Pages:
Author

Topic: WARNING when using mobile device wallets (Android, iOS) (Read 766 times)

hero member
Activity: 714
Merit: 1010
Crypto Swap Exchange
But the only problem at this point would be, how do you remember to use the simple keyboard for the wallet, if you were using the default keyboard for the past two hours inside other apps? Let's assume there are no other 3rd party keyboards. As far as I know, the default keyboard can't be disabled, so maybe if there was the ability to change the color of this simple keyboard, which should be possible since it's open source, then it would be easier to remember which one to use it for wallets.

I can only speak for myself here and I don't think I would have to remember it to switch to a privacy oriented keyboard app when I have to enter some sensitive data. My mobile phone makes it easy to switch between installed keyboards and I'm used to do it, too. If you care about confidentiality of sensitive data, then it should be a no-brainer to switch to the proper keyboard.

As libert19 said, you can color Simple Keyboard mostly to your liking.
hero member
Activity: 2520
Merit: 952
But the only problem at this point would be, how do you remember to use the simple keyboard for the wallet, if you were using the default keyboard for the past two hours inside other apps? Let's assume there are no other 3rd party keyboards. As far as I know, the default keyboard can't be disabled, so maybe if there was the ability to change the color of this simple keyboard, which should be possible since it's open source, then it would be easier to remember which one to use it for wallets.

By clicking 'keyboard' icon at bottom right, this icon will appear whenever you are in text input field [1]. You can disable default keyboard, I have Google keyboard in my device but it's disabled, so it doesn't appear in keyboard list [1].

Simple keyboard supports themes [2].



[1] https://www.talkimg.com/image/MEflf

[2] https://www.talkimg.com/image/MEJ6Z

legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Or you may use barebone keyboard apps like Simple Keyboard [2] which doesn't require Internet acess in first place.


[2] Simple Keyboard

Here's the open-source code on Github for Simple Keyboard and the app is also available on F-Droid.

On mobile devices that use some sort of input method apps, aka keyboard apps, it's crucial to have a secure keyboard app that doesn't spread input data all over the manufacturer's cloud or backend (or Google's/Apple's). Probably every current modern mobile phone has a too fancy keyboard apps that likely don't respect your input's privacy at all. I wouldn't want to enter any important and valuable wallet's mnemonic words for setup/recovery with any pre-installed keyboard app that has typing correction or swipe features.
(Yes, such features can all be implemented locally and securely, but can or do you trust big companies?)

That would be the ideal solution for wallets that do not utilize their own keyboards. But the only problem at this point would be, how do you remember to use the simple keyboard for the wallet, if you were using the default keyboard for the past two hours inside other apps? Let's assume there are no other 3rd party keyboards. As far as I know, the default keyboard can't be disabled, so maybe if there was the ability to change the color of this simple keyboard, which should be possible since it's open source, then it would be easier to remember which one to use it for wallets.
hero member
Activity: 714
Merit: 1010
Crypto Swap Exchange
I would rather suggest one only chooses to use software wallets that have their own virtual keyboards for typing in passwords, seeds...

This is important and preferable as long as the software wallet itself is also open-source. Electrum does this on Android devices. I haven't checked other common and reputable software wallet apps for Android like Bluewallet or Unstoppable with respect to private virtual keyboard usage yet. (I try to avoid having a hot wallet on my mobile phone for more than pocket money amounts).


Or you may use barebone keyboard apps like Simple Keyboard [2] which doesn't require Internet acess in first place.


[2] Simple Keyboard

Here's the open-source code on Github for Simple Keyboard and the app is also available on F-Droid.

On mobile devices that use some sort of input method apps, aka keyboard apps, it's crucial to have a secure keyboard app that doesn't spread input data all over the manufacturer's cloud or backend (or Google's/Apple's). Probably every current modern mobile phone has a too fancy keyboard apps that likely don't respect your input's privacy at all. I wouldn't want to enter any important and valuable wallet's mnemonic words for setup/recovery with any pre-installed keyboard app that has typing correction or swipe features.
(Yes, such features can all be implemented locally and securely, but can or do you trust big companies?)
hero member
Activity: 2520
Merit: 952
Definitely no other way but to stick to original apps within our smartphones OR lets just switch to the Hardware Wallet and Paper Wallets. Best on the market so far.  Smiley
I don't think sticking to the default or stock keyboard app of the smartphone would be the best piece of advice. For example, Google also collects all kinds of data. That's why those keyboard apps can even try to predict the word you wanted to type but misspelled it, and what you might type next.

