Bitcoin Forum

Bitcoin => Bitcoin Discussion => Topic started by: Rezoyen on November 05, 2019, 08:20:03 PM



Title: Deleting wallet software for more security?
Post by: Rezoyen on November 05, 2019, 08:20:03 PM
Hi, I'm using the blockstream green wallet on Android. I've written down my seed phrase and keep it safe and secure. Can I now uninstall/delete my green wallet app? to be less vulnerable to theft/hacking.

I can still receive but not spent this way right? Should I create a couple of addresses beforehand?

And if I want to spent/exchange, I just download green wallet app again and use the seed phrase to recover my wallet?

Can anyone confirm this is all correct?

Thank you


Title: Re: Deleting wallet software for more security?
Post by: harizen on November 05, 2019, 08:35:45 PM
Can I now uninstall/delete my green wallet app? to be less vulnerable to theft/hacking.

Not necessary but it's up to you. Kind of a hassle if you will install/uninstall it again for every session.

To lessen your worries if you decided not to uninstall the app, set up a security passcode. It should have that feature as it was common for any crypto wallet*. Then for additional security, set up an application lock which is a default feature of an Android phone nowadays.



I can still receive but not spent this way right? Should I create a couple of addresses beforehand

Make sure you have the correct address. Since you will uninstall the app, you don't have any references beforehand.



Honestly, I'm not aware of this wallet.

Are you really sure you want to use that one and not considering those recommended ones for Android e.g Mycelium (https://play.google.com/store/apps/details?id=com.mycelium.wallet&hl=en), Electrum for Android (https://play.google.com/store/apps/details?id=org.electrum.electrum) etc.


Title: Re: Deleting wallet software for more security?
Post by: peempeem on November 05, 2019, 08:41:36 PM
Yep, some people do this as a method of cold storage.


Title: Re: Deleting wallet software for more security?
Post by: o_e_l_e_o on November 05, 2019, 09:27:14 PM
-snip-
Yes, this is all correct. There are three particularly risky parts of your set up.

The first is as harizen points out - you will be unable to verify your receiving addresses. If you are subjected to clipboard or other malware, the addresses you saved to receive to may be edited at some point between storage and entering them to a website/handing them over to someone who wants to pay you. You have no reference point to double check they are correct. This could be mitigated by printing out your addresses and double checking them against your wallet prior to deleting it, and then using your print out as a reference for all future address use.

The second is you are relying entirely on your seed phrase to be able to access your coins. It would be good practice to back it up in at least two separate locations, in case one back up becomes damaged or irretrievable.

The third is entering your seed phrase to restore you wallet. Typing your seed phrase in to a phone or computer is inherently risky as you may have a keylogger or other malware which is recording your key presses. Unlikely sure, but possible. The only way to be 100% sure your seed phrase isn't been stolen is to never enter it in to an online device.

You also don't need to reinstall Green Wallet to restore from your seed phrase. Your seed phrase will be compatible with almost all good wallets, on phone or computer.



Honestly, I'm not aware of this wallet.
I've never used it, but Blockstream was founded by and employs people like Gregory Maxwell and Pieter Wuille. The wallet is open source and the github is available here: https://github.com/Blockstream/green_android. It's a perfectly safe wallet to be using.


Title: Re: Deleting wallet software for more security?
Post by: hatshepsut93 on November 05, 2019, 09:30:41 PM
You can instead just delete the wallet file, since that's the place where they keys are stored. Deleting and redownloading the software won't make you more secure, it might even add a small risk, because each time you download a wallet you might accidentally download a fake wallet.

The first is as harizen points out - you will be unable to verify your receiving addresses. If you are subjected to clipboard or other malware, the addresses you saved to receive to may be edited at some point between storage and entering them to a website/handing them over to someone who wants to pay you. You have no reference point to double check they are correct. This could be mitigated by printing out your addresses and double checking them against your wallet prior to deleting it, and then using your print out as a reference for all future address use.

Green wallet has a watch-only mode, which solves this problem.


Title: Re: Deleting wallet software for more security?
Post by: o_e_l_e_o on November 05, 2019, 09:38:25 PM
Deleting and redownloading the software won't make you more secure, it might even add a small risk, because each time you download a wallet you might accidentally download a fake wallet.
That's a good point about added risk, but it may make him more secure depending on what kind of threat he is trying to protect against. If he is worried about physical attacks on his person, then deleting the app might be safer. If someone was to forcibly take his phone and find a bitcoin wallet app, even one with no coins, they might be inclined to use physical force to get him to reveal the location of his seed phrase. Having no wallet app present may prevent this.

If you are very concerned regarding theft or hacking, then your best bet would be to either take the simple option of buying a hardware wallet, or the somewhat more complicated option of setting up a wallet on an airgapped (no internet connection) PC. Both of these would be much more secure than using a mobile wallet.


Title: Re: Deleting wallet software for more security?
Post by: Velkro on November 05, 2019, 09:39:33 PM
Hi, I'm using the blockstream green wallet on Android. I've written down my seed phrase and keep it safe and secure. Can I now uninstall/delete my green wallet app? to be less vulnerable to theft/hacking.

