9thsky (OP)
Member
Offline
Activity: 240
Merit: 54
|
|
August 22, 2020, 05:50:19 PM |
|
What security risks are involved when storing bitcoins in a an Android mobile app wallet, and how to minimize (or preferably eliminate) those risks when using one (such as Electrum)?
|
|
|
|
hugeblack
Legendary
Offline
Activity: 2660
Merit: 3918
|
|
August 22, 2020, 06:30:36 PM |
|
What security risks are involved when storing bitcoins in a an Android mobile app wallet, and how to minimize (or preferably eliminate) those risks when using one (such as Electrum)?
Your Android OS is considered safe if you know how to protect it from not installing unknown apps, reducing the phone's connection to the Internet, not downloading a lot of apps, physically saving the device from theft and things that cause it to stop. Electrum wallet is not the best for a mobile device and you should not assume that your coins is safe just because you use it. If you are looking for enhanced security, you should not use a hot wallet, but rather cold storage in hardware wallets or well Air gap devices.
|
|
|
|
The Sceptical Chymist
Legendary
Offline
Activity: 3486
Merit: 6975
Top Crypto Casino
|
|
August 22, 2020, 06:51:15 PM |
|
The biggest risk in my eyes is getting your phone stolen. Since that's always a possibility, I would protect whatever wallet you use with a solid password that won't allow access to your coins unless it's entered correctly. Some wallets use PINs, and I'm not sure how secure those are. Electrum wallet is not the best for a mobile device and you should not assume that your coins is safe just because you use it.
It's definitely got a decent reputation, and I think you could do a lot worse than Electrum for a mobile wallet. I've used it with no problems in the past, as well as Mycelium. There are so many available, and I haven't used most of them but the password security issue goes for any of them--and always back up your wallet with the seed phrase or whatever a given wallet gives you the option to do to back it up. If you are looking for enhanced security, you should not use a hot wallet, but rather cold storage in hardware wallets or well Air gap devices.
Well, I totally agree with that but OP asked specifically about mobile wallets, so I think he's looking to use one.
|
|
|
|
logfiles
Copper Member
Legendary
Offline
Activity: 2128
Merit: 1798
Top Crypto Casino
|
|
August 22, 2020, 09:58:43 PM Last edit: August 22, 2020, 11:22:46 PM by logfiles |
|
1. the most obvious one, It's very easy to lose a mobile device since you move with it everywhere.
Solutions - Always encrypt your device and all the wallets with very strong pins, passwords or Pass phrases - Always backup your private keys and seed phrases and keep the safely in a secret place
2. High chances of downloading malware especially if the device is used to access internet all the time. This problem is so common with android devices.
Solutions - Keep your device's OS always up to date in case of any exploits - Avoid downloading unnecessary apps which could contain malware. Always download only official apps - Avoid rooting the phone (common with Android OS)
|
|
|
|
pooya87
Legendary
Offline
Activity: 3598
Merit: 10929
|
|
August 23, 2020, 04:09:44 AM |
|
do you carry around all the physical cash you have in your pocket or purse every day? obviously no. you only carry around small amount of cash. that's the same with bitcoin, just because you can physically carry a million bitcoin in a phone wallet it doesn't mean you should. a phone wallet should be considered similar to a purse where you put cash in to carry around even if it has better security. on top of that it is digital and can be damaged. for example next time you connect your phone to a power outlet to be charged the storage may be damaged and your wallet be wiped.
in short unless you have absolutely no other options, you should not use a phone to store your bitcoins. instead use hardware wallets, paper wallets and other cold storage options.
|
|
|
|
ranochigo
Legendary
Offline
Activity: 3038
Merit: 4420
Crypto Swap Exchange
|
|
August 23, 2020, 04:19:20 AM |
|
What security risks are involved when storing bitcoins in a an Android mobile app wallet, and how to minimize (or preferably eliminate) those risks when using one (such as Electrum)?
The way Apple and Android designed it's OS makes one more secure over the other. Apple doesn't allow the user to do much with their devices which is a bane if you're looking for a more open software and a boon if you're looking for a device which is more secure. There's just one inherent risk that cannot be eliminated with mobile wallets; it's portability. There's no way you can prevent people from stealing or yourself from losing your phones if you're bringing it everywhere with you. It's more suitable as a hot wallet to put a small portion of your coins in for daily spending.
|
|
|
|
oleg8791
Newbie
Offline
Activity: 48
Merit: 0
|
|
August 23, 2020, 04:36:44 AM |
|
The most common risks except the risk of loosing your smartphone are phishing scams and ransomware. How can you enhance your security? 1. Regularly update the software and antivirus solution. 2. Use a reliable password manager 3. Download a VPN to ensure your anonymity online. 4. Use two wallets for cold and hot storage. I like Ledger and Ownr.
|
|
|
|
joniboini
Legendary
Offline
Activity: 2338
Merit: 1805
|
|
August 23, 2020, 07:03:53 AM |
|
3. Download a VPN to ensure your anonymity online.
Keep in mind that using a VPN or not does not mean improved security. It could even add additional risk of data stealing if you use a free one or even a paid one. Always input your seed/private key offline to avoid this.
|
| CHIPS.GG | | | ▄▄███████▄▄ ▄████▀▀▀▀▀▀▀████▄ ▄███▀░▄░▀▀▀▀▀░▄░▀███▄ ▄███░▄▀░░░░░░░░░▀▄░███▄ ▄███░▄░░░▄█████▄░░░▄░███▄ ███░▄▀░░░███████░░░▀▄░███ ███░█░░░▀▀▀▀▀░░░▀░░░█░███ ███░▀▄░▄▀░▄██▄▄░▀▄░▄▀░███ ▀███░▀░▀▄██▀░▀██▄▀░▀░███▀ ▀███░▀▄░░░░░░░░░▄▀░███▀ ▀███▄░▀░▄▄▄▄▄░▀░▄███▀ ▀████▄▄▄▄▄▄▄████▀ █████████████████████████ | | ▄▄███████▄▄ ▄███████████████▄ ▄█▀▀▀▄█████████▄▀▀▀█▄ ▄██████▀▄█▄▄▄█▄▀██████▄ ▄████████▄█████▄████████▄ ████████▄███████▄████████ ███████▄█████████▄███████ ███▄▄▀▀█▀▀█████▀▀█▀▀▄▄███ ▀█████████▀▀██▀█████████▀ ▀█████████████████████▀ ▀███████████████████▀ ▀████▄▄███▄▄████▀ ████████████████████████ | | 3000+ UNIQUE GAMES | | | 12+ CURRENCIES ACCEPTED | | | VIP REWARD PROGRAM | | ◥ | Play Now |
|
|
|
ranochigo
Legendary
Offline
Activity: 3038
Merit: 4420
Crypto Swap Exchange
|
|
August 23, 2020, 07:32:42 AM |
|
Keep in mind that using a VPN or not does not mean improved security. It could even add additional risk of data stealing if you use a free one or even a paid one. Always input your seed/private key offline to avoid this.
Your seeds or private keys shouldn't leave your device in the first place. Connecting to a VPN does help with the anonymity but the impact to the security should be managed fairly well. There's a risk of Sybil attack with SPV wallets but some wallets tries to mitigate this.
|
|
|
|
khaled0111
Legendary
Offline
Activity: 2674
Merit: 3020
Top Crypto Casino
|
|
August 23, 2020, 12:12:57 PM |
|
To mitigate the risks of getting your coins stolen when you lose your phone, you have to encrypt your important files or the whole disk. You can do this from the settings page or use a reliable encryption app. You must also activate the lock-screen feature and use a strong password or a complex pattern. To avoid drawing the attention of the thief, you can hide your app's icon. Again, you can use a reliable third party app for this or activate the private feature (something like that) from the settings page.
Always keep a back up of your wallet file/seed in a safe location and never keep more coins than you need in your mobile wallet.
|
|
|
|
tippytoes
|
|
August 23, 2020, 12:47:33 PM |
|
1. the most obvious one, It's very easy to lose a mobile device since you move with it everywhere.
Solutions - Always encrypt your device and all the wallets with very strong pins, passwords or Pass phrases - Always backup your private keys and seed phrases and keep the safely in a secret place
2. High chances of downloading malware especially if the device is used to access internet all the time. This problem is so common with android devices.
Solutions - Keep your device's OS always up to date in case of any exploits - Avoid downloading unnecessary apps which could contain malware. Always download only official apps - Avoid rooting the phone (common with Android OS)
I believe that's my main issue when it comes to using mobile wallets. Aside from being stolen, the case of getting it crushed or damaged is high. So if you want to use mobile wallets for convenience purposes, you really need to do the above solutions mentioned by logfiles. Because ask yourself, how many phones have passed on your hands? So the phone where you want to install your mobile wallet definitely will not be your last and forever one.
|
|
|
|
bob123
Legendary
Offline
Activity: 1624
Merit: 2481
|
|
August 23, 2020, 03:58:27 PM |
|
A huge risk is using outdated software. If you are that type of a person who doesn't update his windows 7 device, then be assured, your mobile is way more secure than your PC. However, if you are not that careless, you actually need to check what the latest patch for your device is. Older phones often do not get enough security patches past ~2 years of lifetime. This poses a risk. Besides that, the obvious things to consider are: - Do not use shady software with tons of permissions needed
- Use encryption + backup in case of loss or theft
- Keep your mobile up-to-date
- Only carry as much with you as you would carry cash in your wallet
|
|
|
|
TheUltraElite
Legendary
Offline
Activity: 3024
Merit: 1327
So anyway, I applied as a merit source :)
|
|
August 24, 2020, 08:06:48 AM |
|
What security risks are involved when storing bitcoins in a an Android mobile app wallet, and how to minimize (or preferably eliminate) those risks when using one (such as Electrum)?
You can minimise some risks but not eliminate all. Installing apps outside the official App stores is what many users do for several reasons. This carries a lot of risk which can be eliminated. Keep the Android version updated which also means buying the new phones since they are created to only last for an average of 2years after which the software support is stopped and you are forced to buy. Something similar to PC, don't download email attachment from unknown senders, they often contain malware or so. Also don't share your private keys with others. It is something that everyone should be knowing already but still we have some noobs.
|
| █▄ | R |
▀▀▀▀▀▀▀██████▄▄ ████████████████ ▀▀▀▀█████▀▀▀█████ ████████▌███▐████ ▄▄▄▄█████▄▄▄█████ ████████████████ ▄▄▄▄▄▄▄██████▀▀ | LLBIT | ▀█ | THE #1 SOLANA CASINO | ████████████▄ ▀▀██████▀▀███ ██▄▄▀▀▄▄█████ █████████████ █████████████ ███▀█████████ ▀▄▄██████████ █████████████ █████████████ █████████████ █████████████ █████████████ ████████████▀ | ████████████▄ ▀▀▀▀▀▀▀██████ █████████████ ▄████████████ ██▄██████████ ████▄████████ █████████████ █░▀▀█████████ ▀▀███████████ █████▄███████ ████▀▄▀██████ ▄▄▄▄▄▄▄██████ ████████████▀ | ........5,000+........ GAMES ......INSTANT...... WITHDRAWALS | ..........HUGE.......... REWARDS ............VIP............ PROGRAM | . PLAY NOW |
|
|
|
Lucius
Legendary
Offline
Activity: 3388
Merit: 6100
Crypto Swap Exchange🈺
|
|
August 24, 2020, 09:15:36 AM |
|
If someone wants maximum security when using mobile crypto wallets, in my opinion one of the safest options is that such wallets are used in combination with hardware wallets. Of course, this requires an additional cost in the form of buying an extra device - but it actually gives us a lot of security because private keys and all important operations take place outside the mobile device.
Although if the tips given by other members are applied, the mobile device can be a fairly secure way to store crypto - emphasizing that it shouldn't be large amounts, because despite all the security measures it really doesn't make sense for me to have thousands of dollars worth of BTC on mobile device.
|
|
|
|
Pmalek
Legendary
Offline
Activity: 2912
Merit: 7505
Playgram - The Telegram Casino
|
|
August 24, 2020, 09:33:50 AM |
|
3. Download a VPN to ensure your anonymity online. Depends on what kind of VPN you use. Have you heard of the Five Eyes or Nine Eyes? Those are " surveillance alliances" that collect data on their users with the help of their Internet Service Providers and VPNs. A VPN can be both a great way to hide your identity and a huge adversary of your privacy. Read about it here > https://restoreprivacy.com/5-eyes-9-eyes-14-eyes/
|
|
|
|
▄▄███████▄▄███████ ▄███████████████▄▄▄▄▄ ▄████████████████████▀░ ▄█████████████████████▄░ ▄█████████▀▀████████████▄ ██████████████▀▀█████████ █████████████████████████ ██████████████▄▄█████████ ▀█████████▄▄████████████▀ ▀█████████████████████▀░ ▀████████████████████▄░ ▀███████████████▀▀▀▀▀ ▀▀███████▀▀███████ | ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ Playgram.io ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | ▄▄▄░░ ▀▄ █ █ █ █ █ █ █ ▄▀ ▀▀▀░░
| │ | ▄▄▄███████▄▄▄ ▄▄███████████████▄▄ ▄███████████████████▄ ▄██████████████▀▀█████▄ ▄██████████▀▀███▄██▐████▄ ██████▀▀████▄▄▀▀█████████ ████▄▄███▄██▀█████▐██████ ██████████▀██████████████ ▀███████▌▐██▄████▐██████▀ ▀███████▄▄███▄████████▀ ▀███████████████████▀ ▀▀███████████████▀▀ ▀▀▀███████▀▀▀ | | │ | ██████▄▄███████▄▄████████ ███▄███████████████▄░░▀█▀ ███████████░█████████░░█ ░█████▀██▄▄░▄▄██▀█████░█ █████▄░▄███▄███▄░▄██████ ████████████████████████ ████████████████████████ ██░▄▄▄░██░▄▄▄░██░▄▄▄░███ ██░░░█░██░░░█░██░░░█░████ ██░░█░░██░░█░░██░░█░░████ ██▄▄▄▄▄██▄▄▄▄▄██▄▄▄▄▄████ ███████████████████████ ███████████████████████ | | │ | ► | |
|
|
|
bob123
Legendary
Offline
Activity: 1624
Merit: 2481
|
|
August 24, 2020, 09:49:36 AM |
|
A VPN can be both a great way to hide your identity and a huge adversary of your privacy.
Assuming that you rather trust the VPN provider with your data, than your ISP. In any other case, a VPN is not beneficial. This especially means that you shouldn't use a VPN to increase you privacy if you aren't in a developing country (or in the USA).
|
|
|
|
TheUltraElite
Legendary
Offline
Activity: 3024
Merit: 1327
So anyway, I applied as a merit source :)
|
@Pmalek
VPN does not change anything for in terms of what the OP asked. Some VPNs may promise a lot of privacy but rest assured one fine day the authorities may crack down on them and take their logs. It is like pool of sharks trying to induce more paranoia to the small Frys and then taking their money. Something similar to AV software and using linux on the same. One is enough in my opinion but there are other opinions too.
Like bob123 said, I am lucky enough to live somewhere where such surveillance is almost none. Thus I don't have to bother about VPN. However this does not change the fact that I have to be very secure about how I am storing my private keys and my coins.
|
| █▄ | R |
▀▀▀▀▀▀▀██████▄▄ ████████████████ ▀▀▀▀█████▀▀▀█████ ████████▌███▐████ ▄▄▄▄█████▄▄▄█████ ████████████████ ▄▄▄▄▄▄▄██████▀▀ | LLBIT | ▀█ | THE #1 SOLANA CASINO | ████████████▄ ▀▀██████▀▀███ ██▄▄▀▀▄▄█████ █████████████ █████████████ ███▀█████████ ▀▄▄██████████ █████████████ █████████████ █████████████ █████████████ █████████████ ████████████▀ | ████████████▄ ▀▀▀▀▀▀▀██████ █████████████ ▄████████████ ██▄██████████ ████▄████████ █████████████ █░▀▀█████████ ▀▀███████████ █████▄███████ ████▀▄▀██████ ▄▄▄▄▄▄▄██████ ████████████▀ | ........5,000+........ GAMES ......INSTANT...... WITHDRAWALS | ..........HUGE.......... REWARDS ............VIP............ PROGRAM | . PLAY NOW |
|
|
|
NotATether
Legendary
Offline
Activity: 1750
Merit: 7316
In memory of o_e_l_e_o
|
|
August 25, 2020, 10:51:30 PM |
|
At very least, you should avoid using biometric authentication since it's weak against physical attack.
No one here has mentioned setting a password or unlock pattern to unlock the phone. So even if the phone gets stolen the thief can't access anything inside because they don't know the pattern or password, and there are no brute forcers for phones to find the correct pattern/password because to get any malware on the phone in the first place, you have to trick the user to give some app more permissions, social engineering by making them click on an Approve button. So if a phone is stolen and it's not already infected then no thief can infect it with malware without knowing the pattern/password to use the phone, short of doing a factory reset which deletes your wallet and all your apps from the phone!
|
|
|
|
Lucius
Legendary
Offline
Activity: 3388
Merit: 6100
Crypto Swap Exchange🈺
|
|
August 27, 2020, 09:45:48 AM |
|
NotATether, Unfortunately, a lock screen is not an obstacle for someone who wants to bypass this protection, and there are several methods that can be used to bypass such protection. A fingerprint is also something that can be bypassed, so you should never rely on these methods in the sense that they are absolute protection. Some smartphone manufacturers even give advice on how to avoid fingerprint misuse, as there are cases where people have had their data stolen from their smartphones while they were sleeping or were unconscious (under the influence of alcohol or drugs). Setting a PIN is a much safer option in this case, but people mostly go for what's faster and easier - and unlocking a phone with a fingerprint is very popular today. You can read more at the following links : https://drfone.wondershare.com/unlock/bypass-android-lock-screen.htmlhttps://www.forbes.com/sites/daveywinder/2019/11/02/smartphone-security-alert-as-hackers-claim-any-fingerprint-lock-broken-in-20-minutes/I scanned the first link with VirusTotal and it does not show any threat, but I advise caution when downloading any file from that and any other site.
|
|
|
|
ethereumhunter
|
|
August 27, 2020, 12:00:12 PM |
|
What security risks are involved when storing bitcoins in a an Android mobile app wallet, and how to minimize (or preferably eliminate) those risks when using one (such as Electrum)?
The security risk if you store your asset in your android mobile app wallet is your phone can be stolen by someone who knows that you store your asset in that phone. Your phone can be lost in somewhere which you don't know. To minimize that, you should have one mobile phone which you don't carry anywhere you go. That phone will not connect to any telecommunication provider and only connect in your WIFI or the place that has a private internet connection. If you can do that, you don't have to worry about anything.
|
..Stake.com.. | | | ▄████████████████████████████████████▄ ██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄ ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████ ██ ██████████ ██ ██ ██████████ ██ ▀██▀ ██ ██ ██ ██████ ██ ██ ██ ██ ██ ██ ██████ ██ █████ ███ ██████ ██ ████▄ ██ ██ █████ ███ ████ ████ █████ ███ ████████ ██ ████ ████ ██████████ ████ ████ ████▀ ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██ ██ ▀▀▀▀▀▀▀▀▀▀ ██ ▀█████████▀ ▄████████████▄ ▀█████████▀ ▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄ ██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▀▄ █▀▀█▀▄▄ █ █▀█ █ ▐ ▐▌ █ ▄██▄ █ ▌ █ █ ▄██████▄ █ ▌ ▐▌ █ ██████████ █ ▐ █ █ ▐██████████▌ █ ▐ ▐▌ █ ▀▀██████▀▀ █ ▌ █ █ ▄▄▄██▄▄▄ █ ▌▐▌ █ █▐ █ █ █▐▐▌ █ █▐█ ▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄ ▄██▀▀▀▀█████▀▀▀▀██▄ ▄█▀ ▐█▌ ▀█▄ ██ ▐█▌ ██ ████▄ ▄█████▄ ▄████ ████████▄███████████▄████████ ███▀ █████████████ ▀███ ██ ███████████ ██ ▀█▄ █████████ ▄█▀ ▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀ ▀███████ ███████▀ ▀█████▄ ▄█████▀ ▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
|