how secured?

[Zoomic]

If I get a new Samsung phone and set up the normal password and finger lock. Then, set up the Samsung secure folder and it's password. I now download my wallet inside the Samsung secure folder, how safe is my wallet from hack.
For people who doesn't use android, Samsung secure can be hidden in Samsung phone such that even if you have access to the phone you may never access the secure folder.

Also Redmi android phone also has this feature, like two different operating system running in one phone for security reasons.

[1714926250]

1714926250

[1714926250]

1714926250

[1714926250]

1714926250

[1714926250]

1714926250

[Charles-Tim]

The secure folder is good for other people that are using your phone not to see what you store on it, like files and apps. But malware can still be able to penetrate it and a hacker can be able to steal your coins.

If you want a safer and well secured wallet, go for online offline ones like a paper wallet, wallet on an airgapped device and hardware wallet like passport for bitcoin.

[Zaguru12]

This apparently looks a bit secure to only physical hackers, like some that gets hold of your phone and then possibly has knows your phone lock password, it will hard for him to get access if he doesn’t know the folder password if it is different from the phone lock password. I would say this is similar to adding passphrase or 2FA to a wallet that has passcode already.

But just like Charles-Tim said, it is not secure when the device is faced by malware through phishing, example can be the clipboard malware. Just get a Wallet and back up it’s recovery seeds well

[Z-tight]

Also Redmi android phone also has this feature, like two different operating system running in one phone for security reasons.

This feature is not for security reasons, it is for local privacy reasons, that is if you want to hide certain apps from people who have access to your device. Mind you that this feature wouldn't even protect you from a targeted local attack, because it is a very popular feature and the attacker would surey know about it, so you should always encrypt your wallet file.

Needless to say that your wallet isn't safe from hack if you use this feature because any wallet that is online is prone to hack, and your wallet is online. If you want your wallet to be safe from hack you'll have to use it on a completely air-gapped device, or just get a hardware wallet.

[Zoomic]

The secure folder is good for other people that are using your phone not to see what you store on it, like files and apps. But malware can still be able to penetrate it and a hacker can be able to steal your coins.

I would say this is similar to adding passphrase or 2FA to a wallet that has passcode already.

If hacking difficulty of a device without a password is 10%, the difficulty when password is added and maybe additional finger print is added should be upto 15%. According to what you both said, does it mean that having password, finger print and also another password to unhide the secured folder won't make additional difficulty?
I am having an odd feeling about this, even as Zaguru12 mentioned physical hacker just like there are spiritual hackers. Maybe I will have to understand more in this thread.

[Z-tight]

If hacking difficulty of a device without a password is 10%, the difficulty when password is added and maybe additional finger print is added should be upto 15%. According to what you both said, does it mean that having password, finger print and also another password to unhide the secured folder won't make additional difficulty?

An attacker doesn't have to get a hold of your phone locally to attack and steal your funds. A phone password, finger print or pin only protects unauthorized access of people to your device, it does not protect the wallet and keys you have in that device. Take note that BTC is not stored in wallets, but on the network, so as long as you have your keys in any online wallet and use that device to browse and do many stuffs online, the wallet in that device is prone to hack and is not safe.

[Charles-Tim]

If hacking difficulty of a device without a password is 10%, the difficulty when password is added and maybe additional finger print is added should be upto 15%. According to what you both said, does it mean that having password, finger print and also another password to unhide the secured folder won't make additional difficulty?
I am having an odd feeling about this, even as Zaguru12 mentioned physical hacker just like there are spiritual hackers. Maybe I will have to understand more in this thread.

Physical hack, he meant offline attack. Like those people that you give your phone.

But malware is online and would be able to make a hacker to compromise your wallet. To have more knowledge about malware, try and read about them, especially Trojan horse, rootkit and clipboard. There are more and malware can be combined to illicit attack on devices.

[dzungmobile]

If I get a new Samsung phone and set up the normal password and finger lock.

Finger lock, this is bad.

You are not an intelligent agent so you don't need it. Individually, you need to secure your device and wallet but if you don't plan to die with your bitcoin and nobody will access it after your death, just don't use finger lock.

The bottom line is secure your device, your backups but it should be accessed by your wife, children, loved ones.

[Zaguru12]

Finger lock, this is bad.

You are not an intelligent agent so you don't need it. Individually, you need to secure your device and wallet but if you don't plan to die with your bitcoin and nobody will access it after your death, just don't use finger lock.

The bottom line is secure your device, your backups but it should be accessed by your wife, children, loved ones.

Although biometrics isn’t the best of password but using it doesn’t mean your family cannot access your funds later. The only way in which a wallet cannot be accessed is by losing the recovery seed or keys. Once your family get hold of the keys or seeds they will just import them in a wallet on another device and it wouldn’t need any biometric or passcode again

[Yamane_Keto]

According to some reports, Secure Folder encrypts your data, so it is safe from physical attacks, which is represented by a third party accessing and using your phone, and from hackers, as the file inside is encrypted. The problem remains in Do you trust Samsung encryption?
The wallet file is usually encrypted so you add an extra layer of security.

You can get greater security if you add a new layer of encryption to your wallet file, but in general it is better to keep it offline by deleting the wallet file and keeping your wallet seeds words, as the process of restoring an encrypted, deleted, and overwritten wallet file is more difficult.

[dzungmobile]

Although biometrics isn’t the best of password but using it doesn’t mean your family cannot access your funds later. The only way in which a wallet cannot be accessed is by losing the recovery seed or keys. Once your family get hold of the keys or seeds they will just import them in a wallet on another device and it wouldn’t need any biometric or passcode again

I meant they can not access your coin if they only have that phone, without you, your hands and fingerprints and of course without other accessible wallet backups.

There are other ways to lock your phones like with Pin code and I am still against Biometrics to lock and unlock my phone. The sensor can be broken and you will have to bring your phone to Technical stores to fix it. It contains another risk when you have to handle your phone to a third party.

[aylabadia05]

If I get a new Samsung phone and set up the normal password and finger lock. Then, set up the Samsung secure folder and it's password. I now download my wallet inside the Samsung secure folder, how safe is my wallet from hack.
For people who doesn't use android, Samsung secure can be hidden in Samsung phone such that even if you have access to the phone you may never access the secure folder.

Also Redmi android phone also has this feature, like two different operating system running in one phone for security reasons.

It is physically safe when we lose our android because the security settings you have made are good, starting from a secure folder, password to fingerprint. But to guarantee as a whole is still in doubt. First for reasons of malware or viruses that Charles-Tim said.
I am an Android Samsung user and I really feel how users can hide files.
Before using Samsung, I also used the Xiaomi brand Android and had the convenience of saving files.

I think it's not really guaranteed as long as we don't keep backups elsewhere and this way we acknowledge as the only good way.

[rat03gopoh]

finger lock.

It's a big problem if you enable it also in the wallet settings, indirectly it's like setting the exact same password for the login credentials of all the accounts present on that device.
I remember some crypto wallets that only require biometric authentication to send funds. In an unconscious state (sleeping, drunk or dead), people around you might take advantage of it to dry your wallet.

[Zaguru12]

I meant they can not access your coin if they only have that phone, without you, your hands and fingerprints and of course without other accessible wallet backups.

There are other ways to lock your phones like with Pin code and I am still against Biometrics to lock and unlock my phone. The sensor can be broken and you will have to bring your phone to Technical stores to fix it. It contains another risk when you have to handle your phone to a third party.

It will be a bit stupid not actually back up the keys to once funds, not only could your lose it when you die or something happens but you also will lose it when something happens to the device. So I doubt any one will actually have a wallet with backup, Infact that’s the first thing that comes when creating a wallet, except if you’re referring to an exchange account which is not what OP is referring to on this thread.

More so I think almost all biometric authentications are backed up by passcodes. So that should any of your state fears against them (biometrics) arises you can simply just use the passcode

[satscraper]

The secure folder is good for other people that are using your phone not to see what you store on it, like files and apps. But malware can still be able to penetrate it and a hacker can be able to steal your coins.

If you want a safer and well secured wallet, go for online ones like a paper wallet, wallet on an airgapped device and hardware wallet like passport for bitcoin.

That hidden memory  area that keeps sensitive apps  is encrypted, AFAIK.  I'm in doubt that  malware could  decrypt it  by itself if password is strong enough, say, having entropy of 128-bit.

Probably malware is capable to penetrate into hidden area  when user decrypt it to access apps he needed.

[Zoomic]

Finger lock, this is bad.

You are not an intelligent agent so you don't need it. Individually, you need to secure your device and wallet but if you don't plan to die with your bitcoin and nobody will access it after your death, just don't use finger lock.

The bottom line is secure your device, your backups but it should be accessed by your wife, children, loved ones.

Although biometrics isn’t the best of password but using it doesn’t mean your family cannot access your funds later. The only way in which a wallet cannot be accessed is by losing the recovery seed or keys. Once your family get hold of the keys or seeds they will just import them in a wallet on another device and it wouldn’t need any biometric or passcode again

Very apt. If my family has access to my private keys or seeds, they will not have problem access the funds anytime. I have also read someone said using biometric is bad because if it's faulty you need to go phone repair shop which is a risk. Before anyone could use biometrics, there is always a primary lock type.

