Topic: WARNING when using mobile device wallets (Android, iOS) - page 2. (Read 693 times)

The real question is: Why are you importing it?

I have a mobile hot wallet, for which I accept the poor security of hot wallets because of the convenience they bring. In this wallet I store a small amount of bitcoin I can afford to lose. That's my only hot wallet. I don't need to import it anywhere else, because it's already on my phone. If I needed to change phones, then I'll set up a new wallet and send the coins across.

For every other wallet I own, of which there are many, there is almost no scenario in which I would ever import the seed phrase on to a phone. These are a variety of cold wallets, paper wallets, hardware wallets, etc. I have never imported one of these wallets to a phone, and if I ever did, then that wallet is immediately compromised and insecure.

If you are looking for the closest feel to Windows, and your computer isn't ancient, then Cinnamon. If you need something light on resources for older devices, then MATE or Xfce will be better.

No, no, it's not like that, you can feel very safe and secure. You have to ask yourself questions like how many bitcoins you hold, you have to know your neighborhood, friends, etc. If you don't live near Silicon Valley and your friends aren't top hackers or scammers or thieves, then you can feel safe and secure with your coins. You guys love too much drama, if you follow basic security advices, your wallet and coins will be very secure. Use airgapped computer, nothing will happen. I even bet, if you connect to internet with your computer and only visit websites like Youtube, twitter, facebook, instagram, won't click on ads and won't visit malicious/unknown websites, won't download pirated software and so on, I bet your wallet will be secure. It won't be a cold wallet anymore but even if you take care of hot wallet, you can feel very secure.

And tip! Follow o_e_l_e_o's advices, he is a great guy and knows what he says.

o_e_l_e_o is suggesting not to enter your seed phrase on a non-airgapped device.
If you create your wallet on an airgapped device using a safe tool and never enter your seed phrase on a non-airgapped device, you can be sure that there's no way for hackers to gain access to your seed phrase.

Then how am I suppose to import the wallet? Little confused here. I have to type in the passphase, don't it?


There are 3 version of mint? Which one did you use or prefer?

There is a much simpler solution to all the issues being raised here about keyboard apps: Don't type your seed phrase in anywhere. Simple. If I type any seed phrase in to any non-airgapped device ever, I immediately consider it compromised.

Moving from Windows to Linux is always a good idea, but as I said above, don't think that making this one change suddenly makes all your wallets secure. If you have a bit of technical knowledge, then I would suggest using Debian. If you don't, then I would suggest Mint since it is the closest in look and feel to Windows and relatively easy to set up and use.

By the looks of it now I think I need to be a software developer. That way I can build my own keyboard and use it to import export my keys. Without this I have no other ways. I will always be in risk of being hacked. Currently I'm using stock keyboard with Custom Rom installed on my phone (Not stock OS). And you guys talking about security over a simple keyboard!! Now I think even the OS isn't even secure enough. Yes Android maybe Open source but many company doesn't use pure Android os, rather they would modify it and give it a custom skin job as they prefer.

BTW anyone use any linux distro? I was thinking to shift from Windows to Linux. Any suggestion?

Not at all. There are plenty of secure ways to store your keys, but a hot wallet is never one of them.

So use a hardware wallet where all the hardware and software is open source, such as Passport. Should they come under pressure to implement backdoors or similar, that will be viewable in the code.

A good Linux distro will be safer than Windows or MacOS, but simply using Linux does not make your wallets magically impenetrable. It is a single part of a good security set up.

That means our bitcoins are never safe even when we store them in the most secure ways. Even hardware wallets because they are produced and distributed by centralized companies, and they can come under pressure from the government at any time.

I've never used Linux before, but I've heard people say it's an open source operating system. So is it safe for me to use Electrum in conjunction with the Linux operating system?

If Linux is really secure, then setting up an air-gapped wallet is the safest for us.

This is a completely false sense of security. Any decent malware can just wait until internet access is reestablished in order to transmit data. Devices are either airgapped or they are not. There is no such thing as this temporary airgap that people talk about.

The stock OSs which come pre-installed on phones are almost all closed source, so the answer is generally no, unless you are one of the few people using phones such as PinePhone or Librem.

You are right when you say that mobile phones are, to put it mildly, not the safest. If possible, you should minimize the interaction with cryptocurrencies using mobile devices. If you store crypto on it, then only for pocket expenses, which you are ready to part with at any moment.

If desktop devices can be customized at your own discretion (choose an OS, programs and check their code), then in mobile devices the OS is preinstalled and all that remains is to believe the manufacturer's security assurances.


There are no guarantees that stock Android devices (especially from Chinese manufacturers) don't collect data either.


Updates on Windows Phone are no longer released, but this may play into the hands. There are relatively few such devices, and therefore, will attackers want to spend time and effort creating malicious programs for outdated, unpopular, moreover, dead operating systems? It seems to me that it is easier for them to concentrate on Android and iOS, where, due to the mass character, they will be able to find their victims. And Windows Phone, at best, is used by one and a half Johns around the world, and even those who don't have cryptocurrencies on these phones.

What are your thoughts on feature phones, like the blackberry with an external keyboard and the like? Astro Slide 5G Transformer, for example (although who knows what apps will be preinstalled here).

You are not trusting that either, rather you are trusting verifying that electrum does not remotely store your private keys which will leave it exposed to be stolen. Even if the OS says they are not monitoring your data, they most likely are, what you have to do is limit to a minimum the amount of data they can access.

But as suggested above using an airgapped device or an open source hardware wallet like Passport is your safest option, cause the OS plays a huge role in the security of the applications that are run on them.

- Jay -

Hot wallets are very prone to hacking, even if you use an open source OS only a small amount of funds should be held in a hot wallet. You should use either a hardware wallet to store your main funds or a properly set up air-gapped wallet that will never be connected to the internet, with a Linux based OS installed. If you use a cold storage set-up to store your funds, you can then install apps you want on your online device because it does not hold any of your funds, except maybe a small amount of it for daily transactions.

I use Gboard with all my mobile devices, both iOS and Android driven. I suppose Apple doesn’t even know what I type. Probably it’s even a little bit safer than using different stock keyboards with different mobile devices.

I have a question, if we can't trust the stock Android or Apple keyboard, can we trust their operating system or hardware product? Because we are also using their phone or computer to install Electrum. I am using Iphone, and everytime I install 3rd party app, they ask me if I allow the app to track me or not. Maybe Apple is trying to protect their customers' privacy from 3rd parties, but when I download their apps I don't see any warning. I suspect that it is entirely possible that they secretly collect user data.

You are describing an online web wallet here, which is unsafe to begin with and one should not even think of using a web wallet to store their BTC. In a web wallet you do not control your keys and your funds can be easily be hacked because it is online, there are enough open source software and hardware wallets like Electrum, Sparrow and Passport that you can use to hold your coins. And if you are using a good self custody wallet, it is obvious that you should not use your seed phrase or private key to import you wallet into any unsafe device or one that is not yours.

I'm glad you now know the harm they can cause you because they are not worth it. One of the ways hackers get access to your phone and wallet is through malware-infested apps and google playstore is good place where most of these apps are dumped by hackers. Stay clear off fancy keyboards and launchers, only use stock android keyboard, limit the way you give permissions to third party apps and when importing your seed phrase make sure your phone is not connected to the internet

Add it to what the op has said, don't use third party desktop, laptop and mobile phone to login your wallet accounts because most of those guys, your friends, and family members set their devices autofill, that is automatically saved the username and the password so even though you logout from the device at the moment, once the person went to the browser/app and a click in the login box, all your details appear and once he clicks the username, the password would automatically refill in the box and the person will login to your wallet. I have heard this one before but for the keyboard this is the first time I am hearing it. Thank you op for the information. Caution must be taken and will be extent to friends and families.

Right right. But unless you have rooted your phone (which brings a whole host of other security risks) and can individually block specific permissions or specific apps, is there anyway to prevent these keyboard apps from accessing the internet any time you are connected? I suspect not.

Smart phones in general are awful for your privacy and security. Everyone should go in to their phone's permissions at some point and take a look at just how many apps can access your camera, your microphone, your files, your messages, your location, and so on. And for lots of these apps, if you try to disable these unnecessary permissions they will just refuse to work.

I think its more easy to think and use the corrects tools.

1- Never use a mobile wallet like your saves wallet.

2- Use mobile wallet only to and when you need to do some transfer or if you are gonna travel, and send from other wallets the X ammount you think you are gonna spend, nothing more and nothing less.

So, in the worst case scenario of a hacking you are not gonna lose so much or also nothing.

Anyways asides of my explanation, really good info you are spreading about the problem of third parties keyboard, people tends to trust so much in all.

What! Is this also applicable?
This is why one needs to be generally visiting most of the various section of this forum because, if I am not mistaken never posted over here or even have to come read things over here that much, opening this section and I found this topic make me feels I am missing a lot of things. But nevertheless, I won't enable any other keyboard from my phone apart from in-build keyboard, although I do love using customized theme just as a Go-Launcher with various style of theme color displayed including keyboard but with this post I won't dear to allow that happened again. Truly they said "Knowledge is power"!