Bitcoin wallet on phones

[pawanjain]

I have been using bitcoin wallet on my phone for a long time so I think I can answer this question better. The thing is that it all depends on how good you are at phones.
You can very well use a good non-custodial wallet on your phone like Mycelium or Electrum. They have app password protection in addition to the security lock on the phone.
So a random user won't be able to access your wallet just like that unless he has access to your phone and knows how to penetrate through it (in most cases he should be a hacker).
Also, your phone should not be infected with a malware or a virus or a keylogger because those things can easily steal your funds from your wallet.
To avoid this you can keep a separate phone which has only the bitcoin wallet on the phone or you shouldn't download anything else on the phone from external sources which potential contains a virus.
The last thing is that if someone steals your phone then you need to remotely reset your phone and you must have that option enabled to be on the safer side.
Backup of the bitcoin wallet on your phone is mandatory and try to store the seed phrase on a piece of paper or somewhere very secure.
This way you can lower your risks and keep using the bitcoin wallet. So far these have been working for me well.

[1714895793]

1714895793

[1714895793]

1714895793

[1714895793]

1714895793

[1714895793]

1714895793

[Pmalek]

Many refer to Bitcoin as digital gold. If that is the case, start treating it as such. If you had a gold bar, or 100 gold coins, would you carry them with you everywhere you go? Why do you do that with your Bitcoin? If you have $5.000 somewhere in your home, do you stuff it all in your pockets every time you leave your house? Then why would you do that with crypto?

It's dangerous to store your private keys/seeds on devices you use for everyday tasks. It doesn't matter if we are talking about computers or mobile phones. Those two worlds should be as separate as possible. If you don't want to use airgapped computers or paper wallets, at least get a good hardware wallet. With everything else, you are just using something with an increased possibility of things going wrong.

If you can afford those brand-new sneakers, going out drinking and partying with your friends, and buying a new iPhone every time a new model comes out, you can afford a hardware wallet as well. No excuses. If you can't, I am sorry. I hope one day things will be better for you.

[o_e_l_e_o]

Also, your phone should not be infected with a malware or a virus or a keylogger because those things can easily steal your funds from your wallet.

The problem here is just how much junk people download on to their phones.

As a small experiment, I would suggest everyone takes out their phone right now and go to the "permissions" section of their settings. It's usually under Settings -> Apps or Settings -> Privacy. Just look at how many apps have access to your keyboard, your storage, your screen, your camera, your location, etc. Maybe you've downloaded and verified a reputable open source wallet like Electrum. Good start. Are all your other apps open source and verified as well? Didn't think so.

Maybe you don't have any malware on your phone, but do you completely trust every other app you have on your phone. Even huge apps like TikTok have been found to be spying on users, snooping on their clipboard, etc. If an app which has been download 2.6 billion times can hide spyware in it without people realizing (or caring), then so can any app, from a game to custom themes to an alarm clock.

It's the same as when people start installing a bunch of extensions to their browser. Every additional app/extension/piece of software is a new risk.

[pawanjain]

Also, your phone should not be infected with a malware or a virus or a keylogger because those things can easily steal your funds from your wallet.

The problem here is just how much junk people download on to their phones.

As a small experiment, I would suggest everyone takes out their phone right now and go to the "permissions" section of their settings. It's usually under Settings -> Apps or Settings -> Privacy. Just look at how many apps have access to your keyboard, your storage, your screen, your camera, your location, etc. Maybe you've downloaded and verified a reputable open source wallet like Electrum. Good start. Are all your other apps open source and verified as well? Didn't think so.

Maybe you don't have any malware on your phone, but do you completely trust every other app you have on your phone. Even huge apps like TikTok have been found to be spying on users, snooping on their clipboard, etc. If an app which has been download 2.6 billion times can hide spyware in it without people realizing (or caring), then so can any app, from a game to custom themes to an alarm clock.

It's the same as when people start installing a bunch of extensions to their browser. Every additional app/extension/piece of software is a new risk.

That's very true which is why the only 2 options which are worth a try for a person desperate to use bitcoin wallet on phones are as I mentioned in my post above.

To avoid this you can keep a separate phone which has only the bitcoin wallet on the phone or you shouldn't download anything else on the phone from external sources which potential contains a virus.

But even these are just options with lower risk compared to the wallets which we use on our regular phones with junk apps installed.
This is why they say that hardware wallets are the best of all options to hold cryptocurrencies since they don't have these kind of malware/spyware issues.

[dkbit98]

As a small experiment, I would suggest everyone takes out their phone right now and go to the "permissions" section of their settings. It's usually under Settings -> Apps or Settings -> Privacy. Just look at how many apps have access to your keyboard, your storage, your screen, your camera, your location, etc. Maybe you've downloaded and verified a reputable open source wallet like Electrum. Good start. Are all your other apps open source and verified as well? Didn't think so.

Even very own mobile operating system is a junk collecting personal information, behavior, movement and just about anything you can think of, so I would consider using degoogled phone or at least remove anything related with google.
Reset you phone and instead of Google Store use something like F-Droid or Aurora Store, uninstall apps that are not open source, install some good adblocker and Tor browser.
If you can't cope with this than use separate phone and use it only for Bitcoin crypto wallet like Electrum or Blue wallet, not connecting it to anything else.

It's the same as when people start installing a bunch of extensions to their browser. Every additional app/extension/piece of software is a new risk.

That doesn't mean that you should not use some very good extensions like uBlock origin, but it's better to keep it on minimum.
You can do the same thing like with mobile phones, use separate browsers for crypto or bitcointalk forum and don't use it for anything else.
Here is one nice and useful comparison testing of web browser privacy, Tor, Brave and Librewolf stands out from all the rest:
https://privacytests.org/

[o_e_l_e_o]

or you shouldn't download anything else on the phone from external sources which potential contains a virus.

Just because an app is downloaded from Google or Apple's official stores means nothing when it comes to how safe it. They both host plenty of malware and malicious apps.

That doesn't mean that you should not use some very good extensions like uBlock origin, but it's better to keep it on minimum.

Oh absolutely, but I can count on one hand the browser extensions which you should be running, such as uBlock Origin or HTTPS Everywhere, and they are all open source and have github repositories.

https://privacytests.org/

I've not seen that site before, but it seems like it tests every browser "out of the box", meaning Brave with in built tracking protection comes out on top. What it doesn't mention is that Brave accepts money from third parties to allow them to bypass the tracking protection, whereas installing uBlock Origin on Firefox achieves the same thing but without giving companies such as Binance a back door in to your browser and in to your data.

[Mpamaegbu]

everyone has phone.

Wrong assertion. Not everyone has a phone in reality. Perhaps, you meant just this forum? Even at that, it's still debatable.

Is there a way the password can be bypassed to access the wallet.

Not really. The only way to access the phone would be to "flash" it. Once that is done, all data on the phone are erased. So, in order words, the list or stolen wallet won't still have the wallet on it. You're safe.

Phone password are not long

That's not true. You can increase the strength of your password on your phone. The only reason people like to choose short passwords is for ease of assessment when they want to unlock their phones.

In all, my advice to anyone using a wallet or any other vital documents on their phone is to have not just secured and strong passwords on their phones. They should also ensure that they put passwords on their SIM cards (sim lock). That way, one is sure that the thief or whoever picked their lost phone won't be able to assess their SIM cards even if they get to remove it from the phone and insert into another.

[dkbit98]

I've not seen that site before, but it seems like it tests every browser "out of the box", meaning Brave with in built tracking protection comes out on top. What it doesn't mention is that Brave accepts money from third parties to allow them to bypass the tracking protection, whereas installing uBlock Origin on Firefox achieves the same thing but without giving companies such as Binance a back door in to your browser and in to your data.

I prefer Librewolf browser now, it's the middle ground between regular Firefox (that is getting more and more like Chrome) and Tor browser.
It already has uBlock origin there and you can enjoy much better browser that follows all Firefox updates, without any telemetry and junk that comes with normal Firefox.
I know about Brave, but you can disable their adblocker and I think it's still better option than regular Chrome browser, but I still don't recommend it.
One group tried to fork Brave removing all that crap, and they sent bunch of lawyers to them scaring them to death, but it's their business model I guess

[_act_]

If the person can not afford hardware wallet or because he just want to store bitcoin for years, experts will advice the person to read about paper wallet very well and use it.

Some people will want to be spending bitcoin frequently and they can not afford hardware wallet, paper wallet can not be used for convenience. The person will be advised to use online wallet. Experts will recommend desktop wallet for the person like electrum but only small amount will be said to have if the person is using desktop wallet.

Some people will want to use bitcoin and be using it for transactions very well, the person do not have hardware wallet and computer, the person will use mobile wallet because he has phones, everyone has phone.

I have noticed people do not recommend wallets on phone, but in reality, some people do not have money to buy hardware wallet and do not have computer but having it in mind to buy it later when they have money.

Let us say the person want to use phone temporary and he is using it for small amount but the remaining amount is on his paper wallet. Let us aay the phone is stolen, can the person that stole it be able to steal his bitcoin? The phone have password.

Many refer to Bitcoin as digital gold. If that is the case, start treating it as such. If you had a gold bar, or 100 gold coins, would you carry them with you everywhere you go? Why do you do that with your Bitcoin? If you have $5.000 somewhere in your home, do you stuff it all in your pockets every time you leave your house? Then why would you do that with crypto?

It's dangerous to store your private keys/seeds on devices you use for everyday tasks. It doesn't matter if we are talking about computers or mobile phones. Those two worlds should be as separate as possible. If you don't want to use airgapped computers or paper wallets, at least get a good hardware wallet. With everything else, you are just using something with an increased possibility of things going wrong.

I have mentioned all these before on the topic, check the bolded parts that I quoted above. Assuming, you do not have a hardware wallet, you can still use a paper wallet and computer together, your main coins will be on the paper wallet, but the computer is just for little amount of coins for daily transactions for convenience. If you do not have a computer, the you can use wallet on phone for this but which is more discouraged than using a computer. I have mentioned all these before that if the person do not hardware wallet an hardware wallet, the cheapest choice that can provide the security is a paper wallet. Try and read the topic very well. All I am just asking is if it is possible to brute force the password on phone.

As a small experiment, I would suggest everyone takes out their phone right now and go to the "permissions" section of their settings. It's usually under Settings -> Apps or Settings -> Privacy. Just look at how many apps have access to your keyboard, your storage, your screen, your camera, your location, etc. Maybe you've downloaded and verified a reputable open source wallet like Electrum. Good start. Are all your other apps open source and verified as well? Didn't think so.

Even very own mobile operating system is a junk collecting personal information, behavior, movement and just about anything you can think of, so I would consider using degoogled phone or at least remove anything related with google.
Reset you phone and instead of Google Store use something like F-Droid or Aurora Store, uninstall apps that are not open source, install some good adblocker and Tor browser.
If you can't cope with this than use separate phone and use it only for Bitcoin crypto wallet like Electrum or Blue wallet, not connecting it to anything else.

The two common phones operating system are Android which is the google you are referring to, Android still claim their OS to be open source, I do not know but it is what I have found all over the internet, is that true? Is Android OS open source?  I am surprised you only mentioned google, but iOS is close source. iOS is one of the operating system that should not also be used. They are both the big brands in the market. I do not mean Android is recommended, they prefer ads than security and I am not tech to know how good it is but I hate Android and Google ads.

Wrong assertion. Not everyone has a phone in reality. Perhaps, you meant just this forum? Even at that, it's still debatable.

