Bitcoin Forum
October 18, 2018, 02:58:47 PM *
News: Make sure you are not using versions of Bitcoin Core other than 0.17.0 [Torrent], 0.16.3, 0.15.2, or 0.14.3. More info.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: how secure is my non-rooted android phone?  (Read 1559 times)
niko
Hero Member
*****
Offline Offline

Activity: 756
Merit: 500


There is more to Bitcoin than bitcoins.


View Profile
April 04, 2013, 06:35:46 PM
 #1

How likely are my coins to get stolen from the bitcoin spinner running on a non-rooted android phone? I am perfectly content with the security of my paper wallets, but am getting tired of printing, cutting, laminating with Al foil inserts, and redeeming private keys whenever I need to spend a portion of my savings. Bitcoin spinner is convenient, but how secure is it? Can you provide examples of any past exploits (wallet stealers) on Android devices?

They're there, in their room.
Your mining rig is on fire, yet you're very calm.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1539874727
Hero Member
*
Offline Offline

Posts: 1539874727

View Profile Personal Message (Offline)

Ignore
1539874727
Reply with quote  #2

1539874727
Report to moderator
1539874727
Hero Member
*
Offline Offline

Posts: 1539874727

View Profile Personal Message (Offline)

Ignore
1539874727
Reply with quote  #2

1539874727
Report to moderator
1539874727
Hero Member
*
Offline Offline

Posts: 1539874727

View Profile Personal Message (Offline)

Ignore
1539874727
Reply with quote  #2

1539874727
Report to moderator
Mike Hearn
Legendary
*
Offline Offline

Activity: 1526
Merit: 1006


View Profile
April 06, 2013, 01:16:15 PM
 #2

What model of phone do you have?

The Nexus phones are pretty secure and you probably don't need to worry about it. Samsung Galaxy phones have had a series of extremely bad security holes that it took them months to patch. So it can vary quite wildly.
RodeoX
Legendary
*
Offline Offline

Activity: 2772
Merit: 1066


The revolution will be monetized!


View Profile
April 06, 2013, 01:36:10 PM
 #3

There are other things that could mitigate or reduce risk.

  • You could only keep only a small amount accessible on your phone. Perhaps less than the value of the phone itself?
  • You could pay for VPN service. Last week I was in Oman and could connect to public wifi with confidence, knowing I had an encrypted and anonymized connection.
  • You could also ask your provider if they can further secure your phone. It may come at the cost of shutting off services, but maybe the phone can be hardened as a target.

The gospel according to Satoshi - https://bitcoin.org/bitcoin.pdf

Free bitcoin in AFRICA - https://bitcointalk.org/index.php?topic=2710325.msg27720734
niko
Hero Member
*****
Offline Offline

Activity: 756
Merit: 500


There is more to Bitcoin than bitcoins.


View Profile
April 06, 2013, 05:19:39 PM
 #4

What model of phone do you have?

The Nexus phones are pretty secure and you probably don't need to worry about it. Samsung Galaxy phones have had a series of extremely bad security holes that it took them months to patch. So it can vary quite wildly.

It's a samsung galaxy note, still on the Canadian Telus' ICS.

RodeoX: good suggestions, I'll check with the provider about hardening the device.

They're there, in their room.
Your mining rig is on fire, yet you're very calm.
Mike Hearn
Legendary
*
Offline Offline

Activity: 1526
Merit: 1006


View Profile
April 06, 2013, 07:39:14 PM
 #5

You should check the firmware release to see if it still has /dev/exynos-mem type holes. Otherwise we can't say for sure. I'd not trust any Samsung OS by this point, they have released serious mistakes too often and clearly have some systematic issue with making secure software. You could maybe reflash it to some other firmware, but that'd break your warrantee.
Teka
Hero Member
*****
Offline Offline

Activity: 840
Merit: 1000



View Profile
April 06, 2013, 07:41:31 PM
 #6

I have a nexus 7 (tablet) it's my wallet storage device and I've decided to encrypt it using the stock android encryption option. Does anyone now how secure the stock android encryption is?
MysteryMiner
Legendary
*
Offline Offline

Activity: 1022
Merit: 1000



View Profile
April 07, 2013, 10:36:51 PM
 #7

I would not consider mobile phone to be secure device at all. I don't know is there a government backdoor in it or not. Encrypting something that have totally closed and proprietary hardware in it makes no sense. Increases risk of data loss if password is forgotten or encryption or hardware malfunctions.

For small amounts it might be OK but don't expect security or privacy. PC FTW!

Do not trust commercial VPN to save You from oppressive government! Get VPN service offered by a real cyber-dissenter https://bitcointalk.org/index.php?topic=4426691.0

1PG5HMwN51j8xYHKVFv9h1Tw4Jzc3fWXw3
pekv2
Hero Member
*****
Offline Offline

Activity: 770
Merit: 502



View Profile
April 07, 2013, 11:25:22 PM
 #8

I think if you're on a linux system "which most droids,androids come with" and with android firewall with VPN, you're good to go. You can allow what comes in and what goes out with Android Firewall.

https://play.google.com/store/apps/details?id=com.jtschohl.androidfirewall#?t=W251bGwsMSwxLDIxMiwiY29tLmp0c2Nob2hsLmFuZHJvaWRmaXJld2FsbCJd

Always use a firewall. Wifi or Roaming.
MysteryMiner
Legendary
*
Offline Offline

Activity: 1022
Merit: 1000



View Profile
April 08, 2013, 01:18:29 AM
 #9

And what about how proprietary hardware does upon receiving something from air? I messed with phone repairs some time ago and I it never ended to surprise me how many things are wrongly done or are completely undocumented by manufacturer.

Do not trust commercial VPN to save You from oppressive government! Get VPN service offered by a real cyber-dissenter https://bitcointalk.org/index.php?topic=4426691.0

1PG5HMwN51j8xYHKVFv9h1Tw4Jzc3fWXw3
tiberiandusk
Hero Member
*****
Offline Offline

Activity: 576
Merit: 500


The North Remembers


View Profile WWW
April 08, 2013, 01:23:11 AM
 #10

Newer versions of android let you encrypt the entire phone. I just flashed my old Mesmerize to 4.2.2 and it has an encryption option. Other than that just make sure you use something like Lookout and don't install apps from strange sites or with crazy permission requests.

Bitcoin Auction House http://www.BitBid.net BTC - 1EwfBVC6BwA6YeqcYZmm3htwykK3MStW6N | LTC - LdBpJJHj4WSAsUqaTbwyJQFiG1tVjo4Uys Don't get Goxed.
Anon136
Legendary
*
Offline Offline

Activity: 1624
Merit: 1178



View Profile
April 08, 2013, 01:32:42 AM
 #11

I would not consider mobile phone to be secure device at all. I don't know is there a government backdoor in it or not. Encrypting something that have totally closed and proprietary hardware in it makes no sense. Increases risk of data loss if password is forgotten or encryption or hardware malfunctions.

For small amounts it might be OK but don't expect security or privacy. PC FTW!

the government isnt going to steal a couple of bitcoins from anyones phones.

Rep Thread: https://bitcointalk.org/index.php?topic=381041
If one can not confer upon another a right which he does not himself first possess, by what means does the state derive the right to engage in behaviors from which the public is prohibited?
niko
Hero Member
*****
Offline Offline

Activity: 756
Merit: 500


There is more to Bitcoin than bitcoins.


View Profile
April 08, 2013, 08:37:10 PM
 #12

I would not consider mobile phone to be secure device at all. I don't know is there a government backdoor in it or not. Encrypting something that have totally closed and proprietary hardware in it makes no sense. Increases risk of data loss if password is forgotten or encryption or hardware malfunctions.

For small amounts it might be OK but don't expect security or privacy. PC FTW!

I feel that the attack surface on a non-rooted android phone I use is much smaller than the attack surface on the PC I use.

Again, can someone point to documented cases of past wallet stealers on Android?  I've never seen one, and I've seen many on PCs.

They're there, in their room.
Your mining rig is on fire, yet you're very calm.
RodeoX
Legendary
*
Offline Offline

Activity: 2772
Merit: 1066


The revolution will be monetized!


View Profile
April 09, 2013, 01:26:14 PM
 #13

When they come out I'm getting one of these!

http://www.ubuntu.com/devices/phone

I think it could be secured very well, but I'm not positive about that. Hopefully these will be fully unlocked and configurable.

The gospel according to Satoshi - https://bitcoin.org/bitcoin.pdf

Free bitcoin in AFRICA - https://bitcointalk.org/index.php?topic=2710325.msg27720734
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!