Bitcoin Forum

I have a friend that wants to buy bitcoin, he wants to hold it for a very long time, he has no device he can use for it and only what I can think about now is for him to go for a paper wallet and he accepted after I explained about it to him, but the problem is that he does not have a computer at all. What I think he should do is to create a paper wallet, but he does not have the device which he can use.

He has an Android phone and he is ready to format it to make the phone look like new, install a bitcoin wallet on it offline and use it to create a paper wallet. The problem is that he can not remove the bluetooth and wifi, he can just only not enable them and make the phone to be offline. Is that not enough to create a paper wallet?

After he use that to create a paper wallet, he will format the phone again.

Without a computer, this is probably the best he can realistically achieve.

What software is he planning to use to generate his wallet? Probably the simplest method would be to use Electrum.

I would then start by putting tape over any cameras on the phone, and doing the rest of the process is an empty room with no other electronic devices and curtains closed. Format an SD card in advance. Then, format the phone, let it boot up, connect to your WiFi, download and verify the Electrum .apk, and transfer it to the SD card and remove the SD card. Then, format the phone again. This time, as soon as possible after the phone has restarted ensure everything is turned off - WiFi, mobile data, Bluetooth, NFC, etc. Turn on airplane mode. Bonus points if he can make some kind of Faraday box to put the phone in while he is doing all this. Install Electrum from the SD card. Use it to generate a wallet, and then write down by hand the seed phrase and a couple of receiving addresses. Then create a new wallet on Electrum, enter the seed phrase from the hand written back up he just made and double check it generates the same addresses as he has written down. Format the SD card and then the phone.

Dude, phone can't be a paper... ever.  :)
He can use his old phone (or cheap laptop) as offline wallet and that will work just fine in most cases, it's enough to reset the phone, and install one Bitcoin wallet app.
Then he should remove sim card, turn of wifi and bluetooth, and enable airplane mode, and use QR codes for communication with other devices.
Some people are going extra measure and they are removing components from phones, but I don't think that is needed.

Better option than old smartphone are hardware wallets, he can make his own DIY signing device that are very cheap (starting from few $) or buy official hardware wallet devices (starting from $50).
There are even hardware wallets in form of credit cards, that are cheap and very secure, they can be used in combination with smatphones for making transactions.

Manuel generation might be worth considering. However, since they're a new user to Bitcoin it might be suspect to errors, which could be problematic. I'm just not sure I'd trust the hardware on a phone. Obviously, tons of people have hot wallets on a phone, and ultimately to trust them.

Under a secure environment. Technically, without a computer formatting the SD card might be difficult, because you've got to trust that the phone is actually wiping that SD card clean. Usually, this is handled through the manufacturers recovery process. Depending on your device, you can access it through holding the power button, and one of the volume buttons at boot up. You can do it via the Android wiping process, however personally I prefer writing via /dev/random whenever possible.

I suppose you also have to trust the computer hardware you're using, and ultimately you have t connect the phone to that trusted computer, which could potentially then become untrusted.

While, taking the above into consideration it also applies to formatting the actual phone. Again, the manufacturers recovery partition is usually responsible for this. When you want to install a custom ROM on a phone, you usually replace this recovery partition with a custom one, especially if you're concerned about security, since even when formatting the phone completely, certain manufacturer partitions remain untouched, as well as the recovery. Some of which, make sense since phones usually have custom functions within their machine code to actually work.

So, you've got to trust the hardware in the first place, since even wiping the operating system doesn't wipe all partitions on the phone, just the system or sometimes refereed to as boot.

I'd probably even potentially recommend a custom ROM for the process, one that doesn't rely on Google Play being installed. Might help with privacy considering that phone has to go online at some point to download Electrum. Something like Aurora Store via F-Droid to download it instead.

It probably is for most people. Plenty of people do it this way, and we don't hear about people losing their Bitcoin on mass. So, it's probably okay. If you really want to dive down the rabbit hole, there's a few security issues which might be raised, but honestly there's no perfect way of doing it, since for most methods you have to trust something or some hardware at some point. Even if you manually generate the private key / seed, which is prone to errors, and there's potential security concerns about the way it's generated, i.e making sure it's random. However, there's also the issue of verification, the only way you can verify it is via importing the seed or private key, into hardware.

I have two questions.
 
1. Why put tape over the phone's camera? It can't record your screen or your keyboard, and since the person has already used this phone before, he might have taken numerous pictures of himself and others around him. Is it because Electrum requires camera permissions (for scanning QR codes)? Do you have reasons to believe the camera access can be used for something else? In that case the proof must be in the code.

2. What happens with the phone afterwards? If the person will use it with all its features as a normal smartphone, can we really trust that all sensitive data got wiped with the last format? 

No, but it could record his hand written seed phrase. No reason to take the risk when the solution is so trivial.

No, you can't. Ideally the phone is either destroyed or remains permanently airgapped from now on (although I am of the belief that without physically opening the phone and removing the necessary hardware a phone is never truly airgapped). However, that does not appear to be an option here, just as the additional steps proposed by Welsh (such as writing over the SD card with junk data from /dev/urandom or accessing the recovery partition) are also not an option here, since there is no computer involved.

As I said above, if OP's friend has a single phone and nothing else, then "this is probably the best he can realistically achieve".

I see. Do you believe this could be an accidental recording done by the user or something malicious by the phone system or one of the pre-installed Google bloatware on it? If we go back to the Android being open-source, that's the place to look for those who know how to. I doubt any of the pre-installed Google apps are or anything else you install from Google that requires camera permissions. It's not a secret that Facebook and Google record everything you say and then you see ads of the things you talked about on social media for example. 

These days, Android lets you know when your camera is being used, however the question is do you trust Google? Also, it's worth mentioning, that a lot of phones are actually not unaltered stock Android, instead the manufacturer will install their own system applications on the phone. For example, I used to have a phone which had certain survivial tools preinstalled on it. That came preinstalled on their phones, so I knew that the operating system they were delivering the phones with was altered by them. So, obviously the next step is uninstall, and install a custom ROM on it.

However, it's quite possible that the manufacturer could actually disable this notification when applications are using your camera. I only know this since, a custom ROM implemented it incorrectly, and it wasn't displaying. So, it isn't out of the possibility that a malicious vendor, or manufacturer could do this. If you aren't buying directly from the manufacturer itself, then the third party could easily install a custom ROM intended for malicious purposes.

In short, yeah I believe a malicious actor could potentially monitor your camera for malicious purposes, and it's probably been done.

It comes down to this; do you trust:
- The Manufacturer
- Whoever you bought the phone from
- Google
- Custom ROM developer

You can verify if your Android is stock through a few ways. A lot of ROMS have issues being a certified Google device, however that can be faked. There's also a lot of ROMs which don't change certain things like the version they used. For example, a lot of custom ROMS are built via AOSP treble (https://github.com/phhusson/treble_experimentations/releases), and that leaves behind some custom settings, but also some fingerprinting in terms of version name etc.

The preinstalled applications aren't open source, the operating system is at least open source. Things like the SIM card tool, and a number of other system applications aren't open source. Maps, Play Store etc aren't open source. Technically, any one of these could compromise the isolation that Android typically has, since it's been implemented by Google themselves, and a lot of the are system applications which have a little more capability compared to ordinary user installed applications.

Right, my attitude is anything that you can't verify yourself, shouldn't be entirely trusted. Now, going back to the question of the OP; Would I feel comfortable generating a seed on a phone? It entirely depends on the use, if it's a hot wallet only used for storing small amounts, probably. If it's for a cold storage wallet, I'd probably explore alternatives before resorting to this. I'd feel more comfortable with Google Play removed, and a lot of the Google services, i.e using a custom ROM, mainly due to privacy issues rather than malicious suspicions though. Since, ultimately I'm not a massive target.

Also, worth noting the very camera application on your phone, likely is closed source. I use OpenCamera as an alternative, but you don't get features that come with the preinstalled camera application. You can use adb to potentially remove any unwanted applications that can't be uninstalled from within the operating system.

Ultimately, it depends on how far you want to go down the rabbit hole. We know, keeping a clean slate in terms of privacy, and security from the big companies like Google is almost impossible. Almost all of this implies to your computer hardware as well though. Since, you have to ultimately trust Microsoft, Intel, AMD, and the manufacturer. You can replace the operating system, just like a phone, but you ain't replacing the machine code that the computer runs on.

Not too worry you or your friend too much, most of this is rather into it; it's not exactly something that a normal user will worry about, and honestly most people aren't even thinking about this sort of stuff, and plenty of users here have mobile phone wallets which haven't been compromised.

So, it's probably safe enough, unless you're a very big target to malicious attackers or companies. Even, then it's based on pure speculation. Most of us trust our computers to generate our private keys.

Anyhow, what I would recommend your friend do is; make sure he formats it with random data, and not simply using the format option via the operating system or recovery partition.

I would do something extra. After creating the useful paper wallet, writing it down (including address), I would ... create one more wallet (with the same name, if asked).
The point is that there's a chance that if you do this the old wallet file gets already overwritten.
I would also format the phone afterwards, but it's known that phone format is not perfect and may be missing some files (I don't know more details, hence that extra step of mine, which may or may not be useful).

Do we have any reports it has happened to crypto users or that they have been targeted by whatever party was interested in obtaining their sensitive data? It's not easy to prove and probably not documented so people can only speculate if it's happening and how.

I've had a funded Bitcoin wallet on my phone for years, and never lost anything. Installing the wallet offline, writing down the seed words, funding the address, and wiping the phone again will probably be okay. But you'll never be 100% sure.

Has "your friend" thought about how he wants to proceed in the future, when he wants to use his funds? If that includes using the same phone as a hot wallet, it gets riskier. Offline signing is the safest, but I've never done that on a phone.

Either.

You would probably be wrong here. Most phones come with a ton of bloatware, not just from Google, but from the phone manufacturer and bunch of their third party buddies who pay to get their bloatware on to your device. Some of this bloatware can be uninstalled, but much cannot without rooting your phone, which most people don't do. Open your phone settings and go to the permissions section and see just how many apps want access to your camera. I think you'd be surprised. Next time you have your hands on a brand new phone, do the same thing. I would expect at least a dozen pieces of software wanting access to your camera, and those are only the ones the OS is showing you, never mind all the hidden system apps and software.

Easily done with Electrum on Android - import an unsigned transaction via QR code, sign it, then display a QR code for export.

Crypto users, not that I'm aware of. There's probably easier ways than to use the camera specifically, since the camera would likely yield unreliable results. It would likely be easier to just install an app which monitors the screen rather than utilizing the camera or compromising the keyboard, which the majority of users use Gboard. However, when users report that they've lost their Bitcoin on their phone, I don't think any official, actual fair reviews have looked at what caused it.

Yeah, it's pure speculation, and I mainly wanted to highlight it's a possibility, and exactly how. There's been reports here (https://www.malwarebytes.com/blog/news/2020/07/we-found-yet-another-phone-with-pre-installed-malware-via-the-lifeline-assistance-program) which were pre installed by the manufacturer. Although, they tend to be for serving adverts or gathering data.

However, since we know malware is a problem on devices, whether preinstalled or not; it's only a matter of time before we hear about a crypto related attack.

QR-codes are more or less black boxes to humans. I wouldn't feel comfortable without at least verifying the QR-code with a different (offline) QR-code reader to confirm actually signed what I wanted.
But at least it's possible, so that gives options :)

Once you scan the QR code with your airgapped Android Electrum, it loads the transaction on your screen so you can see the addresses, amounts, fee, and so on, so you can easily double check what you have scanned before you sign it. Similarly, you can do the same thing when you scan the QR code of your now signed transaction to be able to double check what you are about to broadcast. You could even just scan the QR code of the signed transaction and decode it immediately, manually double check the decoded transaction, and then broadcast it via your own node or somewhere like https://mempool.space/tx/push.

I went back and re-read my post you quoted and I see that I didn't express myself properly. You seem to have gotten the opinion that I was trying to say that not many phone apps require camera access. I know they do. I have manually removed all kinds of permissions (not just the ones requiring access to the camera). Some have to remain though for the underlying apps to function properly unless you turn permissions on whenever you want to use an app and turn it back off afterwards.

I wanted to say that the Android OS is open-source but the Google bloatware and apps by other services aren't. If the system takes random pictures, those who know how to read code should be able to find that in the codebase. It would make Android look really bad if someone discovered something like that. But looking at the code isn't possible with the standard Google apps where you remain in the dark. 

Ahh yes, I misunderstood. I thought you were saying such apps didn't require camera access, rather than such apps are not open source.

But yes, I agree. Even if you decide you trust the Google apps which are bundled with Android (which is insane given their consistent history of invading your privacy and harvesting your data at every level), the amount of third party bloatware on most new phones is staggering. And as I said above, while the average user can uninstall some of it, much of it cannot be removed without root access.

It's one of the reasons why I dislike using phones for any serious money, and the fact that it is significantly harder, if not impossible, to truly airgap a phone. There is no doubt that OP's friend would achieve better security with an airgapped computer running a live OS, but if a phone is the only option, then it makes sense to cover the cameras.

A colleague had similar issue and confiding in me I had to suggest he buys a London used computer which ranges around $50-$80 here my part of Africa, for they are very cheaper compared to a brand new one. He got the computer then completely formatted it to a brand new and used it to create the wallet. Since then I haven't gotten any complained from him relating to it, So i assume it worked out well for him.

OP I assume your friend should be able to afford it too since it's cheaper compared to owning a brand new computer, and it's also an alternative for your friend to avoid losing all his informations and data on his android phone by formatting it. For someone that plans to buy a good amount of bitcoin and hold for a long time then this suggestion isn't a bad one compared to using an android phone.

How long is that long-term holding? And why should your friend remove bluetooth or wifi parts? I think that's excessive. I don't think that this process should turn into obsessive compulsive disorder. If you bought smartphone in store, if you have never visited malicious websites and have never downloaded malwares manually, I think that your friend will be fine by resetting it and creating a wallet. I don't think that normal person is a victim advanced espionage.

Btw if I had to create a bitcoin wallet where I would hold a lot of bitcoin for a long time, I would use old PC, with old monitor, reinstall old OS from old disks/flash cards and create an address from that computer.

Maybe I'm wrong but if I had to hold a lot of bitcoins, I mean higher than 100, I wouldn't trust modern PCs or Smartphones in any way. But anyways, if he wants to hold 1-10 bitcoin, I genuinely believe he doesn't have to act so cautiously.

That's quite an assumption! The thing is: you can never know for sure. And when creating cold storage, being wrong means losing your money.

I think so too. But I prefer to know for sure, which means not taking any risks.

I see no reason to be less careful with 1 Bitcoin than with 100 Bitcoins.

It's one of the reasons I always suggest installing custom ROM on it, which remove the bloatware, and Google applications if you wish. I personally, have a phone that doesn't have Google installed on it. I use Aurora store or F-Droid to get the applications I absolutely need, which quite honestly isn't many at all. Usually, Firefox, and a few open source applications from F-droid.

At the very least, use adb to remove some of the bloatware if you don't want the instability which sometimes comes with custom ROMS.

It's also a rather dangerous assumption, knowing that manufacturers have installed bloatware in their modified android operating system, which they almost always advertise as stock Android. Here's just a few examples:

https://www.wired.co.uk/article/android-phones-hiding-pre-installed-malware
https://www.cnet.com/tech/mobile/android-malware-that-comes-preinstalled-are-a-massive-threat/
https://www.independent.co.uk/tech/android-malware-phones-infected-samsung-galalaxy-s7-nexus-5x-models-before-sale-a7626726.html

Anyway, that's just a few examples that a quick search yielded.


A few questions;
- Can you be sure that those old devices haven't already been compromised
- Can you be sure that the disks/flash cards are secure
- Are you generating them offline, because I'd be more confident with an updated operating system if it was going online, however again probably better offline in the first place

It's not always as simple as that, though, and installing a custom ROM can open you up to a variety of other risks instead: https://www.privacyguides.org/en/os/android-overview/

A fer better option is simply not to use a phone for any serious amounts of money at all. It is very easy to download and flash Tails to a USB drive and use a live OS with your internet disconnected, which will be exponentially more secure than any hot wallet on any phone, stock or custom ROM.

You should obviously keep your OS up to date, but if you are generating keys on an online computer then you should consider those keys as having as low a security as any hot wallet, regardless of your OS. I wouldn't use an old OS since there have been plenty of examples of ones with bugs or vulnerabilities in their random number generators. Better to use Tails (or some other reputable Linux distro) as above.

Right, ideally you want to be using a custom ROM tailored for security, and privacy, that doesn't go against the security practices of Android. They tend to have some nice features about them, but ultimately you're trusting the developer, however usually you'd want to use one that has published their modifications to the AOSP. A lot of the newer custom ROMS support over the air updates also, which wasn't really a thing for a long time.

However, there's are some additional risks with custom ROMS, and you'd be sacrificing the Google protection if you remove the Google applications, make that what you will though. However, even some stock android that comes with the your phone could potentially be going against the security practices of Android, since they're typically modified by the manufacturer, and there's no guarantee that they implement everything correctly. Unless, they ship with 100% stock Android, which they typically don't.

Yeah, I'd agree with that. I personally don't use a phone for accessing my Bitcoin, however if you must I'd consider all the above personally. Although, a lot of it can probably be safely ignored. However, the privacy cocnern is definitely worth highlighting.

Yeah, I'm not sure I'd ever be comfortable with generating a private key on a online computer, honestly. If I wanted a hot wallet, I'd use a hardware wallet. It just prevents a lot of the issues you can come across when accessing your Bitcoin on a online computer.

I am 100 % agreeing with you.
Moreover, buying a phone in a store has absolutely no guarantee, whether it is an online store or a physical store. In the case of refurbished phones it seems to me particularly dubious as to the security of the funds if one uses it as a cold wallet. I will never believe such a device personally.

Personally if I were to use an Android smartphone to store my bitcoin, the first thing I would do is change the base OS, or at least install one in parallel if I were to keep Android features like calling/SMS.

I guess my choice would be a Debian-kit. This is clearly the safest option from my point of view. Once this is installed I imagine I will generate privates keys offline from a safe device, and import them to an Electrum.

For those interested in Debian-kit, you can find more information here: https://f-droid.org/packages/org.dyndns.sven_ola.debian_kit/

I don't know if it would be possible to install Debian or Ubuntu with LTS encryption on a smartphone, but that would be an extremely efficient solution too.

I don't know how many, I tend to prefer the vanilla variants which don't add any additional customization or toggles as you say, and just remove the Google related stuff. These are much less common unfortunately, as every custom ROM has gone down the path of trying to add as much customization as possible.

Generally, if a custom ROM has a ton of customization features, there's more room for error, and they very likely implement a lot of the customization via hacky ways, which go against the core Android security principles. So, ideally you want a custom ROM which hasn't added too much to the code, but instead removed the Google services, and dependent applications. There's a security risk with this also, as obviously Google claims to protect your device with these services.

There's a list of a collection (https://github.com/phhusson/treble_experimentations/wiki/Generic-System-Image-%28GSI%29-list) of various GSI's (Generic System Images). There's also others out there that aren't included on that list. There's also the potential that you do it privately for yourself also.

Although, custom ROMS are better for improving privacy, rather than security since there's likely a trade off of removing the Google applications in the first place, due to them being tied in intrinsically to the Android operating system.

One example, of a popular custom ROM that claims better privacy, and security features is GrapheneOS (https://grapheneos.org/features). However, to achieve that it's heavily modified, and you'll ideally review the code yourself to see how they've implemented those features. Plus, this only works on certain hardware, which is typically the most used phones, therefore that could be an additional risk too. Hence, why a lot of users that haven't got mainstream phones opt for GSI's.

For example, here (https://grapheneos.org/faq#supported-devices) they strongly recommend Google devices:

Which, for me suggests they're ignoring the possibility that Google doesn't compromise your security or privacy via their hardware, which is a little bit hard to believe when they're so against the software of Google. So, there's a ton of different options out there, and ultimately everyone has to make their own decision, since as above one of the most popular custom ROMS suggest something that I don't entirely agree with. Although, we're getting to the tinfoil stage here (I think we've been there for a while to be honest, most users aren't worrying about this soft of stuff).

How many accidents have ever been where the scenario was similar to what I described and users' wallets still got hacked?
I don't say that it's the safest option out there but it's not the dangerous one too.

What do you use to create bitcoin address? Computer or what?
Any chances that your hardwares aren't backdoored?

While I agree with you that everything needs high security, regardless of what, I think that there is a difference between 1 Bitcoin and 100 Bitcoins. The bigger the treasure, the bigger the attack is. No cabin has security guards but mansions? They are on different level.

I think there is a high chance that modern hardwares are backdoored. It's personal choice but I trust old hardware and software more than modern ones in terms of safety and in this case I mean offline, yeah, offline. If you wish, we can discuss more why I talk about offline security.

Another reason why I would choose old device in offline mode is that even if they were compromised 15 years ago, who cares? I think no one is focus on old devices and probably the person who hacked your computer 15 years ago, isn't alive or doesn't use the same pathways he was using back then.

I would never do that when there is perfectly good open source alternative called GrapheneOS, only problem is that you can use that OS only on g00gle devices.
In ideal scenario smartphones should be like computers and you should be able to install any operating system you want, but doing that is much easier said than done.
Second best option is using something like LineageOS, DivestOS or CalyxOS that can be installed on different smartphone models, but they inferior in many ways compared to GrapheneOS.
One more plus for GrapheneOS is that you can support development and updates with Bitcoin donations.

Technically, if your hardware is backdoored, they could potentially be using a way of communicating without being connected to the wifi etc. I'm thinking, potential hidden sim cards, however this would be easily verified by checking the hardware of your computer. Honestly, it should be a part of everyone's security practices to take a look at what's under the hood to make sure there's no unexplained parts or modified components, at least obviously modified. The chip itself is likely compromised, there's been several accusations in the past, but as far as I know there's been no real evidence showing backdoors.

Personally, I don't like recent developments in the CPU with the ME engine, and AMD equivalent. Opens up a ton of attack vectors, so a CPU that doesn't have that capability is definitely preferable. The issue is; often it's no longer supported, and therefore there's no way of updating the interfaces that interact with it.

In terms of phones; it's much less likely someone's checked their hardware on a phone, due to the nature of how they're manufactured. However, I'd probably trust the latest versions of Android more than the older one's, for one they have much better isolation implementations, which the older Android versions didn't even have any isolation if you go back a while.

That's an unfair question: you're asking about the scenario in which no malware has been downloaded, and my point is you can't ever be sure you haven't visited a malicious website.

It's probably safe. But I wouldn't call it cold storage so it's not ideal for long-term holding.

I have different systems and wallets for different purposes.

When using cold storage, that still doesn't leak private keys.

Mansions look different than cabins. Unless there's a targeted attack, an attacker can't know how many Bitcoins a system holds.

It's not just backdoors, phones are basically designed around spyware nowadays.

My 15 years old computer works fine (as long as I can find a 32 bit wallet), but my 15 year old phone can't handle any wallets.
TL;DR: my take: get a laptop. It may not be as easy in some countries, but here I just checked the local version of Craigslist and for €10 to €25 I can choose from a dozen laptops with 1 to 4 GB RAM. I must say I barely use my 1 or 2 GB RAM systems anymore, in my experience 8 GB is the minimum for smooth running from Live DVDs. But 4 GB can definitely work.

My laptop indeed has a sim card slot. I never went full paranoid, but I've considered it: remove the network module, remove the Wifi module, remove the camera, remove the microphone, remove the microphone jack and glue everything else in place.
It could be a fun project on one of those €25 laptops.

There is also the cost basis involved. It costs a lot of money to set up a high tech security system and pay armed security guards to protect your mansion 24/7. It costs nothing to download and use Tails with your internet connection disabled (although obviously better on a permanently airgapped device).

I have pretty much this exact set up for interacting with some of my cold wallets. One thing to remember though - unless you want to transcribe your transactions from the raw hex by hand, you need some way to transfer them electronically. So either leave the camera in but cover it with tape when not in use, or remember not to glue a SD card slot or USB port.

I haven't done this for transactions yet, but it shouldn't be so hard. The key is to use a large font to avoid reading mistakes. I know this from experience typing private keys: misreading some letters happens much more than hitting the wrong key. I use md5sum to ensure I made no mistakes, and if there is a mistake, I can use a hash on part of the text to pinpoint it's location. I just tried: the most annoying part is that transactions don't use Base58, so there's an 0O problem. But even if it takes 10 minutes to copy a transaction, that's a small price to pay for something you don't do too often. And an extra reason to HODL :)

You can of course have both: old hardware for your cold storage on legacy addresses, and modern hardware for your daily transactions.

It's certainly doable, just not very convenient. Fine if your wallet really is long term cold storage though with very few (if any) outgoing transactions.

What format are you using? Raw transactions should be in hex, so 0-9 and A-F. There are no easily confused characters there.

For my long term cold storage, I probably don't want many new features such as Taproot and Lightning. Keep everything as simple as possible to reduce any attack surface to an absolute minimum.

I did a quick test with Electrum. This is what an unsigned transaction looks like:
Typing a legacy transaction is a lot more work than Segwit.

Ahh, right. You are talking about PSBTs, which are in Base64, rather than a raw transaction in hex. I don't think Electrum lets you export unsigned transactions in hex anymore. So yeah, if you want to use hex encoding rather than Base64, you'll need to use different software.

You'll also save yourself a lot of time. Your PSBT has 1,308 characters. A similar one-input one-output legacy-to-legacy transaction (https://mempool.space/tx/9f6d9634d1623a8a1a5334bfa35af29caeaf6c58ad50c1fbf92f53a15c5fb4f6) in raw hex has "only" 382 characters.

Some implement it correctly, some of them don't. It depends on the brand of the phone too, as some manufactures do weird things that aren't conventional.

I've had issues with a SIM card a few times, but the current OS I'm using all features work, but it's pretty much a stock version, with Google services removed. Nothing, special added.

When running a offline wallet, I'd prefer not to connect that computer to the internet, and just download, and verify the Bitcoin wallet on another computer or within a different Qube if you're using Qubes OS, and then install it in a offline environment. Checking the signature of the file on the offline computer again, just to make sure that the first computer wasn't compromised, and was displaying a fake signature.

If someone is confident enough to generate their private key via a manual process, then that can avoid some of the issues with hardware being compromised, but at the end of the day when you come to importing it, you still need to trust that hardware, so it's a difficult one.

Okay, I'm genuinely confident that if you visit only websites like Google, Youtube, Wikipedia, Instagram, Twitter, Facebook, Reddit, news websites like CNN, BBC, FoxNews, Deutsche Welle, Amazon, eBay, PayPal, Your bank's website, etc. I hope you got the point, if you visit that websites, I genuinely believe that your wallets won't be compromised.

OP's friend is limited to options. He wants to hold long-term but his only option is android smartphone. I didn't receive answer on how long or how much bitcoin he wants to hold, also OP hasn't answered to any response, not only my posts but including others too. And since he talks that he can't buy a new smartphone and doesn't have computer, I made an assumption that he is not going to hold a lot of bitcoins.

I think we should end this here :) Unless we hear response from OP :D

Allow me to destroy your feeling of security by showing you the first Google hit I get when I search "malware in ads":
Hackers abuse Google Ads to spread malware in legit software (https://www.bleepingcomputer.com/news/security/hackers-abuse-google-ads-to-spread-malware-in-legit-software/).
There are no safe websites.

Google!? As in, the same Google that are infamous for hosting scams and malware, for accepting money from scammers to boost their scam sites to the top of search results, for accepting money from scammers to place scam ads everywhere, for hosting malicious apps on their playstore, and for harvesting data from your microphone and keyboard and storing it on their servers? Even if you think using Google is safe, all it takes is one wrong click to end up on one of the scams that they are quite happy to promote in exchange for payment. I'm not trusting the security of my wallets to one wrong click.

And even if you don't browse any websites at all, your device still has an internet connection meaning it is still a viable target for attacks.

Hence the instructions I gave in the first post on this thread. These instruction, while still not perfect, are the best that can realistically be achieved using only a single smartphone and are far better than keeping coins in a hot wallet and hoping that you don't get any malware.

That is not what I meant, if you google random things and don't look at the url of website, definitely you'll become a victim of malwares but in Google usage I meant simply searching music in google and visiting specifically youtube, spotify urls, searching biography of famous people and visiting specifically wikipedia. Google just speed ups the process, you should have a list of specific urls and website that you are gonna move from Google or type manually, no one should visit websites other than specific ones.
If you, I and others get malwares from these famous websites, then the whole world should be worried.


I don't say that what you or Loycev say are wrong. Definitely not! I just say that you two are very cautious. While it's a good thing, it's not always that much necessary. For instance, I have created bitcoin wallet in 2021, on a laptop that was connected to the internet. I have some $$$$ into it. Till today, nothing suspicious has happened and I am in total control of my funds, at least no one has stolen them from me.
I agree with you, everyone should be very cautious overall but I always thought that it was very exaggerated, so I risked and let's see how will it end up. 2 years have passed without problems, my behavior will stay the same on that laptop, I never visit an URL that I don't trust. I use that wallet as a hot wallet.

To sum up and make it clear again, I agree that your methods are way safer, I just say that being so cautious is not that necessary unless you hold significant amount of money.

From all the users who created a Bitcoin wallet in 2021, the ones who didn't take proper security precautions must have had more wallets hacked than the users who took proper precautions.
It's like saying you've been driving around without a seat belt for years, so you don't need it. The thing is: you don't know for sure until it's too late, that's why you take precautions.

For people it's the default search engine and they blindly beleive it's safe so whatever comes from their search is safe but in reality they are misleading you and for each ads they get paid no matter if it's scam attempt to make money out of users pocket because they are getting paid.The privacy is really compromised with it as it monitor your each activity like you have just made a normal search about anything you will be recommended with lot of ads as algorithm is set in this manner so what privacy people are expecting from Google? The CEO when can't answer the questions when asked privacy that they track your movements and other things you should be concerned about making more optimistic choices.

The main problem is you will be showcased lot of fake wallets and exchanges when you enter such keywords on google that will lead to some phising links draining your data of devices by installing malwares and most people don't use ad blockers as well but TOR is the best option for them only if they understand about the same.

I do not know anybody who browses the internet in that way. And even if you do, that does nothing to protect you against your final destination being compromised or the many possible attacks which do not require you to connect to a specific website first.

I also have a number of hot wallets on a number of different phones over many years, and have had nothing happen to them. I continue to use such wallets as my daily spending wallets. But I am under no illusion that although I have been safe thus far, these wallets have the worst security of any wallet I use, and therefore I only ever store an amount I am willing to lose in these wallets. They are for convenience, not safety. Given that OP is talking about buying bitcoin and holding it for "a very long time", a simple hot wallet like this would be a very poor choice.