Pages:
Author

Topic: What are the risks of mobile wallets? (Read 526 times)

mk4
legendary
Activity: 2870
Merit: 3873
📟 t3rminal.xyz
November 10, 2020, 09:10:25 AM
#36
Face ai and fingerprints are easiest security measures to bypass, if you ever get kidnapped or smth, it takes no effort for the criminal to break it.

If you actually get kidnapped, you're screwed either way regardless what security authentication you chose as it's going to be either you unlock the phone, or you lose your head.

Learn about the $5 wrench attack, peeps!

hero member
Activity: 2520
Merit: 952
November 09, 2020, 11:04:49 PM
#35
Some smartphone manufacturers even give advice on how to avoid fingerprint misuse,
This cannot be overemphasized. Biometric security shortcuts like fingerprint and face recognition are really not secure. Some devices actually allow a face scan when the eyes are closed and some cannot notice differences when a face is similar.
It's weird that sensitive apps like bank apps and wallets allow biometric verification as a security option.

Unfortunately many people think that no one can unlock their smartphone if they use fingerprint or face recognition, but this is far from the truth. As I already wrote, it is a very fast way to unlock the device and does not require remembering passwords and PINs, so as such it is very well accepted given today's fast-paced lifestyle.

Face ai and fingerprints are easiest security measures to bypass, if you ever get kidnapped or smth, it takes no effort for the criminal to break it.
legendary
Activity: 2730
Merit: 7065
October 28, 2020, 05:06:47 AM
#34
...be sure that you downloaded the right wallet from Google play there are so many fake wallet there, be sure to get the link coming from the wallet's official download page.
The problem with Google Play Store is that they don't manually verify what gets uploaded on their site. Many fake wallets escape their verification procedures easily. With a bit of fake reviews and fake positive ratings, my guess is that it doesn't take long to spread that wallet across thousands of devices. It is also wrong to rely on official links that lead to Google Play Store, precisely due to the lack of proper verification on their part. 

I can't be bothered to search for an article I read a few months ago that mentioned that an experienced app developer needs about $20 to design a new (fake) wallet. That is just some of the reasons why there are so many fake ones. 
member
Activity: 952
Merit: 27
October 26, 2020, 10:53:37 AM
#33
What security risks are involved when storing bitcoins in a an Android mobile app wallet, and how to minimize (or preferably eliminate) those risks when using one (such as Electrum)?

Use a very strong password I have two android phones one for my everyday use, the other for all my wallets I did not go out with my phone where I have wallets installed because, be sure that you downloaded the right wallet from Google play there are so many fake wallet there, be sure to get the link coming from the wallet's official download page.
hero member
Activity: 1680
Merit: 655
October 11, 2020, 05:42:55 PM
#32
I would like to point out that both Apple and Google's App store is also plagued with copycat apps of official wallet apps so you need to keep that in mind that even before having a mobile wallet in your phone their is also a big risk that you will download a fake version of it that is aimed to steal your private keys and passwords. That's why you also need to check the app's information from their developers, upload date, reviews, and rating to see if what you are downloading is the real one you also have the option to check the wallet's official website and look for their App store link in their so you can be redirected to their download page but of course you always need to double check this.
legendary
Activity: 1624
Merit: 2481
October 07, 2020, 05:26:08 AM
#31
Does vpn protect it though?

A VPN does not increase the security at all.
The whole purpose of a VPN is to circumvent geo restrictions and similair.

Regarding privacy.. you are shifting the trust from your ISP to the company providing you the VPN service. Please note that these companies make money with your data. Even if they claim not to.
jr. member
Activity: 113
Merit: 1
October 06, 2020, 05:00:42 PM
#30
The anticipated risks may vary depending on the wallet in consideration. Centralized wallet may have extended risks as compared to non-custodial wallet because there are other entities that can get compromised beside the user. A few I can think inclue losing you phone when you haven't properly backed up your private keys, keystore etc. I personally use Atomic Wallet on mobile and have my keystore backed up on Empass password manager. This is possible because Atomic Wallet is a non-custodial wallet and as such gives users full control of their funds.

You can loose your fund in course of sending funds but to a wrong recipient. An unauthorized pary ould get access to phone and transfer your fund. There are a whole lot of other risks.
legendary
Activity: 3472
Merit: 3217
Playbet.io - Crypto Casino and Sportsbook
October 06, 2020, 04:04:48 PM
#29
Does vpn protect it though?
I think it doesn't
It's only for privacy purposes it won't protect your wallet app for any risk.

Like the other said from the first page it might also lead to data compromise if you keep using VPN.


If they want a security solution it would be better to use a phone with Knox. Any latest Samsung Galaxy phone has Knox "that provides a secure environment for corporate data and apps"
My phone has a secured folder protected with Knox and you can't able to access the secured folder if you don't have password.

As of now, I don't have any problem using Knox(Secured folder) everytime I made any action inside the secured folder it ask for a password(Which I feel safe compared using a phone without Knox).
full member
Activity: 1792
Merit: 186
October 06, 2020, 03:11:45 PM
#28
Does vpn protect it though?
sr. member
Activity: 1666
Merit: 426
September 15, 2020, 11:22:27 AM
#27
What security risks are involved when storing bitcoins in a an Android mobile app wallet, and how to minimize (or preferably eliminate) those risks when using one (such as Electrum)?
Typically, the risk of using your mobile phone to store your coins is being stolen or loss it somewhere so I wouldn't recommend using your phone with these important information. Besides, avoid downloading unknown software so if possible you should have an another phone designated for your storage and on for your daily use.
Keep away your passphrase online because it is more exposed on hackers, much better if you will place it on cold storage.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
August 28, 2020, 05:29:33 AM
#26
Some smartphone manufacturers even give advice on how to avoid fingerprint misuse,
This cannot be overemphasized. Biometric security shortcuts like fingerprint and face recognition are really not secure. Some devices actually allow a face scan when the eyes are closed and some cannot notice differences when a face is similar.
It's weird that sensitive apps like bank apps and wallets allow biometric verification as a security option.

Unfortunately many people think that no one can unlock their smartphone if they use fingerprint or face recognition, but this is far from the truth. As I already wrote, it is a very fast way to unlock the device and does not require remembering passwords and PINs, so as such it is very well accepted given today's fast-paced lifestyle.

I had the option of unlocking my laptop with face recognition 10 years ago, and even then ASUS used this technology on its computers - and honestly when it appeared en masse some 6-7 years later it was already old technology to me. There is no doubt that there has been an improvement in this technology, so in China we have the first stores that allow customers to pay only by scanning a face (Smile-to-pay) that is already pre-connected to a banking application. In other words, you don't need a card, cash, a smartphone to buy something.
hero member
Activity: 2912
Merit: 541
Leading Crypto Sports Betting & Casino Platform
August 28, 2020, 03:24:37 AM
#25
Losing your phone does not necessarily mean that your assets are immediately lost.  You have lost access to then temporarily but it would depend on the type of asset you have there. Day you have stocks on a trading app, then without the password they can't access it. Say bitcoin is there in your mobile wallet, you can access your wallet from another device, clean it by sending to a new wallet and leave the thief hanging dry. You have to be quick to react and you might end up saving some of your assets like that.

If we still store the password, we can load the wallet again, but it will be different if we forget about where we save it. That can be a problem for you. It is about how we can remember what the password, and where we keep that password, so if something worst happens, we can have that wallet in other devices. I am sure that we get the assets as soon as possible before the thief steals our assets.

Now I have heard of this airgapping thing but practically it is something cumbersome to do. Store coins that you might need for daily purpose on your mobile wallet and rest on the desktop wallet. That should work in most cases provided you are taking security of both devices seriously but not obsessively.

Having a back up of the wallet will be a great idea since we don't know what will happens with our wallet and mobile phones. It can help us prevent losing the assets, but we need to take care of the devices from the thief.

Actually, that is the most common problem with mobile phones, stolen or lost. And if you are not good in securing your passwords or key phrases, your funds will be lost forever. As for me, if I will install mobile wallet, I will only store coins for immediate use but for long storage, I prefer hardware wallet.

Yes, using a hardware wallet as cold storage will also the way to store the coins for a long time, and by doing that, I am sure that we can prevent the stealing that can happen anytime.If the mobile phones have been stolen, we don't have to worry because we can open the wallet on the other devices, and we still have a big amount of assets in the hardware wallet.
sr. member
Activity: 770
Merit: 284
★Bitvest.io★ Play Plinko or Invest!
August 28, 2020, 02:02:58 AM
#24
Just use the mobile wallets as hot wallet (so for small payments) and not for storing you coins. If something goes wrong, you don't lose all your money.

For me this works the best. Gladly I never had any problems with mobile wallets (Blockchain.com Android app, Trustwallet)
full member
Activity: 1904
Merit: 138
★Bitvest.io★ Play Plinko or Invest!
August 28, 2020, 01:58:35 AM
#23
What security risks are involved when storing bitcoins in a an Android mobile app wallet, and how to minimize (or preferably eliminate) those risks when using one (such as Electrum)?

The security risk if you store your asset in your android mobile app wallet is your phone can be stolen by someone who knows that you store your asset in that phone. Your phone can be lost in somewhere which you don't know.

To minimize that, you should have one mobile phone which you don't carry anywhere you go. That phone will not connect to any telecommunication provider and only connect in your WIFI or the place that has a private internet connection. If you can do that, you don't have to worry about anything.

Actually, that is the most common problem with mobile phones, stolen or lost. And if you are not good in securing your passwords or key phrases, your funds will be lost forever. As for me, if I will install mobile wallet, I will only store coins for immediate use but for long storage, I prefer hardware wallet.
legendary
Activity: 2254
Merit: 2406
Playgram - The Telegram Casino
August 28, 2020, 01:52:29 AM
#22
Store coins that you might need for daily purpose on your mobile wallet and rest on the desktop wallet. That should work in most cases provided you are taking security of both devices seriously but not obsessively.
How obsessively someone fusses over their security is likely dependent on how much they hold. The benefit of using a desktop wallet is that it doesn't get carried around easily, but if you regularly visit the internet with it, you're exposed to hack/phishing attacks. Regulating how you use such devices could give you a very high level of security, but one wrong click could do a whole lot of damage.

Some smartphone manufacturers even give advice on how to avoid fingerprint misuse,
This cannot be overemphasized. Biometric security shortcuts like fingerprint and face recognition are really not secure. Some devices actually allow a face scan when the eyes are closed and some cannot notice differences when a face is similar.
It's weird that sensitive apps like bank apps and wallets allow biometric verification as a security option.
legendary
Activity: 2898
Merit: 1253
So anyway, I applied as a merit source :)
August 28, 2020, 12:24:57 AM
#21
The security risk if you store your asset in your android mobile app wallet is your phone can be stolen by someone who knows that you store your asset in that phone. Your phone can be lost in somewhere which you don't know.
Losing your phone does not necessarily mean that your assets are immediately lost.  You have lost access to then temporarily but it would depend on the type of asset you have there. Day you have stocks on a trading app, then without the password they can't access it. Say bitcoin is there in your mobile wallet, you can access your wallet from another device, clean it by sending to a new wallet and leave the thief hanging dry. You have to be quick to react and you might end up saving some of your assets like that.

Quote
To minimize that, you should have one mobile phone which you don't carry anywhere you go. That phone will not connect to any telecommunication provider and only connect in your WIFI or the place that has a private internet connection. If you can do that, you don't have to worry about anything.
Now I have heard of this airgapping thing but practically it is something cumbersome to do. Store coins that you might need for daily purpose on your mobile wallet and rest on the desktop wallet. That should work in most cases provided you are taking security of both devices seriously but not obsessively.
hero member
Activity: 2912
Merit: 541
Leading Crypto Sports Betting & Casino Platform
August 27, 2020, 07:00:12 AM
#20
What security risks are involved when storing bitcoins in a an Android mobile app wallet, and how to minimize (or preferably eliminate) those risks when using one (such as Electrum)?

The security risk if you store your asset in your android mobile app wallet is your phone can be stolen by someone who knows that you store your asset in that phone. Your phone can be lost in somewhere which you don't know.

To minimize that, you should have one mobile phone which you don't carry anywhere you go. That phone will not connect to any telecommunication provider and only connect in your WIFI or the place that has a private internet connection. If you can do that, you don't have to worry about anything.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
August 27, 2020, 04:45:48 AM
#19
NotATether, Unfortunately, a lock screen is not an obstacle for someone who wants to bypass this protection, and there are several methods that can be used to bypass such protection. A fingerprint is also something that can be bypassed, so you should never rely on these methods in the sense that they are absolute protection.

Some smartphone manufacturers even give advice on how to avoid fingerprint misuse, as there are cases where people have had their data stolen from their smartphones while they were sleeping or were unconscious (under the influence of alcohol or drugs). Setting a PIN is a much safer option in this case, but people mostly go for what's faster and easier - and unlocking a phone with a fingerprint is very popular today.

You can read more at the following links :

https://drfone.wondershare.com/unlock/bypass-android-lock-screen.html
https://www.forbes.com/sites/daveywinder/2019/11/02/smartphone-security-alert-as-hackers-claim-any-fingerprint-lock-broken-in-20-minutes/

I scanned the first link with VirusTotal and it does not show any threat, but I advise caution when downloading any file from that and any other site.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
August 25, 2020, 05:51:30 PM
#18
At very least, you should avoid using biometric authentication since it's weak against physical attack.

No one here has mentioned setting a password or unlock pattern to unlock the phone. So even if the phone gets stolen the thief can't access anything inside because they don't know the pattern or password, and there are no brute forcers for phones to find the correct pattern/password because to get any malware on the phone in the first place, you have to trick the user to give some app more permissions, social engineering by making them click on an Approve button.

So if a phone is stolen and it's not already infected then no thief can infect it with malware without knowing the pattern/password to use the phone, short of doing a factory reset which deletes your wallet and all your apps from the phone!
legendary
Activity: 2898
Merit: 1253
So anyway, I applied as a merit source :)
August 25, 2020, 12:33:17 AM
#17
@Pmalek

VPN does not change anything for in terms of what the OP asked. Some VPNs may promise a lot of privacy but rest assured one fine day the authorities may crack down on them and take their logs. It is like pool of sharks trying to induce more paranoia to the small Frys and then taking their money. Something similar to AV software and using linux on the same. One is enough in my opinion but there are other opinions too.

Like bob123 said, I am lucky enough to live somewhere where such surveillance is almost none. Thus I don't have to bother about VPN. However this does not change the fact that I have to be very secure about how I am storing my private keys and my coins.
Pages:
Jump to: