Why you must not use a crypto wallet on a bootloader-unlocked phone

[Crypt0Gore]

I won't worry that much about keyboards hijacking sensitive data or words on my phone unless I am using a rooted/bootloader-unlocked smartphone.

To root an Android smartphone today you need to jailbreak the bootloader, see the warning below when trying to unlock the bootloader, even the phone OEM recovery image gives warnings.



This will neutralize all the security features of the OS that comes with your phone, this will also give installed apps some access to your data like keyboards. For example, take a look at this access being asked from the Go keyboard.



Your Phone's OEM would typically not allow some changes on your phone because of security vulnerabilities, but not a jailbroken smartphone, if you want to peacefully use a hot wallet on your phone abstain from bootloader unlocking or rooting your phone.

[1714467866]

1714467866

[NeuroticFish]

Your Phone's OEM would typically not allow some changes on your phone because of security vulnerabilities

I would not be that certain even about this; the phone's original OS can have bugs and the various manufacturers' updates don't come that fast, plus, you don't know what bugs and open doors the phone's manufacturer software has (some even left on purpose).

Imho unless you really know what you're doing and you really know what your OS is doing (which I doubt it's the case for phones), having/using a hot wallet is a risk.

[NotATether]

Most exploits nowadays are of the browser type which after breaking into the browser, deliver a payload that exploits a kernel vulnerability. It works on any kind of phone and not just jailbroken ones.

That's why phishing links are so rampant. They can easily be made to work on any platform, by collecting the user agent and serving a different file for each one.

[noorman0]

-snip-
To root an Android smartphone today you need to jailbreak the bootloader,

I haven't even found any apps lately that require root access, so if it does then it's at least advanced users and there's not much hope of tricking these kind of users. I would prefer that attackers these days work with phishing site methods that have more opportunities to reach users of low technical ability.

[taufik123]

To root an Android smartphone today you need to jailbreak the bootloader, see the warning below when trying to unlock the bootloader, even the phone OEM recovery image gives warnings.

These days, it's not easy to perform root and unlock bootloader on android smartphone. So i expect those who can and willing to do it should already know the risk.

Currently, there are many Android smartphone manufacturers that provide tight security on the bootloader system for their smartphone devices. This is done so that ordinary users find it more difficult to root and unlock the bootloader without having developer skills. This is also done to improve the security and stability of the device, but also limits the freedom of users to modify their device.

All android devices from various smartphone manufacturers have their own community which is active and available to help root and unlock bootloader. it is advisable to do some research and ensure that you understand the risks and consequences associated with this process before starting. root and unlock bootloader are only intended for those who want to do android system development, after all Android is Open-Source, Unlike iOS which uses closed Source.

This will neutralize all the security features of the OS that comes with your phone

You're exaggerating. Unlocking bootloader mostly weaken security related with boot process and other attack where attacker have physical access to your android smartphone.

It's quite dangerous if the bootloader lock is unlocked. Some malware will enter easily when there are no security-protecting system files on Android.
I often unlock the bootloader on various smartphones. Data security on Android smartphones will be more at risk

[UserU]

I haven't even found any apps lately that require root access, so if it does then it's at least advanced users and there's not much hope of tricking these kind of users. I would prefer that attackers these days work with phishing site methods that have more opportunities to reach users of low technical ability.

Unlike last time when Android was bloated and super laggy, things are more bearable these days.

Most of us won't need those root unless we really want a fully-customized OS or breathe new life into a super old device.

[BitMaxz]

I've experienced having a phone with a bootloader unlocked/rooted with a custom OS and there are lots of ads after installing a few apps like shareit and browsing on some sites with hidden scripts that auto-install apps and notifications without your consent. So it's too risky if you are going to unlock the bootloader because some apps can do whatever they want to do with your phone.

And about the Go keyboard, they actually record the text you type most of the guides out there using it as a keylogger.
And sometimes some systems become corrupted due to bugs and malware that can turn your device into hardbrick you can fix this hardbrick but the problem is if you are using Qualcomm devices it needs to use a Jtag to be able to recover it from hardbrick only professional tech have this Jtag box.
Samsung phones also disable Knox protection if you unlocked the bootloader I never unlocked my phone because most of my exchange apps and wallet are in my phone.

Only unlocked bootloader if you want to do some experiment or test something just make sure don't use it to any sensitive data.

[taufik123]

-snip-
And about the Go keyboard, they actually record the text you type most of the guides out there using it as a keylogger.

It has been known for a long time that Go Keyboard is a Keyboard replacement app that collects user data. This finding was revealed by Adguard as a security company, Go Keyboard collects sensitive information including emails associated with Google accounts, type of android and more.

Also, there are some plugins that are automatically downloaded, and these act as adware that will give a lot of ads typed using Go Keyboard. The GOMO china Dev Team is the developer behind the Go Keyboard app.
https://www.androidauthority.com/go-keyboard-caught-spying-802270/

And sometimes some systems become corrupted due to bugs and malware that can turn your device into hardbrick you can fix this hardbrick but the problem is if you are using Qualcomm devices it needs to use a Jtag to be able to recover it from hardbrick only professional tech have this Jtag box.
Samsung phones also disable Knox protection if you unlocked the bootloader I never unlocked my phone because most of my exchange apps and wallet are in my phone.

Only unlocked bootloader if you want to do some experiment or test something just make sure don't use it to any sensitive data.

Some of the methods used to deal with hardbrick android devices vary depending on the type of smartphone used.
But in general using Jtag Box or similar tools can be very useful.

The hardbrick that occurs makes the system unable to enter fastboot mode and recovery mode or download mode.
The device will only be stuck in Qualcomm USB900e mode and cannot be executed.

But for now, Knox protection on Samsung is quite difficult to break.
Tried to do it on a samsung galaxy note 8 but always failed.

[joniboini]

It's quite dangerous if the bootloader lock is unlocked. Some malware will enter easily when there are no security-protecting system files on Android.

It's been so long that I don't recall how to unlock my bootloader and flash a custom ROM on my phone, but I don't recall hearing of any malware that uses an unlocked bootloader to attack its users. Can you share some links about it? The latest malware news usually mentions installing fake apps, so it's more like phishing attacks instead of malware attacks, and I doubt most of them are done on an unlocked phone or custom ROM.

Some vulnerabilities in the news are related to accessing some sensitive storage that is crucial for the firmware/phone to run correctly[1], and it requires some effort. If it was successfully exploited though, I can see installing a malicious system or app is way easier than ever. Some malware doesn't even need an unlocked bootloader to continuously infect a phone according to this research[2]. Luckily it is mostly older phones/system that is vulnerable to those attacks, but there is no harm in being cautious of similar attack vectors. CMIIW.

I'm still seeing Go Keyboard on Google Playstore, is this a different app or Google is just too lazy to remove them if the report is credible? I also believe that these keylogging activities are possible even if your phone bootloader is still locked.

[1] https://nakedsecurity.sophos.com/2017/09/06/fur-flies-over-android-bootloader-flaws-heres-what-you-need-to-know/
[2] https://www.androidpolice.com/2020/04/19/months-of-research-finally-crack-android-malware-that-could-even-survive-factory-resets/

[Findingnemo]

I had little experience with rooting the device which is nothing but giving access to everything on our own but I am not techy so I can't utilize it completely and even bricked the device while attempting to do it once. Jailbreaking and rooting gives complete access so we on our own so if we know what should be done and not then it can be useful and if not just rely on the stock itself but even with stock we can't expect 100% security and we do still can find lot of malwares on playstore itself and they remove it only after receving enough reports.