How can we address wallet security on mobile devices?

[Cypherpunk38]

There's no doubt about it, people want to use Bitcoin on their mobile devices and, in such a connected world, there's no particular reason that mobile woudn't be the next frontier for Bitcoin. But mobile security is a pretty scary place.  So my question is pretty simple:

In your opinion, what is the safest way to run a Bitcoin wallet on a mobile device? I don't mean a watch-only wallet, I mean a fully functional wallet.  Let's assume for this discussion that "don't" and "convince the OS makers to make security better" aren't valid answers since those don't address the need right now.

[BitcoinNewsMagazine]

There's no doubt about it, people want to use Bitcoin on their mobile devices and, in such a connected world, there's no particular reason that mobile woudn't be the next frontier for Bitcoin. But mobile security is a pretty scary place.  So my question is pretty simple:

In your opinion, what is the safest way to run a Bitcoin wallet on a mobile device? I don't mean a watch-only wallet, I mean a fully functional wallet.  Let's assume for this discussion that "don't" and "convince the OS makers to make security better" aren't valid answers since those don't address the need right now.

Most folks are not concerned about security until they have a problem. The safest but still convenient way to use bitcoin on Android are Mycelium wallet using Trezor to hold your private keys. Yes, you have to sign each payment with the Trezor but it is not that much trouble.

[Cypherpunk38]

There's no doubt about it, people want to use Bitcoin on their mobile devices and, in such a connected world, there's no particular reason that mobile woudn't be the next frontier for Bitcoin. But mobile security is a pretty scary place.  So my question is pretty simple:

In your opinion, what is the safest way to run a Bitcoin wallet on a mobile device? I don't mean a watch-only wallet, I mean a fully functional wallet.  Let's assume for this discussion that "don't" and "convince the OS makers to make security better" aren't valid answers since those don't address the need right now.

Most folks are not concerned about security until they have a problem. The safest but still convenient way to use bitcoin on Android are Mycelium wallet using Trezor to hold your private keys. Yes, you have to sign each payment with the Trezor but it is not that much trouble.

I totally agree but this doesn't seem possible for the cheaper devices since some of them don't support USB2GO. For example, a friend of mine has a rooted Galaxy Tab 3 and, while the firmware supports USB2GO, the hardware apparantly doesn't. It's absolutely the most secure but is it really feasible to ask people to either buy fairly more expensive tablets plus a Trezor just to store some Bitcoin? I suppose the answer to that depends on how many Bitcoin we're talking about, but it just seems like a bit much.

[unamis76]

You can use iOS, as it is a walled garden, as people say, and it is secure enough for small quantities. You can also use an unrooted Android... same thing, secure enough for small quantities. One can also argue that a rooted Android and an advanced user is a secure combination (something more questionable).

I think current mobile OS's have enough security for mobile wallets. They're made to have just some change, after all. We can address problems by having penetration testing on software releases and continuous support/updates/teams making bug fixes... which we already have.

Don't forget most problems are between the keyboard and the chair, not the keyboard and the monitor

[Holliday]

Just use Mycelium and treat it like a traditional wallet (don't carry more than you can afford to lose). You can even carry additional funds in the form of a paper wallet that you can import while you are out.

Is phone security really that bad? (I've never had an issue.)

[Mickeyb]

Well mycelium works great in my opinion. Security wise it is pretty well designed in my opinion as well. I am personally using it with the Trezor and I am feeling pretty secure.

People that don't have Trezor I think can also feel secure. But that's my opinion! Everyone should judge in their opinion and use as they feel the safest.

[OROBTC]

...

I keep about BTC0.2 in my blockchain wallet on iPhone.  So far I have never "used" it (spent it), other than receiving some BTC from an ATM in NYC (tale told elsewhere), I have not been to any cafes where I could buy anything with BTC.

So, I sent the "more than I could afford" to other wallets and just keep the +/- $50 worth of BTC on my iPhone's wallet.

Almost all the larger balance is on Ledger Nano & Trezor.

[Cypherpunk38]

You can use iOS, as it is a walled garden, as people say, and it is secure enough for small quantities. You can also use an unrooted Android... same thing, secure enough for small quantities. One can also argue that a rooted Android and an advanced user is a secure combination (something more questionable).

I think current mobile OS's have enough security for mobile wallets. They're made to have just some change, after all. We can address problems by having penetration testing on software releases and continuous support/updates/teams making bug fixes... which we already have.

Don't forget most problems are between the keyboard and the chair, not the keyboard and the monitor

Good points. I guess the ultimate answer really is just don't store large amounts of money on your mobile for long periods of time. Plan your spending and only transfer the amounts you need right now to your mobile wallet. It makes sense plus it has the added benefit of teaching people to plan their purchasing.

[unamis76]

You can use iOS, as it is a walled garden, as people say, and it is secure enough for small quantities. You can also use an unrooted Android... same thing, secure enough for small quantities. One can also argue that a rooted Android and an advanced user is a secure combination (something more questionable).

I think current mobile OS's have enough security for mobile wallets. They're made to have just some change, after all. We can address problems by having penetration testing on software releases and continuous support/updates/teams making bug fixes... which we already have.

Don't forget most problems are between the keyboard and the chair, not the keyboard and the monitor

Good points. I guess the ultimate answer really is just don't store large amounts of money on your mobile for long periods of time. Plan your spending and only transfer the amounts you need right now to your mobile wallet. It makes sense plus it has the added benefit of teaching people to plan their purchasing.

Exactly! We will always have this issue, on any kind of software, even if it is proven to be really secure... It might not be. Or it might be, and we'll never really know it for sure

[bitbaby]

Just use Mycelium and treat it like a traditional wallet (don't carry more than you can afford to lose). You can even carry additional funds in the form of a paper wallet that you can import while you are out.

Is phone security really that bad? (I've never had an issue.)

This is the safest method and should be applied by everyone not only on their mobile device but to their hot wallet on their PC as well, keep small amount of money their for everyday needs and keep rest of them in a paper wallet and Mycelium is the only mobile wallet afaik which has the option to import private keys which makes it super safe imo.

[xhoneyael]

mobile is not secure..
what if your phone break what if app is fake..
there are many option to use .. but to make it sure use a lot of wallet and distribute your bitcoin

[LiteCoinGuy]

the danger is that some people might hold 10k in BTC on their stupid phone 

so we need some stuff like this i guess:

http://insidebitcoins.com/news/bitsim-turns-any-mobile-phone-into-a-bitcoin-wallet/32213