BEWARE - Coinomi windows desktop wallet does not prevent unauthorized access

[logfiles]

When setting up my desktop wallet sometime back. I set up a password for the wallet to keep it from unauthorized access but to my surprise, whenever I open up the wallet even after restarting my computer. The wallet opens up straight away to my addresses without prompting for any password to decrypt it like most wallets do.

Someone can actually see all your balances and transaction history

NB: I haven't yet checked if one can send coins to another address without authorization too. Will update the thread with my findings.

[1714662419]

1714662419

[1714662419]

1714662419

[1714662419]

1714662419

[1714662419]

1714662419

[1714662419]

1714662419

[OmegaStarScream]

That's actually something that a lot of wallets do and from a user experience point of view, it makes sense. The password is only there to protect your funds from being stolen (whenever you're trying to send).

If you want to protect your balance and transaction history from being seen by anyone, then you can simply lock your PC (WINDOWS key+L).

[DaveF]

You cannot send without entering your password.
But, you can see how much is in the wallet (which is bad)
You can generate receiving addresses (bit of a privacy concern but nothing major)

With that being said a lot of wallets are the same way. Including core.

-Dave

[Pmalek]

You need to enter the password to send funds with Coinomi. It is the same thing with their Android version. I use it for some pocket money and you can open the wallet, view the entire history, previously used addresses, new receiving addresses but to send the money to another address you need your password. 

[o_e_l_e_o]

As pointed out above, this is not a bug. The password protection on this wallet is only for sending funds, not for viewing. If you want your wallet to be password protected just to open it, then you have a few options available to you.

On mobile, you can install the wallet in an encrypted/secure folder. Android has this functionality built in. iPhones require an additional paid app to do so. That way no one can open the wallet (or even see it exists) without first unlocking the encrypted folder.
On desktop, it depends entirely on your OS. There are various methods to password protect programs or password protect entire folders. You will need to search for an appropriate one for your OS. Alternatively (and better), use a program like Veracrypt to create an encrypted folder and install your wallet there.
Alternatively, switch to a different wallet which allows you to password protect view-only access. Electrum does this for bitcoin, but I can't help you with any of the altcoins.