This can be off-topic but I think I have to reply to it. I did not mean everyone has phone, I do not know much about English, I would have given you the right figure of speech this belong to. The sentence does not mean everyone is using phone, I used it to mean that people use phone that other devices now, if someone just know about bitcoin, he may not have enough money for hardware wallet and computer, therefore not having option than to use paper wallet and mobile phone.

That's not true. You can increase the strength of your password on your phone. The only reason people like to choose short passwords is for ease of assessment when they want to unlock their phones.

This is what I have found out among people, they are using 4 to 5  numbers or letters. You can increase it? Can you compare numbers, letters and other characters on bitcoin private key to the password that you use to access your phone? This second statement makes me to be perfectly right.

[o_e_l_e_o]

I prefer Librewolf browser now, it's the middle ground between regular Firefox (that is getting more and more like Chrome) and Tor browser.

My issue with using forks of Firefox such as LibreWolf or WaterFox is that they can often lag behind when it comes to security updates, sometimes by weeks or even months. The last time I properly looked at LibreWolf, you can achieve almost everything it does by customizing Firefox manually, although that process is obviously time consuming and beyond the scope of the average user. Although if Mozilla continue down their current path of just doing whatever Twitter tells them to, then I may well make the switch at some point.

The two common phones operating system are Android which is the google you are referring to, Android still claim their OS to be open source, I do not know but it is what I have found all over the internet, is that true? Is Android OS open source?

The core Android OS indeed open source, but almost every phone you can buy comes with a bunch of non-open source unremovable junk such as Google Chrome and other Google spyware installed on top, which kind of defeats the purpose. There are alternative open source OSs such as GrapheneOS you can install on Android devices to remove such bloatware.

[Mpamaegbu]

~snipped

I think OP should get their facts right before making spurious assertions and then refusing to accept corrections. I don't see how what I pointed out here should be frowned at or what others did too as I see you also addressed other users as having missed your point. Get your facts right, and where you didn't; accept correction and move on.

[_act_]

The core Android OS indeed open source, but almost every phone you can buy comes with a bunch of non-open source unremovable junk such as Google Chrome and other Google spyware installed on top, which kind of defeats the purpose. There are alternative open source OSs such as GrapheneOS you can install on Android devices to remove such bloatware.

Thank you for this, is there any guide for help I can use to install it? I have not heard before that other OS can be installed on Android but hopefully I can be able to convert back to Android if anything happen and I want to convert back?

I think OP should get their facts right before making spurious assertions and then refusing to accept corrections. I don't see how what I pointed out here should be frowned at or what others did too as I see you also addressed other users as having missed your point. Get your facts right, and where you didn't; accept correction and move on.

This is a discussion forum, do not take anything I say inappropriate or personal, I am trying to make a good discussion. What I am saying is that it will be easy to brute force short characters that people use for password to access their mobile phones, in reality people use short password for phone access. This is the question I am asking. To have just little amount of bitcoin on the mobile wallet for transactions and the remaining bitcoin will be on paper wallet. That is it possible to brute force the phone password using a tool, that is it possible. Try and get me correctly.

[o_e_l_e_o]

Thank you for this, is there any guide for help I can use to install it? I have not heard before that other OS can be installed on Android but hopefully I can be able to convert back to Android if anything happen and I want to convert back?

Depends on your phone. GrapheneOS only really supports Pixel phones. If you have a different phone you might be better off looking at LineageOS, or its fork DivestOS. You'll find links to their websites and GitHubs here - https://privacyguides.org/android/ - where you will find documentation and install guides. If you want to revert back, then you'll need the original OS files to reinstall, so you'll need to look in to making a back up or sourcing the installation file from an official source first.

Be aware, though, that just because these are open source doesn't mean they are infallible. Plenty of open source software has bugs, vulnerabilities, or even malicious code slipped in to it. You shouldn't just switch to these for the sake of it and then think you are safe.

[Lucius]

Thank you for this, is there any guide for help I can use to install it? I have not heard before that other OS can be installed on Android but hopefully I can be able to convert back to Android if anything happen and I want to convert back?

Don't play with such things if you are not 100% sure what you are doing, because you can brick your smartphone. In addition, if the device is under warranty, you may lose it. Besides, as @o_e_l_e_o says, you probably won't achieve anything special if you change the OS on your smartphone, you'll just be fooled by some fake security.

I have had a well-known smartphone brand for years with Electrum, and I have never had a problem even though significant amounts have gone through it. It is crucial that the device regularly receives security/critical updates for the OS, and that I do not download any suspicious apps other than those that have millions of downloads and are relatively secure. Should I mention that an antivirus program on a smartphone also makes sense, and very few people pay attention to it.

[dkbit98]

The two common phones operating system are Android which is the google you are referring to, Android still claim their OS to be open source, I do not know but it is what I have found all over the internet, is that true? Is Android OS open source?  I am surprised you only mentioned google, but iOS is close source. iOS is one of the operating system that should not also be used. They are both the big brands in the market. I do not mean Android is recommended, they prefer ads than security and I am not tech to know how good it is but I hate Android and Google ads.

Android is not really open source but it is based on Linux open source operating system, in similar way like Chrome browser is not open source, but Chromium browser is.
I was not mentioning iOS because Android have bigger market share, but it's similar situation and only way is using degoogled phone with LineageOS, GrapheneOS or CalyxOS.
Installing Bitcoin wallet should work just fine after doing this, but you won't have access to any G-aps, and you will have to use alternative options.
You can always remove all ads from your phone with open source applications like Blokada 5 or some other alternative.

My issue with using forks of Firefox such as LibreWolf or WaterFox is that they can often lag behind when it comes to security updates, sometimes by weeks or even months. The last time I properly looked at LibreWolf, you can achieve almost everything it does by customizing Firefox manually, although that process is obviously time consuming and beyond the scope of the average user. Although if Mozilla continue down their current path of just doing whatever Twitter tells them to, then I may well make the switch at some point.

This was true for Waterfox, Palemoon and some other forks, but LibreWolf browser is most serious from all of them and there are almost no delays for receiving updates compared to normal Firefox.
I know that settings tweaking is always possible for Firefox, but some things you can't remove on your own and I am not sure how to completely disable telemetry.
I can say only good things about Librewolf, I think it is lighter on system resources compared to Firefox, and for full list of feature you can check the link bellow:
https://librewolf.net/docs/features/

Depends on your phone. GrapheneOS only really supports Pixel phones. If you have a different phone you might be better off looking at LineageOS, or its fork DivestOS.

Maybe some people don't know this but they accepto cryptocurrency donations:

- DivestOS is accepting Bitcoin and Monero donations.
- GrapheneOS is accepting Bitcoin and Monero donations.
- CalyxOS is accepting Bitcoin,Ethereum, Litecoin, Bcash, Dogecoin, and USDC donations.
- LineageOS is NOT accepting crypto donations.

[o_e_l_e_o]

Installing Bitcoin wallet should work just fine after doing this, but you won't have access to any G-aps, and you will have to use alternative options.

You've got F-Droid for most things, and if you really need to run Google Play or something dependent on it, then most good custom OSs will give you a safe and secure way to do that. See, for example: https://grapheneos.org/usage#sandboxed-google-play

This was true for Waterfox, Palemoon and some other forks, but LibreWolf browser is most serious from all of them and there are almost no delays for receiving updates compared to normal Firefox.

I've poked about a bit more and found this in their documents: https://librewolf.net/docs/faq/#how-often-do-you-update-librewolf
Alright, so you've convinced me. I'll give it a go next time I'm setting up a new device or installing a new OS.

[dkbit98]

You've got F-Droid for most things, and if you really need to run Google Play or something dependent on it, then most good custom OSs will give you a safe and secure way to do that. See, for example: https://grapheneos.org/usage#sandboxed-google-play

Some people don't like F-Droid and they can't find apps they use there, but great alternative is open source Aurora Store, if you like shiny look that is probably better than original G-store.
I didn't know about Sandboxed Google Play, but I guess it's good for people addicted on google software

I've poked about a bit more and found this in their documents: https://librewolf.net/docs/faq/#how-often-do-you-update-librewolf
Alright, so you've convinced me. I'll give it a go next time I'm setting up a new device or installing a new OS.

One thing different from Firefox browser, most images you see browsing with Librewolf are in .webp format (developed by google) not in original formats, but I don't mind this and maybe it helps opening pages faster.

[Peanutswar]

It depends on what are your capabilities to secure your assets such as bitcoin. In computers mostly we are using the Electrum wallet which comes from their website to prevent using fake/phishing platforms of course still there's a risk on it if you are using different suspicious files, downloads and platforms that you are allowing access to your computer. Next is the bitcoin wallet in phones previously im using the exodus and electrum wallet only I have is the seed phrase neglect mostly the passwords the problem is again you access and download applications to your mobile. Lastly, I'm upgrade into the HArdware wallet the probability risk is to lose the wallet and lose the seed phrase.

[lovesmayfamilis]

In all, my advice to anyone using a wallet or any other vital documents on their phone is to have not just secured and strong passwords on their phones. They should also ensure that they put passwords on their SIM cards (sim lock). That way, one is sure that the thief or whoever picked their lost phone won't be able to assess their SIM cards even if they get to remove it from the phone and insert into another.

Can I ask you a question? What can you learn if you pull out someone else's SIM card and insert it into another phone? I always thought it was just contacts. For me, it is not critical. In your case, I think that some important data can be stored in the SIM card? But I won't argue. We are from different countries, likely, I do not know something.
And also, a complex password on the phone, how many characters should it consist of in your opinion? How long will it take for the owner to regularly use it by logging in?
I prefer a fingerprint, or a photo, and the phone in the cold sometimes does not recognize my fingers and face. 

[Mpamaegbu]

Can I ask you a question? What can you learn if you pull out someone else's SIM card and insert it into another phone? I always thought it was just contacts. For me, it is not critical. In your case, I think that some important data can be stored in the SIM card? But I won't argue. We are from different countries, likely, I do not know something.

A whole lot can happen. People store vital information on SIM cards apart from the mere contacts and those could be used to harm the victim by assessing sites whose passwords they've stored there. Another is that someone could assess the phone number and use it to get a loan from microfinance banks. That's very easy in my country. I've this sad experience happen to a cousin of mine. Her phone was snatched from her, she hesitated in blocking that sim in hope that it could be returned to her. Two days later she got debit alerts from her bank. I didn't even know she had that challenge until I got two different texts from two different microfinance banks as one of her supposed guarantors where the thieves had also gone to get loans with her phone number. It was when I put a call across to her to see how things took a downturn for her financially (she's someone financially independent) that I discovered what happened to her. It wasn't her but the thieves who took her phone. They accessed her SIM card and got some regular numbers she called and submitted them as guarantors to get loans. If her SIM had been locked, the thieves wouldn't have been able to assess her contact or known her sim number to the point of submitting it in getting those loans.

And also, a complex password on the phone, how many characters should it consist of in your opinion? How long will it take for the owner to regularly use it by logging in?

My SIM card allows me 16 characters.

I prefer a fingerprint, or a photo, and the phone in the cold sometimes does not recognize my fingers and face.  

Exactly! I've all three (that's four, if we add SIM lock) – password, facelock and fingerprint on my phone too. Occasionally, I tend to unlock it with the password for two reasons. One being that so I don't forget it. The second is that sometimes I'm forced to when the phone refuses to recognise my face or fingerprint.