*warning* Two current security issues with mobile devices

[DooMAD]

Just to make everyone aware, there are a few security risks presently affecting mobile devices that require people to be vigilant.

Firstly, there are still fake, malicious wallets circulating on the App Store, always make sure you use download links from a reputable source.

Secondly, some wallets are automatically backing up private keys to the cloud.  Keys stored online are potentially a serious security risk.  Make sure your apps aren't doing this, or if they have, move your funds to new addresses immediately.

It's generally good practice to only keep small amounts on portable devices in the event of physical loss or theft anyway.  Larger sums should be locked away in cold storage, offline, somewhere secure.

[Coin-Keeper]

Those are good warnings.  I am very nervous about mobile "anything" for absolute security.  I know it isn't necessary, but I prefer to setup a Trezor on a laptop first.  Then you use it with a mobile (e.g. MyCelium), however the mobile software never sees the private keys so it couldn't put them in the cloud if it wanted to.  Frankly, I personally don't do this, but I helped setup this configuration for a buddy.  His transactions are very small but its simple and safe this way.

[onlinedragon]

Thanks for warning other people not that I hold any big amounts on mine phone. Anyway the malicious app is already removed from the AppStore can't find it anymore.

[smoothie]

Or just don't use mobile wallets entirely. Has worked for years so far with no problem and also utilizing cold storage.

[InvoKing]

Or just don't use mobile wallets entirely. Has worked for years so far with no problem and also utilizing cold storage.

just don't put too much moneh there and everything should be fine, mobile wallets are ez 2 use and available everywhere

[rizzlarolla]

Or just don't use mobile wallets entirely. Has worked for years so far with no problem and also utilizing cold storage.

just don't put too much moneh there and everything should be fine, mobile wallets are ez 2 use and available everywhere

Op said "Larger sums should be locked away in cold storage, offline, somewhere secure."

I don't use a mobile wallet. I barely use a mobile. But if I did, this post is clear info I would like to see.
Thanks OP.

[gentlemand]

I'm guilty of sometimes leaving respectable amounts on mobile devices. For some reason I don't think of them as anywhere near as howlingly insecure as a PC is, yet I'm sure there are plenty of issues that I'm blithely unaware of. Must use more paper.

[yayayo]

Nobody should keep bigger amounts of Bitcoin on devices connected to the Internet. This holds true for PC's but even more for mobile phones, since the wallet software available for these devices is less secure (i.e. not fully validating, new apps).

It should be best practice to store all funds that are not used for daily purchases entirely offline - for example by using paper wallets. Mobile Bitcoin wallets should be used like ordinary hard cash wallets: The amount stored in them should be so small that it can be afforded to be lost.

It's sad that many users are not paying enough attention to security when using Bitcoin. In contrast to money stored at banks, Bitcoins have no insurance against theft. So it's entirely up to the owner to ensure they are not stolen.

ya.ya.yo!

[The Sceptical Chymist]

I use mobile wallets exclusively.  I assume Mycelium is safe, right?  From all I've read about it here, it seems to be at least one of the preferred wallets. 

And how about the one by "Bitcoin Wallet developers" for Android.  That's one I saw on the app store, and it's one that comes up second when you search for "bitcoin wallet".

[gentlemand]

I use mobile wallets exclusively.  I assume Mycelium is safe, right?  From all I've read about it here, it seems to be at least one of the preferred wallets.  

And how about the one by "Bitcoin Wallet developers" for Android.  That's one I saw on the app store, and it's one that comes up second when you search for "bitcoin wallet".

I think the issue is with Android itself. No one ever seems to give its overall security any thought. They just assume it's fine and press on.

Considering how much lucrative info is on the average phone these days there are going to be ever more attempts to gain nefarious entry into it.

And in this particular case the second problem is a 'feature' of the OS and it's exposing your data to google. I can't imagine their security is anything other than exemplary but you never know.

[extrabyte]

...
Secondly, some wallets are automatically backing up private keys to the cloud.  Keys stored online are potentially a serious security risk.  Make sure your apps aren't doing this, or if they have, move your funds to new addresses immediately.

It's generally good practice to only keep small amounts on portable devices in the event of physical loss or theft anyway.  Larger sums should be locked away in cold storage, offline, somewhere secure.

I didn't know that the private keys are hosted on the cloud for the greenaddress app, I think it is dangerous if their cloud gets hacked so the hacker can spends our bitcoin without getting noticed. I prefer more to store small amounts on mobile if we travel or we need to, but the cold wallet should be offline.

[plpbtc1526]

This is alarming because i only mobile wallet application. But have not encounter some issues so far. Dont download wallet from not trusted sites or any refferal site. I suggest, you must go to website of the wallet you want to have and dowload it from their website so you are surely safe from fake applications

[Wind_FURY]

How do these malicious apps get included in the Apple app store? I thought they had higher quality control and that they are more strict in choosing which apps are accepted and which ones are rejected.

[shinratensei_]

Just to make everyone aware, there are a few security risks presently affecting mobile devices that require people to be vigilant.

Firstly, there are still fake, malicious wallets circulating on the App Store, always make sure you use download links from a reputable source.

Secondly, some wallets are automatically backing up private keys to the cloud.  Keys stored online are potentially a serious security risk.  Make sure your apps aren't doing this, or if they have, move your funds to new addresses immediately.

It's generally good practice to only keep small amounts on portable devices in the event of physical loss or theft anyway.  Larger sums should be locked away in cold storage, offline, somewhere secure.

Tha's good information and I very believe with that, because to this day I'm always found the fake apps are copying the original apps just to trap the users, maybe some people is not careful is they installing the apps and using that. especially for btc wallet apps and maybe that's looks like original apps.

[Chris!]

Lol well I have a blackberry so I'm not on the world's least secure device (apple) therefore this isn't a concern. Of course most people in the world use an android device and I'm using android ported apps so I guess the same applies. Don't store more than you are be willing to risk. I never keep more than 0.05BTC in mycelium. I thought that was a good solution for blockchain.info when I was a newbie, but somehow my 2FA was 'hacked' (rofl, clearly not. Thanks blockchain.info for the important lesson. Never trust those fools with my money).

[ethereumhunter]

in my android i only use mycelium, and don't know about the other wallet. i am really afraid about the other apps that i don't know and don't want to install it on my android. i hope that in android can be secure from malicious apps.

i remember when i was first time add 2FA on my PC, and suddenly in one day, i can not login into market exchanger account, and search how to solve this. from what i've read, better we install 2FA on our android, don't install it on the browser, especially chrome because in chrome, there are many add-on that we don't know is it safe to install or not. and after that, i change 2FA from browser into my androids, and i hope i don't have this experience again in future.

[Decoded]

That's why you use reputable wallets, like mycelium, breadwallet or greenbits. Those are the only three I trust. Anything else should be used with extreme caution.

[noictib]

i had never care about this these type of security but now after seeing your post now i realising that these security advice should noted . but one another thing in my mind that can any app is at playstore that can steal or disclose our privacy and can hack our system .

[Yakamoto]

I personally don't both using mobile wallets mostly for this reason; there simply isn't enough of a reliability or security that there is with most other wallets, desktop wallets especially, and most online wallets allow for you to log in through a mobile platform, and those maintain far better security standards than mobile wallets, so I'd rather use those instead to be honest.

[~Bitcoin~]

Thanks for very useful security tips. There are lots of security issue coming up regarding android apps as what apps do inside is quite unknown to normal users. I have blockchain.info wallet and electrum mobile wallet downloaded from official account in google playstore, hope those are fine and also i don't install other useless apps and games.