The secure folder is good for other people that are using your phone not to see what you store on it, like files and apps. But malware can still be able to penetrate it and a hacker can be able to steal your coins.

If you want a safer and well secured wallet, go for online ones like a paper wallet, wallet on an airgapped device and hardware wallet like passport for bitcoin.

That hidden memory  area that keeps sensitive apps  is encrypted, AFAIK.  I'm in doubt that  malware could  decrypt it  by itself if password is strong enough, say, having entropy of 128-bit.

Probably malware is capable to penetrate into hidden area  when user decrypt it to access apps he needed.

Thanks for mentioning this. I know there is encryption of the memory that holds sensitive apps, but I don't know how it works and that's why I kept mentioning the difficulty level.

[witcher_sense]

Thanks for mentioning this. I know there is encryption of the memory that holds sensitive apps, but I don't know how it works and that's why I kept mentioning the difficulty level.

A secure folder is basically an isolated virtual environment for your apps that makes it much easier to separate sensitive-related applications and those that don't need any secret keys to perform their functions. There is a special secure mechanism in each Android or iPhone that encrypts passwords and private keys, stores them in a protected area, and sends decrypted data back to the apps that have a right to access certain parts of information. What's interesting is that apps using secret keys don't actually know what the values of these keys are since all sensitive information remains inside the protected area. So far, so good. But for cryptocurrency applications such as software wallets, it is necessary to have access to private keys in plain text in order to be able to sign messages and produce signatures. In other words, the information you keep inside the secure folder remains private as long as you don't touch a software wallet sitting inside it to send or receive funds. Once the wallet is unlocked, all seed phrases and private keys that belong to the given wallet become much easier to steal because the wallet stores and manipulates them in plaintext.

[dzungmobile]

It will be a bit stupid not actually back up the keys to once funds, not only could your lose it when you die or something happens but you also will lose it when something happens to the device. So I doubt any one will actually have a wallet with backup, Infact that’s the first thing that comes when creating a wallet, except if you’re referring to an exchange account which is not what OP is referring to on this thread.

More so I think almost all biometric authentications are backed up by passcodes. So that should any of your state fears against them (biometrics) arises you can simply just use the passcode

We can stop talking about wallet backups but just know that there are people who don't make wallet backups. If you do it, it's good.
I am against biometrics but I know it has advantages and disadvantages but with me, after consideration, my opinion is the same, against it.

• Biometrics and biometric data: What is it and is it secure?
• What Is Biometrics and How Secure Is Biometric Data?

High risk: You can change passwords, but you can’t change your biometric details. If your biometric data is stolen or lost, it could be permanently compromised.

Duplication: In some ways, biometric credentials are easier to obtain and duplicate than access cards or keys, because we quite literally leave our biometric footprints and fingerprints everywhere we go. Criminals are learning to copy biometric details by lifting fingerprints off glass, or even capturing voice recordings.

When your biometric are stolen, data base is compromised, you are done. Because simply said, you can change your passwords billion of times if you want but you can not change your biometric.

It sounds seriously but I am against Fingerprint Biometrics for kids. We as parents should not leak our kids biometrics easily like this.

[ranochigo]

I'm in doubt that  malware could  decrypt it  by itself if password is strong enough, say, having entropy of 128-bit.

Probably malware is capable to penetrate into hidden area  when user decrypt it to access apps he needed.

Generally, entropy doesn't matter with passwords. It is just not feasible to bruteforce passwords in this manner, especially when you need the file as well. Malware will just steal the password.

Android phones and IOS usually operate their apps within their own sandbox which makes it more secure than other OSes in a sense. However, because they are such an attractive target, malwares are often catered to attack the zero days on the platform. Samsung Knox goes a step above the vanilla Android OS and does hardware level isolation and theoretically it should be more secure.

Regardless, I wouldn't consider anything that you're moving around with and having the potential of misplacing as being secure.

[michellee]

It's fine to install a Bitcoin wallet on the phone and as long as you don't add a SIM card from any provider and don't install any other apps and only factory default apps, the phone should be fine. So the phone is only specifically for storing Bitcoins.

Assume your phone is only for storing Bitcoins. You only rely on an internet connection from your home WiFi and don't carry the phone anywhere. Moreover, you don't often connect the phone to the internet network. It's safe, especially if you also use a phone lock application, but I suggest not using biometrics. It's better to use a password combination or a pin code in the form of letters, numbers, or both.

The important thing is don't overthink because your mind will never be calm. It should be safe as long as you follow what's suggested for securing your phone. And if you intend to use that phone as a place to store Bitcoins, you don't have to carry that phone around with you.