Deleting wallet software for more security?

[Rezoyen]

Hi, I'm using the blockstream green wallet on Android. I've written down my seed phrase and keep it safe and secure. Can I now uninstall/delete my green wallet app? to be less vulnerable to theft/hacking.

I can still receive but not spent this way right? Should I create a couple of addresses beforehand?

And if I want to spent/exchange, I just download green wallet app again and use the seed phrase to recover my wallet?

Can anyone confirm this is all correct?

Thank youusps tracking showbox speed test

[1714979432]

1714979432

[1714979432]

1714979432

[1714979432]

1714979432

[harizen]

Can I now uninstall/delete my green wallet app? to be less vulnerable to theft/hacking.

Not necessary but it's up to you. Kind of a hassle if you will install/uninstall it again for every session.

To lessen your worries if you decided not to uninstall the app, set up a security passcode. It should have that feature as it was common for any crypto wallet*. Then for additional security, set up an application lock which is a default feature of an Android phone nowadays.

I can still receive but not spent this way right? Should I create a couple of addresses beforehand

Make sure you have the correct address. Since you will uninstall the app, you don't have any references beforehand.


Honestly, I'm not aware of this wallet.

Are you really sure you want to use that one and not considering those recommended ones for Android e.g Mycelium, Electrum for Android etc.

[peempeem]

Yep, some people do this as a method of cold storage.

[o_e_l_e_o]

-snip-

Yes, this is all correct. There are three particularly risky parts of your set up.

The first is as harizen points out - you will be unable to verify your receiving addresses. If you are subjected to clipboard or other malware, the addresses you saved to receive to may be edited at some point between storage and entering them to a website/handing them over to someone who wants to pay you. You have no reference point to double check they are correct. This could be mitigated by printing out your addresses and double checking them against your wallet prior to deleting it, and then using your print out as a reference for all future address use.

The second is you are relying entirely on your seed phrase to be able to access your coins. It would be good practice to back it up in at least two separate locations, in case one back up becomes damaged or irretrievable.

The third is entering your seed phrase to restore you wallet. Typing your seed phrase in to a phone or computer is inherently risky as you may have a keylogger or other malware which is recording your key presses. Unlikely sure, but possible. The only way to be 100% sure your seed phrase isn't been stolen is to never enter it in to an online device.

You also don't need to reinstall Green Wallet to restore from your seed phrase. Your seed phrase will be compatible with almost all good wallets, on phone or computer.

Honestly, I'm not aware of this wallet.

I've never used it, but Blockstream was founded by and employs people like Gregory Maxwell and Pieter Wuille. The wallet is open source and the github is available here: https://github.com/Blockstream/green_android. It's a perfectly safe wallet to be using.

[hatshepsut93]

You can instead just delete the wallet file, since that's the place where they keys are stored. Deleting and redownloading the software won't make you more secure, it might even add a small risk, because each time you download a wallet you might accidentally download a fake wallet.

The first is as harizen points out - you will be unable to verify your receiving addresses. If you are subjected to clipboard or other malware, the addresses you saved to receive to may be edited at some point between storage and entering them to a website/handing them over to someone who wants to pay you. You have no reference point to double check they are correct. This could be mitigated by printing out your addresses and double checking them against your wallet prior to deleting it, and then using your print out as a reference for all future address use.

Green wallet has a watch-only mode, which solves this problem.

[o_e_l_e_o]

Deleting and redownloading the software won't make you more secure, it might even add a small risk, because each time you download a wallet you might accidentally download a fake wallet.

That's a good point about added risk, but it may make him more secure depending on what kind of threat he is trying to protect against. If he is worried about physical attacks on his person, then deleting the app might be safer. If someone was to forcibly take his phone and find a bitcoin wallet app, even one with no coins, they might be inclined to use physical force to get him to reveal the location of his seed phrase. Having no wallet app present may prevent this.

If you are very concerned regarding theft or hacking, then your best bet would be to either take the simple option of buying a hardware wallet, or the somewhat more complicated option of setting up a wallet on an airgapped (no internet connection) PC. Both of these would be much more secure than using a mobile wallet.

[Velkro]

Hi, I'm using the blockstream green wallet on Android. I've written down my seed phrase and keep it safe and secure. Can I now uninstall/delete my green wallet app? to be less vulnerable to theft/hacking.

Yes. If you have written down seed you can always recover your wallet/addresses.
Deleting wallet software WILL grant you more security when you install malware app that scans any trace of bitcoin to hack it will find bitcoin wallet (target) or not. Its minor security, but always something.

[kooboat]

Fortunately, hackers dont usually attack android applications with their malwares. You are just on the right track and don't forget to store your seed words or recovery phrase for your wallet very securely. This is very important since you cannot recover your wallet or funds without it.

[hello_good_sir]

You'll need 2 things for the paper wallet you are talking about:

1. Addresses (I haven't used greenaddress in a couple of days, but I do believe it's possible to keep 1 address, and it won't delete it or do anything to it, but it'll still generate other addresses (which I would recommend you use so people can't spy on your transactions).

2. Seed/private key, to access to your wallet.

No point deleting, to be honest, you should be fine - but up to you.

[AverageGlabella]

Generating a wallet on a android device is not safe to start with but I won't go into that as its up to you. As for your question deleting wallet software will not increase the security level of your device or wallet unless malicious software are specifically searching your phone for apps installed instead of the wallet extension file which in my opinion would not make sense. Most viruses will be searching for wallet.dat extensions and other similar file types.

[Kyraishi]

Generating a wallet on a android device is not safe to start with but I won't go into that as its up to you.

Yep, this is a pretty big issue since your mobile phone is usually more connected to the internet to your other devices (laptop, desktop computer, eg). I'd recommend using GreenAddress online compared to just using your phone if you have a laptop/PC.

If you're so tight about security, wouldn't it just be smarter to get a ledger wallet? They are 100 percent safer then greenaddress, and the private keys would never enter your phone, and they added a ledger app for mobile a decent time ago.

[joinfree]

Hi, I'm using the blockstream green wallet on Android. I've written down my seed phrase and keep it safe and secure. Can I now uninstall/delete my green wallet app? to be less vulnerable to theft/hacking.

I can still receive but not spent this way right? Should I create a couple of addresses beforehand?

And if I want to spent/exchange, I just download green wallet app again and use the seed phrase to recover my wallet?

Can anyone confirm this is all correct?

Thank you

That's all correct but it feels like a tiring task to me if you would have to install and uninstall every time you need to spend your cryptocurrencies. The best thing to do is to make sure you have saved those pass phrase somewhere no one else would have access to you except you. Also,  add extra security such as google authentication, sms notification per log ins, withdrawal etc. All these would help keep your wallet safe and no need to go through that stress all for the sake of safety reasons.

[pooya87]

Yep, some people do this as a method of cold storage.

unless the phone that was used to create this wallet has never been connected to ANY NETWORK and will never be connected to any network in the future, you can not consider this method a safe "cold storage" method. it would be like buying meat then leaving it outside under the sun for a couple of days and then refrigerate it thinking everything is fine now that you've frozen the meat!

[adaseb]

Yep, some people do this as a method of cold storage.

unless the phone that was used to create this wallet has never been connected to ANY NETWORK and will never be connected to any network in the future, you can not consider this method a safe "cold storage" method. it would be like buying meat then leaving it outside under the sun for a couple of days and then refrigerate it thinking everything is fine now that you've frozen the meat!

Very strange analogy but I agree with your post.

In my opinion whether that phone is ever going to connect to a Wifi or cellular tower or not, cell phones are NEVER considered cold storage because they can easily transmit data.

Unlike a laptop that you can open up and take out the bluetooth and wifi adapter, you can't do this with a cell phone.

Androids are full of malware and who knows if his seed was leaked in some way. Even deleting the wallet might not remove all traces. The hacker might just wait for a deposit and then sweep all the funds.

My advice is to just get a hardware wallet or use Electrum in cold storage mode. Never a cell phone.

[Palider]

This is a good idea especially if you do not need to use your crypto. But you must be sure that your seed pharase is secure so you have nothing to fear. And you should also make sure that your seed pharase is written on a piece of paper as there is a greater chance that it will be detected by the hacker if it is only hidden on your pc.

We know that an unexpected virus could infiltrate our pcs resulting in hackers stealing our private keys. So we should always be prepared for these events.

[joniboini]

Androids are full of malware and who knows if his seed was leaked in some way. Even deleting the wallet might not remove all traces. The hacker might just wait for a deposit and then sweep all the funds.

He could flash his phone, insert an OTG with the wallet apps ready to be installed. Install the apps, generate new seeds, store it, and leave it. Uninstall the apps, reflash the phone and done. But this is inefficient and ineffective. Agree with the HW part, if the point is having a cold wallet, a phone is not the best choice.

[Kakmakr]

Fortunately, hackers dont usually attack android applications with their malwares. You are just on the right track and don't forget to store your seed words or recovery phrase for your wallet very securely. This is very important since you cannot recover your wallet or funds without it.

You are wrong my friend. Around 2.5 billion devices around the world use the Google owned Android, which is the world's most popular operating system. One thing we know for sure, is that hackers and scammers are focusing their efforts on the most widely used operating systems now.

It looks like OP wants to use his phone as a cold storage and not as a wallet for frequent use, so I would rather suggest that he creates some paper wallets for the coins that he want to store in cold storage and that he only store a small amount of coins in his phone for daily use. <This way, he will not have to be that paranoid about the potential loss of coins> 

[o_e_l_e_o]

I'd recommend using GreenAddress online compared to just using your phone if you have a laptop/PC.

I agree software wallets in general aren't great, but in what way is using a web wallet going to be safer?

Also,  add extra security such as google authentication, sms notification per log ins, withdrawal etc.

SMS is a very poor 2FA method to choose, since text messages are sent unencrypted and can be intercepted, and SIM jacking is fairly easy to perform with a minimal amount of social engineering. You should be using a 2FA app as a minimum, and using something like AndOTP or Aegis instead of Google.

And you should also make sure that your seed pharase is written on a piece of paper as there is a greater chance that it will be detected by the hacker if it is only hidden on your pc.

Your seed phrase should never touch an internet capable device. You should not be saving it or entering it on any device for any reason except when it is your only option to recover your wallet. As soon as it has touched an internet capable device, you should consider it compromised.

cell phones are NEVER considered cold storage because they can easily transmit data.

Exactly. Even when phones are turned off, they can still be tracked or even be used to spy on you. There's plenty of malware out there which can turn on your mobile data or WiFi without your knowledge, and there's even malware which can be distributed via SMS. Unless you have physically removed all the hardware allowing a device to transmit data, then it's not proper cold storage.

[adeandro]

I don't think that it will provide you much security.

[BrewMaster]

Androids are full of malware and who knows if his seed was leaked in some way. Even deleting the wallet might not remove all traces. The hacker might just wait for a deposit and then sweep all the funds.

He could flash his phone, insert an OTG with the wallet apps ready to be installed. Install the apps, generate new seeds, store it, and leave it. Uninstall the apps, reflash the phone and done. But this is inefficient and ineffective. Agree with the HW part, if the point is having a cold wallet, a phone is not the best choice.

the real question is why bother with this much workarounds just to increase the security of something that is inherently insecure by design. in other words unless OP doesn't own a PC or has no kind of access to one whatsoever, i don't see any reason to take the risks of creating a wallet with a phone for storage purposes.
HW wallets would also require a PC so if he has one then he should use that to create a cold storage.