Bitcoin Forum
July 11, 2020, 01:58:39 AM *
News: Latest Bitcoin Core release: 0.20.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: how secure is my non-rooted android phone?  (Read 1588 times)
niko
Hero Member
*****
Offline Offline

Activity: 756
Merit: 500


There is more to Bitcoin than bitcoins.


View Profile
April 04, 2013, 06:35:46 PM
 #1

How likely are my coins to get stolen from the bitcoin spinner running on a non-rooted android phone? I am perfectly content with the security of my paper wallets, but am getting tired of printing, cutting, laminating with Al foil inserts, and redeeming private keys whenever I need to spend a portion of my savings. Bitcoin spinner is convenient, but how secure is it? Can you provide examples of any past exploits (wallet stealers) on Android devices?

They're there, in their room.
Your mining rig is on fire, yet you're very calm.
Best ratesfor crypto
EXCHANGE
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1594432719
Hero Member
*
Offline Offline

Posts: 1594432719

View Profile Personal Message (Offline)

Ignore
1594432719
Reply with quote  #2

1594432719
Report to moderator
Mike Hearn
Legendary
*
Offline Offline

Activity: 1526
Merit: 1008


View Profile
April 06, 2013, 01:16:15 PM
 #2

What model of phone do you have?

The Nexus phones are pretty secure and you probably don't need to worry about it. Samsung Galaxy phones have had a series of extremely bad security holes that it took them months to patch. So it can vary quite wildly.
RodeoX
Legendary
*
Offline Offline

Activity: 3066
Merit: 1143


The revolution will be monetized!


View Profile
April 06, 2013, 01:36:10 PM
 #3

There are other things that could mitigate or reduce risk.

  • You could only keep only a small amount accessible on your phone. Perhaps less than the value of the phone itself?
  • You could pay for VPN service. Last week I was in Oman and could connect to public wifi with confidence, knowing I had an encrypted and anonymized connection.
  • You could also ask your provider if they can further secure your phone. It may come at the cost of shutting off services, but maybe the phone can be hardened as a target.

The gospel according to Satoshi - https://bitcoin.org/bitcoin.pdf
Free bitcoin in ? - Stay tuned for this years Bitcoin hunt!
niko
Hero Member
*****
Offline Offline

Activity: 756
Merit: 500


There is more to Bitcoin than bitcoins.


View Profile
April 06, 2013, 05:19:39 PM
 #4

What model of phone do you have?

The Nexus phones are pretty secure and you probably don't need to worry about it. Samsung Galaxy phones have had a series of extremely bad security holes that it took them months to patch. So it can vary quite wildly.

It's a samsung galaxy note, still on the Canadian Telus' ICS.

RodeoX: good suggestions, I'll check with the provider about hardening the device.

They're there, in their room.
Your mining rig is on fire, yet you're very calm.
Mike Hearn
Legendary
*
Offline Offline

Activity: 1526
Merit: 1008


View Profile
April 06, 2013, 07:39:14 PM
 #5

You should check the firmware release to see if it still has /dev/exynos-mem type holes. Otherwise we can't say for sure. I'd not trust any Samsung OS by this point, they have released serious mistakes too often and clearly have some systematic issue with making secure software. You could maybe reflash it to some other firmware, but that'd break your warrantee.
Teka
Hero Member
*****
Offline Offline

Activity: 840
Merit: 1000



View Profile
April 06, 2013, 07:41:31 PM
 #6

I have a nexus 7 (tablet) it's my wallet storage device and I've decided to encrypt it using the stock android encryption option. Does anyone now how secure the stock android encryption is?
MysteryMiner
Legendary
*
Offline Offline

Activity: 1372
Merit: 1021


Show middle finger to system and then destroy it!


View Profile
April 07, 2013, 10:36:51 PM
 #7

I would not consider mobile phone to be secure device at all. I don't know is there a government backdoor in it or not. Encrypting something that have totally closed and proprietary hardware in it makes no sense. Increases risk of data loss if password is forgotten or encryption or hardware malfunctions.

For small amounts it might be OK but don't expect security or privacy. PC FTW!

bc1q59y5jp2rrwgxuekc8kjk6s8k2es73uawprre4j
pekv2
Hero Member
*****
Offline Offline

Activity: 770
Merit: 502



View Profile
April 07, 2013, 11:25:22 PM
 #8

I think if you're on a linux system "which most droids,androids come with" and with android firewall with VPN, you're good to go. You can allow what comes in and what goes out with Android Firewall.

https://play.google.com/store/apps/details?id=com.jtschohl.androidfirewall#?t=W251bGwsMSwxLDIxMiwiY29tLmp0c2Nob2hsLmFuZHJvaWRmaXJld2FsbCJd

Always use a firewall. Wifi or Roaming.
MysteryMiner
Legendary
*
Offline Offline

Activity: 1372
Merit: 1021


Show middle finger to system and then destroy it!


View Profile
April 08, 2013, 01:18:29 AM
 #9

And what about how proprietary hardware does upon receiving something from air? I messed with phone repairs some time ago and I it never ended to surprise me how many things are wrongly done or are completely undocumented by manufacturer.

bc1q59y5jp2rrwgxuekc8kjk6s8k2es73uawprre4j
tiberiandusk
Hero Member
*****
Offline Offline

Activity: 575
Merit: 500


The North Remembers


View Profile WWW
April 08, 2013, 01:23:11 AM
 #10

Newer versions of android let you encrypt the entire phone. I just flashed my old Mesmerize to 4.2.2 and it has an encryption option. Other than that just make sure you use something like Lookout and don't install apps from strange sites or with crazy permission requests.

Bitcoin Auction House http://www.BitBid.net BTC - 1EwfBVC6BwA6YeqcYZmm3htwykK3MStW6N | LTC - LdBpJJHj4WSAsUqaTbwyJQFiG1tVjo4Uys Don't get Goxed.
Anon136
Legendary
*
Offline Offline

Activity: 1666
Merit: 1211



View Profile
April 08, 2013, 01:32:42 AM
 #11

I would not consider mobile phone to be secure device at all. I don't know is there a government backdoor in it or not. Encrypting something that have totally closed and proprietary hardware in it makes no sense. Increases risk of data loss if password is forgotten or encryption or hardware malfunctions.

For small amounts it might be OK but don't expect security or privacy. PC FTW!

the government isnt going to steal a couple of bitcoins from anyones phones.

Rep Thread: https://bitcointalk.org/index.php?topic=381041
If one can not confer upon another a right which he does not himself first possess, by what means does the state derive the right to engage in behaviors from which the public is prohibited?
niko
Hero Member
*****
Offline Offline

Activity: 756
Merit: 500


There is more to Bitcoin than bitcoins.


View Profile
April 08, 2013, 08:37:10 PM
 #12

I would not consider mobile phone to be secure device at all. I don't know is there a government backdoor in it or not. Encrypting something that have totally closed and proprietary hardware in it makes no sense. Increases risk of data loss if password is forgotten or encryption or hardware malfunctions.

For small amounts it might be OK but don't expect security or privacy. PC FTW!

I feel that the attack surface on a non-rooted android phone I use is much smaller than the attack surface on the PC I use.

Again, can someone point to documented cases of past wallet stealers on Android?  I've never seen one, and I've seen many on PCs.

They're there, in their room.
Your mining rig is on fire, yet you're very calm.
RodeoX
Legendary
*
Offline Offline

Activity: 3066
Merit: 1143


The revolution will be monetized!


View Profile
April 09, 2013, 01:26:14 PM
 #13

When they come out I'm getting one of these!

http://www.ubuntu.com/devices/phone

I think it could be secured very well, but I'm not positive about that. Hopefully these will be fully unlocked and configurable.

The gospel according to Satoshi - https://bitcoin.org/bitcoin.pdf
Free bitcoin in ? - Stay tuned for this years Bitcoin hunt!
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!