Title: How can we address wallet security on mobile devices? Post by: Cypherpunk38 on August 08, 2015, 05:11:49 PM There's no doubt about it, people want to use Bitcoin on their mobile devices and, in such a connected world, there's no particular reason that mobile woudn't be the next frontier for Bitcoin. But mobile security is a pretty scary place. So my question is pretty simple:
In your opinion, what is the safest way to run a Bitcoin wallet on a mobile device? I don't mean a watch-only wallet, I mean a fully functional wallet. Let's assume for this discussion that "don't" and "convince the OS makers to make security better" aren't valid answers since those don't address the need right now. Title: Re: How can we address wallet security on mobile devices? Post by: BitcoinNewsMagazine on August 08, 2015, 05:16:14 PM There's no doubt about it, people want to use Bitcoin on their mobile devices and, in such a connected world, there's no particular reason that mobile woudn't be the next frontier for Bitcoin. But mobile security is a pretty scary place. So my question is pretty simple: In your opinion, what is the safest way to run a Bitcoin wallet on a mobile device? I don't mean a watch-only wallet, I mean a fully functional wallet. Let's assume for this discussion that "don't" and "convince the OS makers to make security better" aren't valid answers since those don't address the need right now. Most folks are not concerned about security until they have a problem. The safest but still convenient way to use bitcoin on Android are Mycelium wallet using Trezor to hold your private keys. Yes, you have to sign each payment with the Trezor but it is not that much trouble. Title: Re: How can we address wallet security on mobile devices? Post by: Cypherpunk38 on August 08, 2015, 05:24:34 PM There's no doubt about it, people want to use Bitcoin on their mobile devices and, in such a connected world, there's no particular reason that mobile woudn't be the next frontier for Bitcoin. But mobile security is a pretty scary place. So my question is pretty simple: In your opinion, what is the safest way to run a Bitcoin wallet on a mobile device? I don't mean a watch-only wallet, I mean a fully functional wallet. Let's assume for this discussion that "don't" and "convince the OS makers to make security better" aren't valid answers since those don't address the need right now. Most folks are not concerned about security until they have a problem. The safest but still convenient way to use bitcoin on Android are Mycelium wallet using Trezor to hold your private keys. Yes, you have to sign each payment with the Trezor but it is not that much trouble. I totally agree but this doesn't seem possible for the cheaper devices since some of them don't support USB2GO. For example, a friend of mine has a rooted Galaxy Tab 3 and, while the firmware supports USB2GO, the hardware apparantly doesn't. It's absolutely the most secure but is it really feasible to ask people to either buy fairly more expensive tablets plus a Trezor just to store some Bitcoin? I suppose the answer to that depends on how many Bitcoin we're talking about, but it just seems like a bit much. Title: Re: How can we address wallet security on mobile devices? Post by: unamis76 on August 08, 2015, 05:32:03 PM You can use iOS, as it is a walled garden, as people say, and it is secure enough for small quantities. You can also use an unrooted Android... same thing, secure enough for small quantities. One can also argue that a rooted Android and an advanced user is a secure combination (something more questionable).
I think current mobile OS's have enough security for mobile wallets. They're made to have just some change, after all. We can address problems by having penetration testing on software releases and continuous support/updates/teams making bug fixes... which we already have. Don't forget most problems are between the keyboard and the chair, not the keyboard and the monitor ;) Title: Re: How can we address wallet security on mobile devices? Post by: Holliday on August 08, 2015, 05:40:06 PM Just use Mycelium and treat it like a traditional wallet (don't carry more than you can afford to lose). You can even carry additional funds in the form of a paper wallet that you can import while you are out.
Is phone security really that bad? (I've never had an issue.) Title: Re: How can we address wallet security on mobile devices? Post by: Mickeyb on August 08, 2015, 05:42:52 PM Well mycelium works great in my opinion. Security wise it is pretty well designed in my opinion as well. I am personally using it with the Trezor and I am feeling pretty secure.
People that don't have Trezor I think can also feel secure. But that's my opinion! Everyone should judge in their opinion and use as they feel the safest. Title: Re: How can we address wallet security on mobile devices? Post by: OROBTC on August 08, 2015, 05:45:50 PM ...
I keep about BTC0.2 in my blockchain wallet on iPhone. So far I have never "used" it (spent it), other than receiving some BTC from an ATM in NYC (tale told elsewhere), I have not been to any cafes where I could buy anything with BTC. So, I sent the "more than I could afford" to other wallets and just keep the +/- $50 worth of BTC on my iPhone's wallet. Almost all the larger balance is on Ledger Nano & Trezor. Title: Re: How can we address wallet security on mobile devices? Post by: Cypherpunk38 on August 08, 2015, 05:48:51 PM You can use iOS, as it is a walled garden, as people say, and it is secure enough for small quantities. You can also use an unrooted Android... same thing, secure enough for small quantities. One can also argue that a rooted Android and an advanced user is a secure combination (something more questionable). I think current mobile OS's have enough security for mobile wallets. They're made to have just some change, after all. We can address problems by having penetration testing on software releases and continuous support/updates/teams making bug fixes... which we already have. Don't forget most problems are between the keyboard and the chair, not the keyboard and the monitor ;) Good points. I guess the ultimate answer really is just don't store large amounts of money on your mobile for long periods of time. Plan your spending and only transfer the amounts you need right now to your mobile wallet. It makes sense plus it has the added benefit of teaching people to plan their purchasing. Title: Re: How can we address wallet security on mobile devices? Post by: unamis76 on August 08, 2015, 05:52:14 PM You can use iOS, as it is a walled garden, as people say, and it is secure enough for small quantities. You can also use an unrooted Android... same thing, secure enough for small quantities. One can also argue that a rooted Android and an advanced user is a secure combination (something more questionable). I think current mobile OS's have enough security for mobile wallets. They're made to have just some change, after all. We can address problems by having penetration testing on software releases and continuous support/updates/teams making bug fixes... which we already have. Don't forget most problems are between the keyboard and the chair, not the keyboard and the monitor ;) Good points. I guess the ultimate answer really is just don't store large amounts of money on your mobile for long periods of time. Plan your spending and only transfer the amounts you need right now to your mobile wallet. It makes sense plus it has the added benefit of teaching people to plan their purchasing. Exactly! We will always have this issue, on any kind of software, even if it is proven to be really secure... It might not be. Or it might be, and we'll never really know it for sure :) Title: Re: How can we address wallet security on mobile devices? Post by: bitbaby on August 09, 2015, 07:36:57 AM Just use Mycelium and treat it like a traditional wallet (don't carry more than you can afford to lose). You can even carry additional funds in the form of a paper wallet that you can import while you are out. Is phone security really that bad? (I've never had an issue.) This is the safest method and should be applied by everyone not only on their mobile device but to their hot wallet on their PC as well, keep small amount of money their for everyday needs and keep rest of them in a paper wallet and Mycelium is the only mobile wallet afaik which has the option to import private keys which makes it super safe imo. Title: Re: How can we address wallet security on mobile devices? Post by: xhoneyael on August 09, 2015, 09:26:30 AM mobile is not secure..
what if your phone break what if app is fake.. there are many option to use .. but to make it sure use a lot of wallet and distribute your bitcoin Title: Re: How can we address wallet security on mobile devices? Post by: LiteCoinGuy on August 09, 2015, 09:49:25 AM the danger is that some people might hold 10k in BTC on their stupid phone :-X
so we need some stuff like this i guess: http://insidebitcoins.com/news/bitsim-turns-any-mobile-phone-into-a-bitcoin-wallet/32213 |