Is Bitcoin wallet in your pocket safe?

[ShowOff]

Might as well set-up your mobile wallet as a hot wallet and leave the HW on your home for cold-storage.

I agree with this. While it's not prohibited to carry hardware in a pocket, I prefer to leave it at home safely and use a mobile wallet instead. Carrying it in pocket might be riskier if something happen that could damage the HW itself like an accident or something. But people have the right to decide what they want to do, they are responsible for the asset and wallet they own.

[Pmalek]

Younger generation prefer mobile computers in their pockets rather that desktops or laptops.

You should aim for more secure solutions, not those that are easier and more user friendly or what the younger generation prefers.

Anyway, my bitcoin in my pocket is safe and even if it is custodial and also local in my country.

Safe and custodial seldom go within the same sentence. You believe it is safe, but it is only as safe as the people you entrusted to protect it. You have given your Bitcoins to another party and if they decide that you can have it back, they will return it.

[NeuroticFish]

Never fear,  we, youngsters, are aware of  hardware wallets that can be connected to Android mobiles.

Perfect! I still find useful to say this whenever possible because many (especially youngsters, I think) may not use hardware wallets "because they're expensive" (and they actually are not).
And there was (is) no mention of the topic that on Android the use of HW is necessary (maybe it's not a bad idea to add it even now).

Android security is .. weak.

That's a bold statement.

One could argue that android is by far more secure than a windows computer.

Android uses the linux kernel and user roles as a security concept where the end-user doesn't have root privileges.
On windows, the user (and the malware he installs) can do anything.


I'd always choose an updated android device over an updated windows computer.

The comparison with Windows is accurate. However the statistics tell that overall you are wrong. You inserted an interesting keyword: "updated android". Well, this is the part with problems.
Most Android phones in use are outdated. Many of them badly.
Yes, the youngsters "get newest phones" ... in theory (not always happens either). I can't argue they may change them more often than I do. However, most don't change the phone every 8-12 months. And most manufacturers don't care to make updates to the older phones. Before 8-12 months one can say his Android is up to date. After that period he may be pretty much wrong. (I may not be very accurate on the time period, however I should not be too far either, and I think that I was clear.).

[soliton]

Might as well set-up your mobile wallet as a hot wallet and leave the HW on your home for cold-storage.

I agree with this. While it's not prohibited to carry hardware in a pocket, I prefer to leave it at home safely and use a mobile wallet instead. Carrying it in pocket might be riskier if something happen that could damage the HW itself like an accident or something. But people have the right to decide what they want to do, they are responsible for the asset and wallet they own.

Many people suggest that your hardware wallet should be hidden in your home and not carry it outdoors. I also suggest trying to keep it in safe or secret storage to avoid getting robbed and misplace it because when we used a hardware wallet, we store huge funds. Using a mobile wallet as a hot wallet is the only wallet that should only be used to carry outdoors because we mostly bring our mobile phones whenever we are going.

Stop spamming with the same kind  of messages saying what has been already said. The topic has been  created not for this.

P.S. Kong Hey Pakboy"s message was deleted due to the spam

[AakZaki]

That's a bold statement.

One could argue that android is by far more secure than a windows computer.

Android uses the linux kernel and user roles as a security concept where the end-user doesn't have root privileges.
On windows, the user (and the malware he installs) can do anything.

I'd always choose an updated android device over an updated windows computer.

Windows is the most vulnerable device when it is attacked by malware. Even when the antivirus used is not up to date it will be very dangerous. On average, users who lose their private keys and wallet passwords are Windows users who don't really care about security on their windows. all kinds of sites are visited and eventually end up on sites that contain lots of malware.

The bitcoin wallet on Android is also important to pay attention to its security by always filtering every application that will be installed and not giving full access rights to the installation of applications with unknown sources or other than Playstore.

[xenon131]

Those who use it say  Mycelium is a good Android wallet. The option  to connect a hardware wallet  to Mycelium makes it doubly attractive. Couple  years ago I have installed Paytomat to my mobile and carry it  with me. Installed it because Pesto cafe accepted cryptos via their Paytomat POS and I payed for their pizza over my wallet.    Proposed site after checking Paytomat manifested  "No source found". I don't care , because I try to keep  no more than 100 bucks on it.

[bob123]

I mean, what's the point of buying a HW if you bring it every time you go? Might as well set-up your mobile wallet as a hot wallet and leave the HW on your home for cold-storage.

The point would be that a hardware wallet is more secure than your always-online mobile.
Whether you carry it with you or not doesn't matter if you look at the attack surface with network access  (e.g. via the internet). Your mobile might be vulnerable to some specific attacks, your HW wallet shouldn't.

However, i agree with you that carrying a hardware wallet containing all of your balance with you (i.e. more than you would carry with you in cash) is kind of bad practice and shouldn't be done (e.g. because of the wrench attack).

[soliton]

There are a lot of experts/advisors  on different off-topics  here but not many who use Android wallets. I’d still like to listen to exactly those users for whom these wallets became  the integral part of their Bitcoin use.

P.S. The 2nd spamming post was deleted.

[giszmo]

Hi. Creator of WalletScrutiny here. Just found this thread and thought to comment on some doubts:

Not reproducible from source provided means that every time you compile the app's source code you get a different binary file.

No, not exactly. That would be "builds are not deterministic". WalletScrutiny is about the reproducibility of the binary provided by Google Play in this case. In many cases the build is perfectly deterministic but yields something other than what's on Google Play and in many cases the build fails completely. Both those cases are "not reproducible", too. Distinction is not really worth own categories as only reproducibility of the binary in question gives an assurance of the binary being compiled from the source provided.

Electrum app is not reproducible from source, indeed. This information was already mentioned on their github repo:

✗ This script does not produce reproducible output (yet!). Please help us remedy this.

... which doesn't change the problem of not even the team being able to check on their release manager. Do you think the release manager would refuse to release an evil update with a gun to his head? Or he might catch a backdoor? Or he might "catch a backdoor"? How much money is under that wallet's control?

I wouldn't trust that page if I were you since they can't differentiate fake electrum and the original.
Update: I have read the whole article and it looks like that the version written in the page was updated somehow but other links like readme.md aren't.
The date and version are still misleading.

Feel free to make a pull request to our public git repository. Working mostly alone on this, covering more than 200 apps, keeping it up to date with every new release of a reproducible wallet is kind of a challenge.

I doubt on reviews on that site. The Cryptowisser.com has its informative review page for wallets. Go ahead and check their reviews at:

82 wallets, many of which don't even support Bitcoin and none of the review goes much to explain how the result came to be. WalletScrutiny is about reproducibility and the provider's potential to pull an exit scam or actually lose all the funds of all the users at once.

There is a lot of information available in this forum about good Bitcoin wallets. Why do you need to go to other website?

I have been using Mycelium wallet for a long time now as my priority was to have a mobile based wallet and I have not faced any issue with it to date.

I'm incidentally also the release manager of Mycelium, so thank you for your trust. WalletScrutiny is my side project.

Please consider the incentives for long cons! Just because the wallet of your choice had no issues so far doesn't mean it will not lose yours and all the other users' funds in an instance at some point.

...
for storage and security purposes you want to use desktop versions not a mobile wallet.

Sadly, the very non-free systems Android and iPhone are actually quite secure by not giving the user root access and by sand-boxing apps. Android and iPhone were designed from the start to run hundreds of adversarial apps on the same system. A random Windows user should not use his desktop for Bitcoin but rather a modern mobile phone or better a hardware wallet.

Android specific wallets

Interesting list at first glance, but on a second thought, ... hmmm.
I mean that I would not keep more than 100$ worth of funds on any Android wallet, no matter how legit it is and how reproducible the build is; Android security is .. weak.

Weak compared to what exactly? Android has an excellent track record of keeping apps in their respective sandboxes. As the release manager of an Android Bitcoin wallet I am biased but also quite knowledgeable about the security aspects I would think. If you don't root your phone or at least don't grant root access to the wrong apps, your coins are certainly safer in an Android wallet than on your average Windows machine.

OK, a legit and maybe reproducible Android wallet is necessary, but not enough (imho).

I agree. To quote from our methodology page:

The classification “reproducible” unfortunately means very little. It means that at the random point in time that we decided to verify the code to match the app, the code actually did match the app. It does not mean that the next update will or that the prior one did and it does not mean that the reproducible code is not doing evil things.

In fact, we believe the most likely scenario for an exit scam is that the wallet would bait-and-switch. It would see to how many users it could grow the app or even buy out a successful wallet in financial trouble to then introduce a code to leak the backups.

The evil code would not be present until the app is losing users (or funds under management) for whatever other reason.

Any stamp of approval, any past security audit or build verification would be obsolete. Therefore we don’t see our mission as fulfilled when all wallets are reproducible. There is...

If one uses Android a lot for Bitcoin transfers, I'd say that a proper hardware wallet is a must. I think that this is actually one important use case for hardware wallets (and not holding, as many use them for).

HW wallets are a bit of a pain on the go but feasible. I'd still consider HW wallets primarily for hodling.

[pooya87]

...
for storage and security purposes you want to use desktop versions not a mobile wallet.

Sadly, the very non-free systems Android and iPhone are actually quite secure by not giving the user root access and by sand-boxing apps. Android and iPhone were designed from the start to run hundreds of adversarial apps on the same system. A random Windows user should not use his desktop for Bitcoin but rather a modern mobile phone or better a hardware wallet.

Keep in mind that security is not just about the OS but about the fact that you don't carry around your (desktop) PC in your pocket but you do carry around your phone. Storing and carrying a large amount of money in your pocket is never safe. It can be damaged or stolen from you very easily.
Not to mention that is nearly impossible to cut off your phone from connecting to the outside world. There is just too many ways it could make a connection (by design) while you can easily cut off your PC from the outside world.

And of course when I say "desktop" I don't mean the backdoored Windows OS.

[Oshosondy]

I agree with this. While it's not prohibited to carry hardware in a pocket, I prefer to leave it at home safely and use a mobile wallet instead. Carrying it in pocket might be riskier if something happen that could damage the HW itself like an accident or something. But people have the right to decide what they want to do, they are responsible for the asset and wallet they own.

One of the reasons hard wallet is said to be risky is because people carry it all about, there are many cases mobile phone owners lost their phones, the practice with hardware wallets because they are potable is not idea and can lead to the hardware wallet to be stolen or lost. Like you said, it is best to just leave it at home, in a place also very safe and not reachable to anyone like intruders.

Thanks, but we. youngsters, are aware that hardware wallets transfer nothing, they need software app connected  to do this. They also hold nothing except priv keys.

Not only private key, it stores all everything normal wallet had to store, including public keys and addresses.