Android: 2FA & pin code

[psb777]

I'm considering the TrustedCoin Google Authenticator 2FA option supported on the desktop. But on Android it seems there can be no 2FA - if my phone is stolen then the 2FA prompt goes to my phone.

Would you agree with my conclusion that if I need 2FA then best to delete the Electrum app from my phone? How else do I get the 2FA? It seems not to make sense on a phone.

There is the pin code on the Android version. That is a 2FA of sorts. How secure is that? 6 digits, 1 in 1,000,000. But how many attempts? Brute force attack?

I searched for "pin" and also for "Android" in the docs. No mention.

[ecdsa]

I do not really understand your argument, nor your conclusion. It is true that 2FA does not make sense on the same device, that's why it is not supported on android.

That has absolutely nothing to do with deleting the Electrum app from your phone. Whatever reasoning brought you to that conclusion must be full of misconceptions.

The security model of the android app rests on the Android platform. In particular, you need to lock your phone, and it must not be rooted. See https://www.reddit.com/r/Electrum/comments/57yfy3/electrum_android/d8wy3pf/

[ecdsa]

I will add a page to the docs explaining that

[psb777]

Thank you.

If 2FA is a good idea on the desktop, why is that? The security model of Electrum on the desktop could similarly rest on the Linux or Windows platform. You could, in particular, lock your office and ensure you log out of your computer and that no one has root access.

I store a non-trivial amount of bitcoin in my Electrum wallet. On Android, the security model being vulnerable, and 2FA not available and possibly not feasible, I have decided to have a watch-only version of my Electrum wallet. I think it madness to entrust Android with one's 12 word phrase or private keys.

I'm happy for my misconceptions to be detailed, but my foolishness I'm unable to address: you just allude to it.

Thanks for all your support and help. Great app, even on Android without 2FA! :-)

[ecdsa]

Because the security model of a desktop OS and Android are very different.

On the desktop, your wallet file is on your hard drive, and it can be read by other applications. Whoever has access to the wallet file can try to bruteforce the password. That is why it makes sense to use a strong password.

On a non-rooted Android phone, the wallet file cannot be accessed by other applications, because it is in private storage. If your phone is not rooted, and if you screen lock your phone, then nobody can access your wallet file, not even you. The 6-digit PIN code is not intended to protect your wallet from someone who has access to your wallet file. It will only protect the wallet from someone who is physically holding your unlocked phone, because they will have to type the PIN on the screen.

Of course, this security model breaks if the operating system is compromised. That is true for both desktop and Android. If you do not trust a single operating system, then you probably want to use multisig.

Note that the 2FA solution proposed by Trustedcoin is designed to be easy to use and involves Google Authenticator. You can achieve the same level of security if you manualy create your own multisig 2of2 wallet, with two separate devices. These two devices can be two Android phones running Electrum.