how secured?

[joniboini]

Personally, if I can't be sure I understand how the tech work or verify the developer's claim, I'd rather not use it. They keep mentioning that it uses Samsung Knox as a base to provide a secure environment, but it also supports cloud backup which can be an issue regardless since it adds a new attack vector. I'm not even sure the Redmi secure option is really secure either considering Xiaomi phones are not that popular for privacy and security purpose. Since you mentioned you don't know how some of them work, I'd suggest looking at other options instead of risking your funds for some temporary convenience.

[1714795391]

1714795391

[1714795391]

1714795391

[1714795391]

1714795391

[1714795391]

1714795391

[1714795391]

1714795391

[satscraper]

Malware will just steal the password.

It will steal in the course user enters password or when password is still in RAM.

No way for malware to steal password which is not in the phone's memory (or in some  file)./

In regard to entropy, yeah, when this term is applied to password it's just  reflection of quantity of attempts  needed for successful bruteforcing.

[ranochigo]

It will steal in the course user enters password or when password is still in RAM.

No way for malware to steal password which is not in the phone's memory (or in some  file)./

It depends. Depends on how your system is designed, certain are cached beyond the shortlived timespan in your RAM. RAM access in OS differs and some are not overwritten properly after use. AES is a good encryption, DES aren't, so that has to be taken into account as well.

Regardless, that would still be a risky assumption to take. Unencrypting the wallet file and any processes that takes place should be accounted for.


It has happened before, and I have no doubt that it would happen again.

In regard to entropy, yeah, when this term is applied to password it's just  reflection of quantity of attempts  needed for successful bruteforcing.

Not exactly. Entropy is often misconstrued when talking about the complexity of passwords. Its a term used to measure randomness. This can be flawed when taking into account password dumps, rainbow tables, common password structures, etc.

[Zoomic]

The important thing is don't overthink because your mind will never be calm. It should be safe as long as you follow what's suggested for securing your phone. And if you intend to use that phone as a place to store Bitcoins, you don't have to carry that phone around with you.

Thanks!
What I need do is to remove the third party apps in the phone but then it is not a phone that is carried along. Always safe at home. Most times panick kills even when no one is attacking you, it is important not to overthink as you said.

Regardless, I wouldn't consider anything that you're moving around with and having the potential of misplacing as being secure.

Very important information here and other persons have said the same thing in this regard.

[ranochigo]

Thanks!
What I need do is to remove the third party apps in the phone but then it is not a phone that is carried along. Always safe at home. Most times panick kills even when no one is attacking you, it is important not to overthink as you said.

Very important information here and other persons have said the same thing in this regard.

If you're using a phone solely for the storing of your coins, you should just get a hardware wallet. That is far safer and more foolproof than using a phone. I avoid using mobile wallets in general because they are often poorly vetted or designed and can have quite a big surface area for attacks. Using a hardware wallet is harder to mess up and provides you with the security at the same time.

[NotATether]

Malware can still be installed accidentally or deliberately onto the phone which can then access the secure folder if you proceed to use the wallet normally and open it from that location, so treat is as a deterrent rather than a security feature.

It's like Incognito mode of browsers, it hides data from shoulder surfers and evil maids, but not necessarily from hackers.

[Synchronice]

Malware can still be installed accidentally or deliberately onto the phone which can then access the secure folder if you proceed to use the wallet normally and open it from that location, so treat is as a deterrent rather than a security feature.

It's like Incognito mode of browsers, it hides data from shoulder surfers and evil maids, but not necessarily from hackers.

Incognito mode is a joke. Open an incognito tab, browse think, then visit Facebook in regular tab and when you scroll down, you'll see that your feed is pretty much based on what you were searching on incognito mode.

OP, if you want to use it as a hot wallet, then you can securely do that if you don't visit malicious websites and don't download uncertain apps. Your device and wallet won't be hacked that easily if you know what to avoid. But as a cold wallet where I plan to save a million dollar, I would avoid such a combination at all cost.

[satscraper]

[
Not exactly. Entropy is often misconstrued when talking about the complexity of passwords. Its a term used to measure randomness. This can be flawed when taking into account password dumps, rainbow tables, common password structures, etc.

That just another side of the same thing.

The most common definition of entropy which is applicable also for the case of password is that this quantity  equals to  number  (logarithm, to be exact) of all possible system's state  which, when applied to password case, means the number of all possible values for the string relevant to the given password.

But this definition is too academic to be used here.

[sokani]

If I get a new Samsung phone and set up the normal password and finger lock. Then, set up the Samsung secure folder and it's password. I now download my wallet inside the Samsung secure folder, how safe is my wallet from hack.
For people who doesn't use android, Samsung secure can be hidden in Samsung phone such that even if you have access to the phone you may never access the secure folder.

Also Redmi android phone also has this feature, like two different operating system running in one phone for security reasons.

The Redmi smart phone two operating system in one phone feature is called second space. What this feature does is to help you hide your installed wallets and hidden folders from authorized users but it can't protect your device from malware attacks initiated through phishing links and other sources. The moment your phone is comprised by a malware, your wallets on the second space are not spared as well and your funds could be stolen. Since your wallet is on your smart phone, my advice is for you to be mindful of the kind of websites you visit or better still get yourself a hardware wallet to be safe.

[Zoomic]

OP, if you want to use it as a hot wallet, then you can securely do that if you don't visit malicious websites and don't download uncertain apps. Your device and wallet won't be hacked that easily if you know what to avoid. But as a cold wallet where I plan to save a million dollar, I would avoid such a combination at all cost.

Yea, if the money was in dollars, maybe I would have preferred a cold wallet. But when it is in few thousands of dollars, following the above recommendations will go.

...The moment your phone is comprised by a malware, your wallets on the second space are not spared as well and your funds could be stolen. Since your wallet is on your smart phone, my advice is for you to be mindful of the kind of websites you visit or better still get yourself a hardware wallet to be safe.

Never used Redmi, just my friend's. Thanks for explaining how it works. Keeping the phone totally off internet, except when to transact is the behaviour.

[m2017]

If I get a new Samsung phone and set up the normal password and finger lock. Then, set up the Samsung secure folder and it's password. I now download my wallet inside the Samsung secure folder, how safe is my wallet from hack.
For people who doesn't use android, Samsung secure can be hidden in Samsung phone such that even if you have access to the phone you may never access the secure folder.

Also Redmi android phone also has this feature, like two different operating system running in one phone for security reasons.

In this day and age of the Internet, the greatest threat comes not from local hacking, but from online. Most modern devices have access to the Internet, which is the most vulnerable point. The probability of putting your wallet at physical risk is much lower than virtual / online. Therefore, the main emphasis in precautionary measures, as I believe, should be done in this direction. One of which would be: don't store your core crypto assets in phone wallets (only a small portion is acceptable for running expenses).

Whatever new and technological solutions are offered by phone manufacturers (like dual operating systems, etc.), this is more a marketing ploy to increase sales than effective ways to protect your wallet. The best way to store crypto assets is offline or hardware wallets. Never rely 100% on phone wallets, no matter how safe it may seem.