Making a cold wallet on an Android device.

[TopTort777]

I am not much of an expert in security, but I have always heard that Android devices and security does not come together. If a systems allows easily to install third party software, have numerous cases of hacks, that is a huge red flag for me. Also from financial point of view, modern Android device cost more than most of hardware wallets, that are easy to set working straight out of the box. So why bother with Android? Better "dont try to invent a bicycle" with android, security and crypto.

[_act_]

I am not much of an expert in security, but I have always heard that Android devices and security does not come together. If a systems allows easily to install third party software, have numerous cases of hacks, that is a huge red flag for me. Also from financial point of view, modern Android device cost more than most of hardware wallets, that are easy to set working straight out of the box. So why bother with Android? Better "dont try to invent a bicycle" with android, security and crypto.

More people use phones. Which means more people will have old phones. I do not know of other countries but I noticed this in where I am living.

About the device to use. You can use any device as airgapped. Even if it is close source like Windows, macOS, iOS or Android, the device is not sending anything to the environment. Just do not use close source wallet but you can use any device as airgapped.

But the problem is can Android Internet, WiFi, Bluetooth, NFC, Infrared and other means of communication be removed or disabled leaving just the camera? If they can be removed, it would make it an airgapped device.

[dkbit98]

My question is how can someone make an airgapped wallet from an Android device if I have to connect to the internet to set up the device?
And is rooting or jailbreaking an option or will it just make the android device more vulnerable?
And lastly will it still be a valid airgapped wallet if I connect it to the internet just once for the set up?

You first need to reset your device and uninstall all bloatware software you don't need.
If you own Pixel device I would suggest installing GrapheneOS, this is much better and more secure than doing jailbraking.
You only need internet connection to install open source Bitcoin wallet, after that you disable everything in settings, turn on airplane mode, and use QR codes with camera for transactions.
I would not consider this device to be 100% airgapped, especially with cheap phones that can have backdoor and weak security.

[Saint-loup]

A truly airgapped device is the one which has never been and will never be connected to the Internet or any other network. So, if your phone has been connected to the internet, even if it was for a brief time, then it can't be called an airgapped device.
Because of that and for the other reason you have mentioned, better use hardware wallets if you want maximum security. If buying a hw is not an option then better use a pc to setup your cold storage wallet instead of a smartphone.

I disagree with you because it would mean that only DYI from scratch devices are able to be considered as airgapped device since there are no means to check and guarantee that a purchased device (or computer) has never been connected to internet and to any network. You claim hard wallets give maximum security but they are not airgapped, they need to be physically connected to an online computer, and we've seen that seeds can be stolen by a firmware update. If a device is never connected anymore to internet before being out of order, it can be considered as fully air gapped since even if a malware or a backdoor is present into it it will never be able to send the seed outside of the device.

[khaled0111]

I disagree with you because it would mean that only DYI from scratch devices are able to be considered as airgapped device since there are no means to check and guarantee that a purchased device (or computer) has never been connected to internet and to any network.

In that case, all you need to do is to format the device's hard drives and install a clean os. Actually, you should do this for any device you buy even if you are not going to use it for crypto related activities.

You claim hard wallets give maximum security but they are not airgapped, they need to be physically connected to an online computer, and we've seen that seeds can be stolen by a firmware update.

I didn't say hw are airgapped devices but I said they are better than airgapped phones. I'm referring to reputable hw, ofcourse.

If a device is never connected anymore to internet before being out of order, it can be considered as fully air gapped since even if a malware or a backdoor is present into it it will never be able to send the seed outside of the device.

It depends on the malware infecting the device. Take the clipboard hijacker malware as an example,it can steal your coins without needing to be connected to the Internet.

[Saint-loup]

I disagree with you because it would mean that only DYI from scratch devices are able to be considered as airgapped device since there are no means to check and guarantee that a purchased device (or computer) has never been connected to internet and to any network.

In that case, all you need to do is to format the device's hard drives and install a clean os. Actually, you should do this for any device you buy even if you are not going to use it for crypto related activities.

You claim hard wallets give maximum security but they are not airgapped, they need to be physically connected to an online computer, and we've seen that seeds can be stolen by a firmware update.

I didn't say hw are airgapped devices but I said they are better than airgapped phones. I'm referring to reputable hw, ofcourse.

If a device is never connected anymore to internet before being out of order, it can be considered as fully air gapped since even if a malware or a backdoor is present into it it will never be able to send the seed outside of the device.

It depends on the malware infecting the device. Take the clipboard hijacker malware as an example,it can steal your coins without needing to be connected to the Internet.

You can't format all devices and even less installing so-called clean OS on all of them. In addition how do you know your OS is really clean? You'll never be able to guarantee it. Besides that formatting doesn't destroy datas until new datas have been overwritten onto it, and it can't do anything against malicious chips inside your device on top of that, so it's not a perfect method.
"Reputable hardware wallets" doesn't mean anything, Ledger wallets were reputed before they had to admit such vulnerability.
You're right for malwares like clipboard hijackers, they could theoretically mislead you but if you double check the transaction you sign and then broadcast, you can address this risk.

[dkbit98]

You can't format all devices and even less installing so-called clean OS on all of them. In addition how do you know your OS is really clean? You'll never be able to guarantee it. Besides that formatting doesn't destroy datas until new datas have been overwritten onto it, and it can't do anything against malicious chips inside your device on top of that, so it's not a perfect method.

You can do this with Pixel devices and GrapheneOS because operating system is open source, there is secure boot, and you can verify that everything is installed properly.
There are other mobile open source alternatives but they are inferior and they have some compromises.