I would rather suggest one only chooses to use software wallets that have their own virtual keyboards for typing in passwords, seeds...

Keyboard can collect and share data if it's granted Internet access, block it using firewall app like NetGuard [1] (some android skins have this functionality built-in). Of course this will restrict the functionality and some keyboard apps might even refuse to open until you grant Internet access.

Or you may use barebone keyboard apps like Simple Keyboard [2] which doesn't require Internet acess in first place.



[1] NetGuard

[2] Simple Keyboard
copper member
Activity: 2198
Merit: 1837
🌀 Cosmic Casino
Definitely no other way but to stick to original apps within our smartphones OR lets just switch to the Hardware Wallet and Paper Wallets. Best on the market so far.  Smiley
I don't think sticking to the default or stock keyboard app of the smartphone would be the best piece of advice. For example, Google also collects all kinds of data. That's why those keyboard apps can even try to predict the word you wanted to type but misspelled it, and what you might type next.

I would rather suggest one only chooses to use software wallets that have their own virtual keyboards for typing in passwords, seeds...
full member
Activity: 1092
Merit: 227
That's interesting. I never thought those cool font changing keyboards could be disaster like this? I believe this has got something to do with the key loggers type of application where one can remotely watch what is being typed on the other devices if they have those tracking software's installed.

Obviously if we are installing these keyboards then they will give us notifications that what permission to set and let me guess reading and writing data on the device would be first requisite since it is a keyboard.

I am pretty sure one can only be cautious about the app authenticity but the audacity is they will have five star reviews and let me guess they are also from cheap paid task sites and mostly bought one. Definitely no other way but to stick to original apps within our smartphones OR lets just switch to the Hardware Wallet and Paper Wallets. Best on the market so far.  Smiley
sr. member
Activity: 630
Merit: 314
CONTEST ORGANIZER
One last thing i have to say or noted, maybe its only me in conspiracy, but the explorers on mobiles are also tracking us in the keyboard?, i mean they also read what we are typing no matter the keyboard its from other source? Example its Opera collecting what im typing asides o using a Gboard? i think YES. What its you point of view?

Google used to be strictly "don't be evil". We all know how that went.

Assume that all data being collected and sent over the network is being stored somewhere where it can either be hacked or sold to third parties, who will basically do whatever they want with it.

But why is Opera included in the mix? I'm curious, since they just have a browser AFAIK (and might track you through that, rather than through a keyboard).

No i only mention one browser like an example nothing to do with Opera.


[/quote]
But why is Opera included in the mix? I'm curious, since they just have a browser AFAIK (and might track you through that, rather than through a keyboard).
Somewhat off topic, but Opera have a built in free VPN which is absolute trash (just like every other free VPN), not to mention being owned by a Chinese consortium with links to the CCP. I wouldn't trust it for a second.

Browsers always collect user data regardless of what keyboard apps you are using.
Some browsers like Chrome and Opera spy on you constantly, sure, but not all browsers. Just use Tor or Firefox instead.

Yeah i tried it when it was released and..... i never try something worst, also normal pages cant be accessed. THe speed? we normally can expect lower speed on VPN, but this its beyond low.

 I dont know that fact about chinesse consortium, but any VPN its something shady, one day i see some video who show 90% of the VPN are owned by ex Mossad and IDF guys.....
legendary
Activity: 2268
Merit: 18771
But why is Opera included in the mix? I'm curious, since they just have a browser AFAIK (and might track you through that, rather than through a keyboard).
Somewhat off topic, but Opera have a built in free VPN which is absolute trash (just like every other free VPN), not to mention being owned by a Chinese consortium with links to the CCP. I wouldn't trust it for a second.

Browsers always collect user data regardless of what keyboard apps you are using.
Some browsers like Chrome and Opera spy on you constantly, sure, but not all browsers. Just use Tor or Firefox instead.
legendary
Activity: 2730
Merit: 7065
Also if you can, you can use them, b ut in  the long run who can assure you they are not gonna change something and make a backdoor in one update? and yes you can check that, but are you gonna be always checking every update in a cellphone? most people no.
No one can guarantee that. The difference is that if you want to and know how to, you can check what the software does and what was changed in the newer versions. There are no guarantees that the code is safe or free of bugs and vulnerabilities. Turn off automatic updates and download those that you want manually. Most people don't have the skills to check and read code. The best you can do then is to wait with installing the newer versions until some weeks or even months have passed. If no one reports anything suspicious, go ahead and upgrade. I doubt keyboard apps have many updates anyways. There isn't much to update. 
legendary
Activity: 2170
Merit: 1789
Example its Opera collecting what im typing asides o using a Gboard? i think YES. What its you point of view?
I don't think that's news though. Browsers always collect user data regardless of what keyboard apps you are using. I don't recall any popular Android/iOS browser having its own secure keyboard. Even if they do, we can't tell if they really keep no log or just log you as usual. You can probably avoid extensive logging with open-source and privacy-oriented browsers or keyboard apps just like mentioned before. CMIIW.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
One last thing i have to say or noted, maybe its only me in conspiracy, but the explorers on mobiles are also tracking us in the keyboard?, i mean they also read what we are typing no matter the keyboard its from other source? Example its Opera collecting what im typing asides o using a Gboard? i think YES. What its you point of view?

Google used to be strictly "don't be evil". We all know how that went.

Assume that all data being collected and sent over the network is being stored somewhere where it can either be hacked or sold to third parties, who will basically do whatever they want with it.

But why is Opera included in the mix? I'm curious, since they just have a browser AFAIK (and might track you through that, rather than through a keyboard).
sr. member
Activity: 630
Merit: 314
CONTEST ORGANIZER
By the looks of it now I think I need to be a software developer. That way I can build my own keyboard and use it to import export my keys. Without this I have no other ways. I will always be in risk of being hacked. Currently I'm using stock keyboard with Custom Rom installed on my phone (Not stock OS). And you guys talking about security over a simple keyboard!! Now I think even the OS isn't even secure enough. Yes Android maybe Open source but many company doesn't use pure Android os, rather they would modify it and give it a custom skin job as they prefer.

On desktops, the keyboard is hardware and cannot be rewired to do other stuff.

But on phones and tables, the keyboard is software based, and not only that, but developers can make their own keyboards, some of which violate privacy by collecting all kinds of data about you to sell. And it may just so happen that that they sell this data to malicious entities, where even anonymizing your key strokes will not protect you, because other people don't need to know who was typing it, just what was typed.

Yes indeed, also this its really easy to check to anyone, when you start to type or type in the Gboard in your cellphone you can see the three words recomendation to autofill by Gboard and..... yes that words are the words you sometimes write, so they are really know what you are typing.

One time i made a experiment and start to write seed words (not real ones) and after that when i put that word on other things not related, i can see in the suggestion of Gboard the next words.... nothing more to say.

And plus now with the IA integration, with dont have so much run to run, because with AI they are gonna say, "to help you we learn what are you typing and bla bla bla" and the regular people are gonna still gift their privacy even more.

One last thing i have to say or noted, maybe its only me in conspiracy, but the explorers on mobiles are also tracking us in the keyboard?, i mean they also read what we are typing no matter the keyboard its from other source? Example its Opera collecting what im typing asides o using a Gboard? i think YES. What its you point of view?
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
By the looks of it now I think I need to be a software developer. That way I can build my own keyboard and use it to import export my keys. Without this I have no other ways. I will always be in risk of being hacked. Currently I'm using stock keyboard with Custom Rom installed on my phone (Not stock OS). And you guys talking about security over a simple keyboard!! Now I think even the OS isn't even secure enough. Yes Android maybe Open source but many company doesn't use pure Android os, rather they would modify it and give it a custom skin job as they prefer.

On desktops, the keyboard is hardware and cannot be rewired to do other stuff.

But on phones and tables, the keyboard is software based, and not only that, but developers can make their own keyboards, some of which violate privacy by collecting all kinds of data about you to sell. And it may just so happen that that they sell this data to malicious entities, where even anonymizing your key strokes will not protect you, because other people don't need to know who was typing it, just what was typed.
hero member
Activity: 644
Merit: 661
- Jay -
Can you please say some third reliable keyboard partie?
You mean open source keyboards? o_e_l_e_o already mentioned three in the first page of this thread: Openboard, AnySoftKeyboard, and Florisboard.

Also if you can, you can use them, b ut in  the long run who can assure you they are not gonna change something and make a backdoor in one update? and yes you can check that, but are you gonna be always checking every update in a cellphone? most people no.
I will rather have the problem of needing to check the source code than having no clue what goes on whatsoever.
Even if you cannot check the codes directly, following regular updates will give you a heads up if anything changes, but with closed source keyboards or platforms in general you have no clue.

- Jay
sr. member
Activity: 630
Merit: 314
CONTEST ORGANIZER
Does google keyboard(gkeyboard) and swiftkey keyboard counts on what to avoid for 3rd party keyboards. I’m using wallet software most of the time and I’m not aware that there’s still a possibility to hack my wallet through the use of tools outside the wallet.
Yes, they are closed source and collect user information based on what you type presenting a security risk.
Go for free and open source alternatives.


I think yes and no at the same time, you ended up in a cul de sac. Can you please say some third reliable keyboard partie? Also if you can, you can use them, b ut in  the long run who can assure you they are not gonna change something and make a backdoor in one update? and yes you can check that, but are you gonna be always checking every update in a cellphone? most people no.
hero member
Activity: 644
Merit: 661
- Jay -
Does google keyboard(gkeyboard) and swiftkey keyboard counts on what to avoid for 3rd party keyboards. I’m using wallet software most of the time and I’m not aware that there’s still a possibility to hack my wallet through the use of tools outside the wallet.
Yes, they are closed source and collect user information based on what you type presenting a security risk.
Go for free and open source alternatives.

I rarely check my wallet address that I copy when using mobile phone. Thanks for the heads up.
Yuu should always. Not just a quick glance at the first and last few words, but a whole look at the two addresses, i.e, where you are copying from and where you are pasting too.

- Jay -
hero member
Activity: 2758
Merit: 705
Dimon69
DO NOT use third-party keyboards while you are using the wallet app!

Does google keyboard(gkeyboard) and swiftkey keyboard counts on what to avoid for 3rd party keyboards. I’m using wallet software most of the time and I’m not aware that there’s still a possibility to hack my wallet through the use of tools outside the wallet.

I rarely check my wallet address that I copy when using mobile phone. Thanks for the heads up.
legendary
Activity: 2268
Merit: 18771
If a hot wallet is all you can use, then they can still be relatively secure if you take all the sensible precautions. One of those precautions is not importing your seed phrase in to multiple different pieces of software. Choose a good piece of wallet software such as Electrum, use it to generate a new wallet and write down your seed phrase, and then never enter that seed phrase in to any other wallet unless you are recovering your coins in an emergency.

And yes, that hardware will be absolutely fine with Cinnamon.
sr. member
Activity: 322
Merit: 318
The Alliance Of Bitcointalk Translators - ENG>BAN
Then how am I suppose to import the wallet?
The real question is: Why are you importing it?

I'll set up a new wallet and send the coins across.

Because I may be a newbie who doesn't have enough knowledge about hot,cold,hardware wallet. I'm still new to this. And secondly I don't own any hardware wallet, where I live I don't think I can get my hands on these kind of tools. (If they support international purchase and stuff then I think I can buy those)

I'll try to follow the advice you gave about 'creating a new address and sending coins'.

Specs: core i5 9gen 8gb ram 250gb ssd ( I think I have enough hardware to support cinnamon, I'll give it a try.)
Pages:
Jump to: