Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Hardware wallets
Re: Bitcoin Wallet for Android
by
OneEyed
on 23/07/2012, 12:47:11 UTC
Quote from: Goonie on July 23, 2012, 12:25:39 PM
Quote
if your phone is rooted (and I would think that the intersection between people rooting their phones and people using bitcoins is not empty), another application is more likely to be able to access the wallet-protobuf content.

Why is that? To my understanding, apps would still need to expoit security bugs, and the mere existence of them is unrelated to wether you have rooted your phone or not.

Several reasons, the first one being a risk I've seen taken many times already:
  • backups made by applications such as Titanium Backup are unencrypted by default, and will contain the unencrypted private keys without the user realizing the consequences of it — moreover, Titanium Backup lets you send backup in the cloud (Google Drive, DropBox) even if they are not encrypted
  • the user is more likely to accept, by mistake, a "superuser" request made by an application (it's just a popup on the screen, unfortunately many users click on them without thinking about what it says)
  • if the phone is used for development, "adb root" followed by "adb shell" will give you a root shell on the phone, from which you can get the content