What are the risks of mobile wallets?

mk4

legendary

Activity: 2716

Merit: 3817

Paldo.io 🤖

Quote from: libert19 on November 10, 2020, 12:04:49 AM

Face ai and fingerprints are easiest security measures to bypass, if you ever get kidnapped or smth, it takes no effort for the criminal to break it.

If you actually get kidnapped, you're screwed either way regardless what security authentication you chose as it's going to be either you unlock the phone, or you lose your head.

Learn about the $5 wrench attack, peeps!

libert19

hero member

Activity: 2464

Merit: 934

Quote from: Lucius on August 28, 2020, 06:29:33 AM

Quote from: Upgrade00 on August 28, 2020, 02:52:29 AM

Quote from: Lucius on August 27, 2020, 05:45:48 AM

Some smartphone manufacturers even give advice on how to avoid fingerprint misuse,

This cannot be overemphasized. Biometric security shortcuts like fingerprint and face recognition are really not secure. Some devices actually allow a face scan when the eyes are closed and some cannot notice differences when a face is similar.
It's weird that sensitive apps like bank apps and wallets allow biometric verification as a security option.

Unfortunately many people think that no one can unlock their smartphone if they use fingerprint or face recognition, but this is far from the truth. As I already wrote, it is a very fast way to unlock the device and does not require remembering passwords and PINs, so as such it is very well accepted given today's fast-paced lifestyle.

Face ai and fingerprints are easiest security measures to bypass, if you ever get kidnapped or smth, it takes no effort for the criminal to break it.

Pmalek

legendary

Activity: 2730

Merit: 7065

Farewell, Leo. You will be missed!

Quote from: pilosopotasyo on October 26, 2020, 11:53:37 AM

...be sure that you downloaded the right wallet from Google play there are so many fake wallet there, be sure to get the link coming from the wallet's official download page.

The problem with Google Play Store is that they don't manually verify what gets uploaded on their site. Many fake wallets escape their verification procedures easily. With a bit of fake reviews and fake positive ratings, my guess is that it doesn't take long to spread that wallet across thousands of devices. It is also wrong to rely on official links that lead to Google Play Store, precisely due to the lack of proper verification on their part.

I can't be bothered to search for an article I read a few months ago that mentioned that an experienced app developer needs about $20 to design a new (fake) wallet. That is just some of the reasons why there are so many fake ones.

pilosopotasyo

member

Activity: 952

Merit: 27

Quote from: 9thsky on August 22, 2020, 01:50:19 PM

What security risks are involved when storing bitcoins in a an Android mobile app wallet, and how to minimize (or preferably eliminate) those risks when using one (such as Electrum)?

Use a very strong password I have two android phones one for my everyday use, the other for all my wallets I did not go out with my phone where I have wallets installed because, be sure that you downloaded the right wallet from Google play there are so many fake wallet there, be sure to get the link coming from the wallet's official download page.

Theb

hero member

Activity: 1680

Merit: 655

I would like to point out that both Apple and Google's App store is also plagued with copycat apps of official wallet apps so you need to keep that in mind that even before having a mobile wallet in your phone their is also a big risk that you will download a fake version of it that is aimed to steal your private keys and passwords. That's why you also need to check the app's information from their developers, upload date, reviews, and rating to see if what you are downloading is the real one you also have the option to check the wallet's official website and look for their App store link in their so you can be redirected to their download page but of course you always need to double check this.

bob123

legendary

Activity: 1624

Merit: 2481

Quote from: jerry0 on October 06, 2020, 04:11:45 PM

Does vpn protect it though?

A VPN does not increase the security at all.
The whole purpose of a VPN is to circumvent geo restrictions and similair.

Regarding privacy.. you are shifting the trust from your ISP to the company providing you the VPN service. Please note that these companies make money with your data. Even if they claim not to.

FOPL

jr. member

Activity: 113

Merit: 1

The anticipated risks may vary depending on the wallet in consideration. Centralized wallet may have extended risks as compared to non-custodial wallet because there are other entities that can get compromised beside the user. A few I can think inclue losing you phone when you haven't properly backed up your private keys, keystore etc. I personally use Atomic Wallet on mobile and have my keystore backed up on Empass password manager. This is possible because Atomic Wallet is a non-custodial wallet and as such gives users full control of their funds.

You can loose your fund in course of sending funds but to a wrong recipient. An unauthorized pary ould get access to phone and transfer your fund. There are a whole lot of other risks.

BitMaxz

legendary

Activity: 3248

Merit: 2971

Block halving is coming.

Quote from: jerry0 on October 06, 2020, 04:11:45 PM

Does vpn protect it though?

I think it doesn't
It's only for privacy purposes it won't protect your wallet app for any risk.

Like the other said from the first page it might also lead to data compromise if you keep using VPN.

If they want a security solution it would be better to use a phone with Knox. Any latest Samsung Galaxy phone has Knox "that provides a secure environment for corporate data and apps"
My phone has a secured folder protected with Knox and you can't able to access the secured folder if you don't have password.

As of now, I don't have any problem using Knox(Secured folder) everytime I made any action inside the secured folder it ask for a password(Which I feel safe compared using a phone without Knox).

jerry0

full member

Activity: 1736

Merit: 186

Does vpn protect it though?

pinggoki

sr. member

Activity: 1442

Merit: 390

★Bitvest.io★ Play Plinko or Invest!

Quote from: 9thsky on August 22, 2020, 01:50:19 PM

What security risks are involved when storing bitcoins in a an Android mobile app wallet, and how to minimize (or preferably eliminate) those risks when using one (such as Electrum)?

Typically, the risk of using your mobile phone to store your coins is being stolen or loss it somewhere so I wouldn't recommend using your phone with these important information. Besides, avoid downloading unknown software so if possible you should have an another phone designated for your storage and on for your daily use.
Keep away your passphrase online because it is more exposed on hackers, much better if you will place it on cold storage.

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

Quote from: Upgrade00 on August 28, 2020, 02:52:29 AM

Quote from: Lucius on August 27, 2020, 05:45:48 AM

Some smartphone manufacturers even give advice on how to avoid fingerprint misuse,

This cannot be overemphasized. Biometric security shortcuts like fingerprint and face recognition are really not secure. Some devices actually allow a face scan when the eyes are closed and some cannot notice differences when a face is similar.
It's weird that sensitive apps like bank apps and wallets allow biometric verification as a security option.

Unfortunately many people think that no one can unlock their smartphone if they use fingerprint or face recognition, but this is far from the truth. As I already wrote, it is a very fast way to unlock the device and does not require remembering passwords and PINs, so as such it is very well accepted given today's fast-paced lifestyle.

I had the option of unlocking my laptop with face recognition 10 years ago, and even then ASUS used this technology on its computers - and honestly when it appeared en masse some 6-7 years later it was already old technology to me. There is no doubt that there has been an improvement in this technology, so in China we have the first stores that allow customers to pay only by scanning a face (Smile-to-pay) that is already pre-connected to a banking application. In other words, you don't need a card, cash, a smartphone to buy something.

ethereumhunter

hero member

Activity: 2856

Merit: 541

Leading Crypto Sports Betting & Casino Platform

Quote from: TheUltraElite on August 28, 2020, 01:24:57 AM

Losing your phone does not necessarily mean that your assets are immediately lost. You have lost access to then temporarily but it would depend on the type of asset you have there. Day you have stocks on a trading app, then without the password they can't access it. Say bitcoin is there in your mobile wallet, you can access your wallet from another device, clean it by sending to a new wallet and leave the thief hanging dry. You have to be quick to react and you might end up saving some of your assets like that.

If we still store the password, we can load the wallet again, but it will be different if we forget about where we save it. That can be a problem for you. It is about how we can remember what the password, and where we keep that password, so if something worst happens, we can have that wallet in other devices. I am sure that we get the assets as soon as possible before the thief steals our assets.

Quote from: TheUltraElite on August 28, 2020, 01:24:57 AM

Now I have heard of this airgapping thing but practically it is something cumbersome to do. Store coins that you might need for daily purpose on your mobile wallet and rest on the desktop wallet. That should work in most cases provided you are taking security of both devices seriously but not obsessively.

Having a back up of the wallet will be a great idea since we don't know what will happens with our wallet and mobile phones. It can help us prevent losing the assets, but we need to take care of the devices from the thief.

Quote from: Twinkledoe on August 28, 2020, 02:58:35 AM

Actually, that is the most common problem with mobile phones, stolen or lost. And if you are not good in securing your passwords or key phrases, your funds will be lost forever. As for me, if I will install mobile wallet, I will only store coins for immediate use but for long storage, I prefer hardware wallet.

Yes, using a hardware wallet as cold storage will also the way to store the coins for a long time, and by doing that, I am sure that we can prevent the stealing that can happen anytime.If the mobile phones have been stolen, we don't have to worry because we can open the wallet on the other devices, and we still have a big amount of assets in the hardware wallet.

dre1982

sr. member

Activity: 770

Merit: 284

★Bitvest.io★ Play Plinko or Invest!

Just use the mobile wallets as hot wallet (so for small payments) and not for storing you coins. If something goes wrong, you don't lose all your money.

For me this works the best. Gladly I never had any problems with mobile wallets (Blockchain.com Android app, Trustwallet)

Twinkledoe

full member

Activity: 1904

Merit: 138

★Bitvest.io★ Play Plinko or Invest!

Quote from: ethereumhunter on August 27, 2020, 08:00:12 AM

Quote from: 9thsky on August 22, 2020, 01:50:19 PM

What security risks are involved when storing bitcoins in a an Android mobile app wallet, and how to minimize (or preferably eliminate) those risks when using one (such as Electrum)?

The security risk if you store your asset in your android mobile app wallet is your phone can be stolen by someone who knows that you store your asset in that phone. Your phone can be lost in somewhere which you don't know.

To minimize that, you should have one mobile phone which you don't carry anywhere you go. That phone will not connect to any telecommunication provider and only connect in your WIFI or the place that has a private internet connection. If you can do that, you don't have to worry about anything.

Actually, that is the most common problem with mobile phones, stolen or lost. And if you are not good in securing your passwords or key phrases, your funds will be lost forever. As for me, if I will install mobile wallet, I will only store coins for immediate use but for long storage, I prefer hardware wallet.

Upgrade00

legendary

Activity: 2030

Merit: 2174

Professional Community manager

Quote from: TheUltraElite on August 28, 2020, 01:24:57 AM

Store coins that you might need for daily purpose on your mobile wallet and rest on the desktop wallet. That should work in most cases provided you are taking security of both devices seriously but not obsessively.

How obsessively someone fusses over their security is likely dependent on how much they hold. The benefit of using a desktop wallet is that it doesn't get carried around easily, but if you regularly visit the internet with it, you're exposed to hack/phishing attacks. Regulating how you use such devices could give you a very high level of security, but one wrong click could do a whole lot of damage.

Quote from: Lucius on August 27, 2020, 05:45:48 AM

Some smartphone manufacturers even give advice on how to avoid fingerprint misuse,

This cannot be overemphasized. Biometric security shortcuts like fingerprint and face recognition are really not secure. Some devices actually allow a face scan when the eyes are closed and some cannot notice differences when a face is similar.
It's weird that sensitive apps like bank apps and wallets allow biometric verification as a security option.

TheUltraElite

legendary

Activity: 2828

Merit: 1213

Call your grandparents and tell them you love them

Quote from: ethereumhunter on August 27, 2020, 08:00:12 AM

The security risk if you store your asset in your android mobile app wallet is your phone can be stolen by someone who knows that you store your asset in that phone. Your phone can be lost in somewhere which you don't know.

Losing your phone does not necessarily mean that your assets are immediately lost. You have lost access to then temporarily but it would depend on the type of asset you have there. Day you have stocks on a trading app, then without the password they can't access it. Say bitcoin is there in your mobile wallet, you can access your wallet from another device, clean it by sending to a new wallet and leave the thief hanging dry. You have to be quick to react and you might end up saving some of your assets like that.

Quote

To minimize that, you should have one mobile phone which you don't carry anywhere you go. That phone will not connect to any telecommunication provider and only connect in your WIFI or the place that has a private internet connection. If you can do that, you don't have to worry about anything.

Now I have heard of this airgapping thing but practically it is something cumbersome to do. Store coins that you might need for daily purpose on your mobile wallet and rest on the desktop wallet. That should work in most cases provided you are taking security of both devices seriously but not obsessively.

ethereumhunter

hero member

Activity: 2856

Merit: 541

Leading Crypto Sports Betting & Casino Platform

Quote from: 9thsky on August 22, 2020, 01:50:19 PM

What security risks are involved when storing bitcoins in a an Android mobile app wallet, and how to minimize (or preferably eliminate) those risks when using one (such as Electrum)?

The security risk if you store your asset in your android mobile app wallet is your phone can be stolen by someone who knows that you store your asset in that phone. Your phone can be lost in somewhere which you don't know.

To minimize that, you should have one mobile phone which you don't carry anywhere you go. That phone will not connect to any telecommunication provider and only connect in your WIFI or the place that has a private internet connection. If you can do that, you don't have to worry about anything.

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

NotATether, Unfortunately, a lock screen is not an obstacle for someone who wants to bypass this protection, and there are several methods that can be used to bypass such protection. A fingerprint is also something that can be bypassed, so you should never rely on these methods in the sense that they are absolute protection.

Some smartphone manufacturers even give advice on how to avoid fingerprint misuse, as there are cases where people have had their data stolen from their smartphones while they were sleeping or were unconscious (under the influence of alcohol or drugs). Setting a PIN is a much safer option in this case, but people mostly go for what's faster and easier - and unlocking a phone with a fingerprint is very popular today.

You can read more at the following links :

https://drfone.wondershare.com/unlock/bypass-android-lock-screen.html
https://www.forbes.com/sites/daveywinder/2019/11/02/smartphone-security-alert-as-hackers-claim-any-fingerprint-lock-broken-in-20-minutes/

I scanned the first link with VirusTotal and it does not show any threat, but I advise caution when downloading any file from that and any other site.

NotATether

legendary

Activity: 1568

Merit: 6660

bitcoincleanup.com / bitmixlist.org

Quote from: ?? on ??

At very least, you should avoid using biometric authentication since it's weak against physical attack.

No one here has mentioned setting a password or unlock pattern to unlock the phone. So even if the phone gets stolen the thief can't access anything inside because they don't know the pattern or password, and there are no brute forcers for phones to find the correct pattern/password because to get any malware on the phone in the first place, you have to trick the user to give some app more permissions, social engineering by making them click on an Approve button.

So if a phone is stolen and it's not already infected then no thief can infect it with malware without knowing the pattern/password to use the phone, short of doing a factory reset which deletes your wallet and all your apps from the phone!

TheUltraElite

legendary

Activity: 2828

Merit: 1213

Call your grandparents and tell them you love them

@Pmalek

VPN does not change anything for in terms of what the OP asked. Some VPNs may promise a lot of privacy but rest assured one fine day the authorities may crack down on them and take their logs. It is like pool of sharks trying to induce more paranoia to the small Frys and then taking their money. Something similar to AV software and using linux on the same. One is enough in my opinion but there are other opinions too.

Like bob123 said, I am lucky enough to live somewhere where such surveillance is almost none. Thus I don't have to bother about VPN. However this does not change the fact that I have to be very secure about how I am storing my private keys and my coins.

Topic: What are the risks of mobile wallets? (Read 465 times)