not real ones) and after that when i put that word on other things not related, i can see in the suggestion of Gboard the next words.... nothing more to say.

And plus now with the IA integration, with dont have so much run to run, because with AI they are gonna say, "to help you we learn what are you typing and bla bla bla" and the regular people are gonna still gift their privacy even more.

One last thing i have to say or noted, maybe its only me in conspiracy, but the explorers on mobiles are also tracking us in the keyboard?, i mean they also read what we are typing no matter the keyboard its from other source? Example its Opera collecting what im typing asides o using a Gboard? i think YES. What its you point of view?
NotATether
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Re: WARNING when using mobile device wallets (Android, iOS)
August 08, 2023, 02:14:54 AM
#53
Quote from: DYING_S0UL on August 07, 2023, 07:47:52 AM
By the looks of it now I think I need to be a software developer. That way I can build my own keyboard and use it to import export my keys. Without this I have no other ways. I will always be in risk of being hacked. Currently I'm using stock keyboard with Custom Rom installed on my phone (Not stock OS). And you guys talking about security over a simple keyboard!! Now I think even the OS isn't even secure enough. Yes Android maybe Open source but many company doesn't use pure Android os, rather they would modify it and give it a custom skin job as they prefer.

On desktops, the keyboard is hardware and cannot be rewired to do other stuff.

But on phones and tables, the keyboard is software based, and not only that, but developers can make their own keyboards, some of which violate privacy by collecting all kinds of data about you to sell. And it may just so happen that that they sell this data to malicious entities, where even anonymizing your key strokes will not protect you, because other people don't need to know who was typing it, just what was typed.
un_rank
hero member
Activity: 644
Merit: 661
- Jay -
Re: WARNING when using mobile device wallets (Android, iOS)
August 08, 2023, 02:11:27 AM
#52
Quote from: Volgastallion on August 07, 2023, 12:57:05 PM
Can you please say some third reliable keyboard partie?
You mean open source keyboards? o_e_l_e_o already mentioned three in the first page of this thread: Openboard, AnySoftKeyboard, and Florisboard.

Quote from: Volgastallion on August 07, 2023, 12:57:05 PM
Also if you can, you can use them, b ut in  the long run who can assure you they are not gonna change something and make a backdoor in one update? and yes you can check that, but are you gonna be always checking every update in a cellphone? most people no.
I will rather have the problem of needing to check the source code than having no clue what goes on whatsoever.
Even if you cannot check the codes directly, following regular updates will give you a heads up if anything changes, but with closed source keyboards or platforms in general you have no clue.

- Jay
Volgastallion
sr. member
Activity: 616
Merit: 314
CONTEST ORGANIZER
Re: WARNING when using mobile device wallets (Android, iOS)
August 07, 2023, 12:57:05 PM
#51
Quote from: un_rank on August 07, 2023, 11:25:06 AM
Quote from: dimonstration on August 07, 2023, 11:08:52 AM
Does google keyboard(gkeyboard) and swiftkey keyboard counts on what to avoid for 3rd party keyboards. I’m using wallet software most of the time and I’m not aware that there’s still a possibility to hack my wallet through the use of tools outside the wallet.
Yes, they are closed source and collect user information based on what you type presenting a security risk.
Go for free and open source alternatives.


I think yes and no at the same time, you ended up in a cul de sac. Can you please say some third reliable keyboard partie? Also if you can, you can use them, b ut in  the long run who can assure you they are not gonna change something and make a backdoor in one update? and yes you can check that, but are you gonna be always checking every update in a cellphone? most people no.
un_rank
hero member
Activity: 644
Merit: 661
- Jay -
Re: WARNING when using mobile device wallets (Android, iOS)
August 07, 2023, 11:25:06 AM
#50
Quote from: dimonstration on August 07, 2023, 11:08:52 AM
Does google keyboard(gkeyboard) and swiftkey keyboard counts on what to avoid for 3rd party keyboards. I’m using wallet software most of the time and I’m not aware that there’s still a possibility to hack my wallet through the use of tools outside the wallet.
Yes, they are closed source and collect user information based on what you type presenting a security risk.
Go for free and open source alternatives.

Quote from: dimonstration on August 07, 2023, 11:08:52 AM
I rarely check my wallet address that I copy when using mobile phone. Thanks for the heads up.
Yuu should always. Not just a quick glance at the first and last few words, but a whole look at the two addresses, i.e, where you are copying from and where you are pasting too.

- Jay -
dimonstration
hero member
Activity: 2716
Merit: 698
Dimon69
Re: WARNING when using mobile device wallets (Android, iOS)
August 07, 2023, 11:08:52 AM
#49
Quote from: NotATether on August 01, 2023, 02:50:57 AM
DO NOT use third-party keyboards while you are using the wallet app!

Does google keyboard(gkeyboard) and swiftkey keyboard counts on what to avoid for 3rd party keyboards. I’m using wallet software most of the time and I’m not aware that there’s still a possibility to hack my wallet through the use of tools outside the wallet.

I rarely check my wallet address that I copy when using mobile phone. Thanks for the heads up.
o_e_l_e_o
legendary
Activity: 2268
Merit: 18711
Re: WARNING when using mobile device wallets (Android, iOS)
August 07, 2023, 11:02:24 AM
#48
If a hot wallet is all you can use, then they can still be relatively secure if you take all the sensible precautions. One of those precautions is not importing your seed phrase in to multiple different pieces of software. Choose a good piece of wallet software such as Electrum, use it to generate a new wallet and write down your seed phrase, and then never enter that seed phrase in to any other wallet unless you are recovering your coins in an emergency.

And yes, that hardware will be absolutely fine with Cinnamon.
DYING_S0UL
sr. member
Activity: 322
Merit: 318
The Alliance Of Bitcointalk Translators - ENG>BAN
Re: WARNING when using mobile device wallets (Android, iOS)
August 07, 2023, 10:52:25 AM
#47
Quote from: o_e_l_e_o on August 07, 2023, 10:43:57 AM
Quote from: DYING_S0UL on August 07, 2023, 08:59:53 AM
Then how am I suppose to import the wallet?
The real question is: Why are you importing it?

I'll set up a new wallet and send the coins across.

Because I may be a newbie who doesn't have enough knowledge about hot,cold,hardware wallet. I'm still new to this. And secondly I don't own any hardware wallet, where I live I don't think I can get my hands on these kind of tools. (If they support international purchase and stuff then I think I can buy those)

I'll try to follow the advice you gave about 'creating a new address and sending coins'.

Specs: core i5 9gen 8gb ram 250gb ssd ( I think I have enough hardware to support cinnamon, I'll give it a try.)
Pages:
Bitcoin Forum>Bitcoin>Development & Technical Discussion>Wallet software
Jump to: