Comments on Stacker News about mobile OS security, GrapheneOS and use of GrapheneOS with cryptocurrency wallets. May be useful.
https://stacker.news/items/464619/r/final?commentId=466606
Interesting but in the end, buying and reserving a phone, even an old one, just for this usage is more or less the cost of a cheap hardware wallet or a SeedSigner, how cheap is a Seedsigner to make?
And for 500$ of Bitcoin, just use Samurai on your main phone, if possible on a dedicated profile, then it's already enough effort for a small risk of losing a relatively small sum of BTC (same or less than your phone value).
For educational purpose it's very interesting I agree.
Remember back in Aug - Sept at $25ks how it felt like it couldnโt go up but down only right?
Now it also feels like #Bitcoin canโt breakdown but up only right? Yes, The market is simply following itโs usual pattern
If you haven't join our vip group yet you are missing out
๐ฅ ๐ gain more insight from expertise on demystifying biases in #Bitcoin and learn how to 1000x for long term adoption and bringing clarity to controversies,
Join now: https://t.me/rebelcapitalistshow
This comment would help
https://stacker.news/items/464619?commentId=466680#
I'd 100% be thrifting an old phone to get money for a signing device if I were only using an older unsupported phone just for that. Although I definitely consider GrapheneOS reasonable for *warm* higher-value assets. I'd store more on a GrapheneOS device than I ever would on any other phone, providing I was using all the security features and setting it up in a dedicated profile.
I can't assess apps like Samourai in detail, I do mobile security not Bitcoin, but admittedly I have researched them when making this comment: https://stacker.news/items/464619
They were one of many wallet apps that was a target of mobile forensics research I did in the distant past as well. This was long before my affiliation with GrapheneOS and this is not GrapheneOS work though.
A lot of wallet apps have security modelling relying on the security baseline of the device and OS the app is running on, if they get enough time to move funds away during or before compromise then the wallet did it's job in protecting funds. That is also explicitly Samourai's aim. Physical compromise or sophisticated remote compromise could trivially clone an app's data and brute force the PIN, but on a up-to-date secure device this is difficult, especially one running GrapheneOS. If you're targeted this hard and this detailed there is much there's a lot worse to worry about.
This time would be enough to move funds to a new wallet just on its own. Would be nice to see further improvements like passphrases and stronger key derivation with Argon2 if they don't plan or do it already to further slow them down, but at that point it's just adding additional small frills and isn't important.