Yes. If you have written down seed you can always recover your wallet/addresses.
Deleting wallet software WILL grant you more security when you install malware app that scans any trace of bitcoin to hack it will find bitcoin wallet (target) or not. Its minor security, but always something.


Title: Re: Deleting wallet software for more security?
Post by: kooboat on November 05, 2019, 10:29:22 PM
Fortunately, hackers dont usually attack android applications with their malwares. You are just on the right track and don't forget to store your seed words or recovery phrase for your wallet very securely. This is very important since you cannot recover your wallet or funds without it.


Title: Re: Deleting wallet software for more security?
Post by: hello_good_sir on November 05, 2019, 10:48:26 PM
You'll need 2 things for the paper wallet you are talking about:

1. Addresses (I haven't used greenaddress in a couple of days, but I do believe it's possible to keep 1 address, and it won't delete it or do anything to it, but it'll still generate other addresses (which I would recommend you use so people can't spy on your transactions).

2. Seed/private key, to access to your wallet.

No point deleting, to be honest, you should be fine - but up to you.


Title: Re: Deleting wallet software for more security?
Post by: AverageGlabella on November 05, 2019, 11:33:09 PM
Generating a wallet on a android device is not safe to start with but I won't go into that as its up to you. As for your question deleting wallet software will not increase the security level of your device or wallet unless malicious software are specifically searching your phone for apps installed instead of the wallet extension file which in my opinion would not make sense. Most viruses will be searching for wallet.dat extensions and other similar file types.


Title: Re: Deleting wallet software for more security?
Post by: Kyraishi on November 06, 2019, 12:32:36 AM
Generating a wallet on a android device is not safe to start with but I won't go into that as its up to you.
Yep, this is a pretty big issue since your mobile phone is usually more connected to the internet to your other devices (laptop, desktop computer, eg). I'd recommend using GreenAddress online compared to just using your phone if you have a laptop/PC.

If you're so tight about security, wouldn't it just be smarter to get a ledger wallet? They are 100 percent safer then greenaddress, and the private keys would never enter your phone, and they added a ledger app for mobile a decent time ago.


Title: Re: Deleting wallet software for more security?
Post by: joinfree on November 06, 2019, 12:43:29 AM
Hi, I'm using the blockstream green wallet on Android. I've written down my seed phrase and keep it safe and secure. Can I now uninstall/delete my green wallet app? to be less vulnerable to theft/hacking.

I can still receive but not spent this way right? Should I create a couple of addresses beforehand?

And if I want to spent/exchange, I just download green wallet app again and use the seed phrase to recover my wallet?

Can anyone confirm this is all correct?

Thank you
That's all correct but it feels like a tiring task to me if you would have to install and uninstall every time you need to spend your cryptocurrencies. The best thing to do is to make sure you have saved those pass phrase somewhere no one else would have access to you except you. Also,  add extra security such as google authentication, sms notification per log ins, withdrawal etc. All these would help keep your wallet safe and no need to go through that stress all for the sake of safety reasons.


Title: Re: Deleting wallet software for more security?
Post by: pooya87 on November 06, 2019, 04:18:45 AM
Yep, some people do this as a method of cold storage.

unless the phone that was used to create this wallet has never been connected to ANY NETWORK and will never be connected to any network in the future, you can not consider this method a safe "cold storage" method. it would be like buying meat then leaving it outside under the sun for a couple of days and then refrigerate it thinking everything is fine now that you've frozen the meat!


Title: Re: Deleting wallet software for more security?
Post by: adaseb on November 06, 2019, 05:49:13 AM
Yep, some people do this as a method of cold storage.

unless the phone that was used to create this wallet has never been connected to ANY NETWORK and will never be connected to any network in the future, you can not consider this method a safe "cold storage" method. it would be like buying meat then leaving it outside under the sun for a couple of days and then refrigerate it thinking everything is fine now that you've frozen the meat!

Very strange analogy but I agree with your post.

In my opinion whether that phone is ever going to connect to a Wifi or cellular tower or not, cell phones are NEVER considered cold storage because they can easily transmit data.

Unlike a laptop that you can open up and take out the bluetooth and wifi adapter, you can't do this with a cell phone.

Androids are full of malware and who knows if his seed was leaked in some way. Even deleting the wallet might not remove all traces. The hacker might just wait for a deposit and then sweep all the funds.

My advice is to just get a hardware wallet or use Electrum in cold storage mode. Never a cell phone.


Title: Re: Deleting wallet software for more security?
Post by: Palider on November 06, 2019, 06:45:40 AM
This is a good idea especially if you do not need to use your crypto. But you must be sure that your seed pharase is secure so you have nothing to fear. And you should also make sure that your seed pharase is written on a piece of paper as there is a greater chance that it will be detected by the hacker if it is only hidden on your pc.

We know that an unexpected virus could infiltrate our pcs resulting in hackers stealing our private keys. So we should always be prepared for these events.


Title: Re: Deleting wallet software for more security?
Post by: joniboini on November 06, 2019, 06:48:18 AM
Androids are full of malware and who knows if his seed was leaked in some way. Even deleting the wallet might not remove all traces. The hacker might just wait for a deposit and then sweep all the funds.

He could flash his phone, insert an OTG with the wallet apps ready to be installed. Install the apps, generate new seeds, store it, and leave it. Uninstall the apps, reflash the phone and done. But this is inefficient and ineffective. Agree with the HW part, if the point is having a cold wallet, a phone is not the best choice.


Title: Re: Deleting wallet software for more security?
Post by: Kakmakr on November 06, 2019, 07:42:25 AM
Fortunately, hackers dont usually attack android applications with their malwares. You are just on the right track and don't forget to store your seed words or recovery phrase for your wallet very securely. This is very important since you cannot recover your wallet or funds without it.

You are wrong my friend. Around 2.5 billion devices around the world use the Google owned Android, which is the world's most popular operating system. One thing we know for sure, is that hackers and scammers are focusing their efforts on the most widely used operating systems now.

It looks like OP wants to use his phone as a cold storage and not as a wallet for frequent use, so I would rather suggest that he creates some paper wallets for the coins that he want to store in cold storage and that he only store a small amount of coins in his phone for daily use. <This way, he will not have to be that paranoid about the potential loss of coins>  ;D


Title: Re: Deleting wallet software for more security?
Post by: o_e_l_e_o on November 06, 2019, 12:57:30 PM
I'd recommend using GreenAddress online compared to just using your phone if you have a laptop/PC.
I agree software wallets in general aren't great, but in what way is using a web wallet going to be safer?

Also,  add extra security such as google authentication, sms notification per log ins, withdrawal etc.
SMS is a very poor 2FA method to choose, since text messages are sent unencrypted and can be intercepted, and SIM jacking is fairly easy to perform with a minimal amount of social engineering. You should be using a 2FA app as a minimum, and using something like AndOTP or Aegis instead of Google.

And you should also make sure that your seed pharase is written on a piece of paper as there is a greater chance that it will be detected by the hacker if it is only hidden on your pc.
Your seed phrase should never touch an internet capable device. You should not be saving it or entering it on any device for any reason except when it is your only option to recover your wallet. As soon as it has touched an internet capable device, you should consider it compromised.

cell phones are NEVER considered cold storage because they can easily transmit data.
Exactly. Even when phones are turned off, they can still be tracked (https://slate.com/technology/2013/07/nsa-can-reportedly-track-cellphones-even-when-they-re-turned-off.html) or even be used to spy on you. (https://www.cnet.com/news/fbi-taps-cell-phone-mic-as-eavesdropping-tool/) There's plenty of malware out there which can turn on your mobile data or WiFi without your knowledge, and there's even malware which can be distributed via SMS. Unless you have physically removed all the hardware allowing a device to transmit data, then it's not proper cold storage.


Title: Re: Deleting wallet software for more security?
Post by: adeandro on November 06, 2019, 02:12:18 PM
I don't think that it will provide you much security.


Title: Re: Deleting wallet software for more security?
Post by: BrewMaster on November 06, 2019, 02:15:27 PM
Androids are full of malware and who knows if his seed was leaked in some way. Even deleting the wallet might not remove all traces. The hacker might just wait for a deposit and then sweep all the funds.

He could flash his phone, insert an OTG with the wallet apps ready to be installed. Install the apps, generate new seeds, store it, and leave it. Uninstall the apps, reflash the phone and done. But this is inefficient and ineffective. Agree with the HW part, if the point is having a cold wallet, a phone is not the best choice.

the real question is why bother with this much workarounds just to increase the security of something that is inherently insecure by design. in other words unless OP doesn't own a PC or has no kind of access to one whatsoever, i don't see any reason to take the risks of creating a wallet with a phone for storage purposes.
HW wallets would also require a PC so if he has one then he should use that to create a cold storage.


Title: Re: Deleting wallet software for more security?
Post by: Lucius on November 06, 2019, 02:35:55 PM
I think the OP can be pretty safe if he does what he envisioned, under condition to not lost seed, and that his android device is patched with the latest security updates from Google. Just a few days ago I received around 800MB of updates for my android phone, which contained security patches and updates for September&October. It just shows how many security holes have been patched, and there are probably at least more than that which are unknown.

The key risk is in the restoring of wallets and chances of losing the seed, that's why we have hardware wallets where seed should be typed only on the device which completely eliminates any security risk.


Title: Re: Deleting wallet software for more security?
Post by: bounceback on November 07, 2019, 01:41:11 PM
Hi, I'm using the blockstream green wallet on Android. I've written down my seed phrase and keep it safe and secure. Can I now uninstall/delete my green wallet app? to be less vulnerable to theft/hacking.

I can still receive but not spent this way right? Should I create a couple of addresses beforehand?

And if I want to spent/exchange, I just download green wallet app again and use the seed phrase to recover my wallet?

Can anyone confirm this is all correct?

Thank you

what you are doing right now is all true and of course very useful for your own security. I think you are one of those people who always think about security even though it is a small thing unlike some people today that we see they don't care about their safety, they always underestimate the little things like that and you should always secure Google your Android account so that nothing enters your device.