[WARNING]FAKE ELECTRUM WALLET

[ranochigo]

users can download the .apk file from the Electrum.org website just like they download the desktop binaries and verify the signature (not hash) of the file that is signed using the same PGP key in the same manner. the .apk file can then be transferred to their phone and installed by executing it manually instead of downloading and executing through google play store.
for example the latest version links for arm-64 architecture are:

Code:

https://download.electrum.org/4.0.5/Electrum-4.0.5.0-arm64-v8a-release.apk
https://download.electrum.org/4.0.5/Electrum-4.0.5.0-arm64-v8a-release.apk.asc

Ah I missed that. Problem with this is that Android usually strongly discourages sideloading apps instead of downloading them from the app store. The warning is probably enough to put off those that aren't very tech savvy.

I still don't think storing Bitcoins on a phone is safer than using the non-custodial wallets like CoinBase, etc for newbies at least.

[1714688385]

1714688385

[1714688385]

1714688385

[1714688385]

1714688385

[1714688385]

1714688385

[1714688385]

1714688385

[NeuroticFish]

I still don't think storing Bitcoins on a phone is safer than using the non-custodial wallets like CoinBase, etc for newbies at least.

I always advise hardware wallet when using Bitcoin with phone.
But afaik Electrum on Android still cannot handle hardware wallet, unfortunately.
Still, for small amounts, one can use it as it is, at least he can have better control over the tx fees, I guess.

[o_e_l_e_o]

Solely relying on the fact that a download is coming from a specific site, or that it has the Google Play store "tick", is simply not good enough. Sites can be hacked. Google accounts responsible for uploading updates can be hacked. The Google Play store does minimal due diligence and can assign the "tick" to the wrong app. If you download without verifying, regardless of where you download it from or who recommends it, then you are by definition trusting, and not verifying. As I said above, you should download the app from Electrum.org on your computer and verify it before transferring it to your phone.

I still don't think storing Bitcoins on a phone is safer than using the non-custodial wallets like CoinBase, etc for newbies at least.

Although I only store daily spending money which I can afford to lose in a mobile wallet, I would still say it is significantly safer and more secure than any third party custodial wallet.

[ranochigo]

Although I only store daily spending money which I can afford to lose in a mobile wallet, I would still say it is significantly safer and more secure than any third party custodial wallet.

Yeah, I was referring to newbies. I don't think it'd that easy to copy the entire CoinBase app and trick the user into using it as compared to just modifying the source code for Electrum and passing it off as something similiar on GPlay.

Of course non-custodials are more secure, that's a fact. But if there's a bunch of apps that closely resembles SPVs like Electrum, MyCelium etc, I imagine it could be confusing and difficult for newbies to navigate. If you want err on the side of caution and this becomes a bigger issue, then I think there's an argument to be made for custodial wallets in *certain* situations.

[o_e_l_e_o]

I don't think it'd that easy to copy the entire CoinBase app and trick the user into using it

They don't need to copy the whole app, though. All they need is a convincing looking log in screen and a back end to send whatever username and password is entered on that screen to the attacker, perhaps followed by a "Servers busy, try again later" warning to not make it immediately obvious that something is wrong. Even something a simple as that is more than capable of stealing log in details. You don't need to copy the whole wallet functions, trading functions, etc. You just need enough to convince people to try to log in.

But if there's a bunch of apps that closely resembles SPVs like Electrum, MyCelium etc, I imagine it could be confusing and difficult for newbies to navigate. If you want err on the side of caution and this becomes a bigger issue, then I think there's an argument to be made for custodial wallets in *certain* situations.

But similarly, there are a bunch of fake Coinbase apps, Binance apps, or apps for other custodial services. There are also a bunch of fake websites for all these services. And fake emails. And fake social media accounts. And so on. People will always be exposed to potential scams. Better in my opinion to use a wallet like Electrum where you can verify with certainty you are using the real one.