why don't we use Android phones as seed signers? \ stacker news ~bitcoin

why don't we use Android phones as seed signers?

51 sats \ 12 comments \ @o 22 May 2022 bitcoin

There's so much focus on hardware"wallets" using arm chips or whatever but everyone knows a few people with an android phone they could trust one key of a multisig.

There are no apps with this in mind either - only wallets. I'm thinking of building one. You could have it with friends and send online notifications that they receive and are asked to sign a transaction. They could phone you first to confirm you haven't been hacked or kidnapped.

A multisig with up to date Android phones is safe.

view all related items

1 sat \ 9 replies \ @timechain 22 May 2022

I like the idea of it in a multisig. I will say an android phone is an internet-connected device. All hardware wallets (signing devices) are cold wallets, aka not internet-connected. I have heard an idea where you have a phone that doesnt have service (mobile data), and has wifi turned off and using that as a device in a multisig, by scanning a qr code. This is cool because EVERYONE has an old android laying around. Way more people than have signing devices.

15 sats \ 6 replies \ @Brunswick 22 May 2022

If you remove the sim, factory reset the phone, install only the wallet apk via the sdcard (bluewallet) and never connect it to the internet (keep in airplane mode and radios off), it's as good as any custom device. No doubt you can get your hands on an old phone for under $40

6 sats \ 0 replies \ @timechain 22 May 2022

Exactly, that's what I was thinking. I love when hardware is repurposed for Bitcoin purposes. Bitcoin specific hardware is awesome, but its also an attack vector, as jurisdictions can outlaw hardware that is considered "bitcoin specific." Thats why raspi's are cool too.

0 sats \ 4 replies \ @o OP 22 May 2022

I don't think you even need that. I'm thinking a 3 of 7 multisig between friends and family. Extremely unlikely for someone to be able to hack exactly the 3 phones right?

5 sats \ 1 reply \ @Brunswick 22 May 2022

It depends on what the purpose is of such a system. That means any three of the 7 can conspire to take the funds without consent of the other 4. It seems like a terrible idea to me, but maybe I don't understand the purpose.

0 sats \ 0 replies \ @o OP 22 May 2022

Ideally, they wouldn't know what the other parties are. The purpose it to simplify access to your funds in a secure manner. Single-sig is obviously out of the question. Having HW seed signers at home is weak against fires. Having HW seed signers distributed in several locations is slow and costly.

What do you suggest?

0 sats \ 1 reply \ @2bithits 22 May 2022

Depends if your family or friends turn on you.

You need to think deeply about all the potential problems. Perhaps friends that don't know each other & in different countries

5 sats \ 0 replies \ @o OP 22 May 2022

Exactly! I'm envisioning they getting a notification like "@2bithits wants you to sign this" then they click "Sign" and BOOM! New tx signed. Because this is a seed signer not a wallet they wouldn't even really know much about your UTXOs.

0 sats \ 1 reply \ @2bithits 22 May 2022

How would you broadcast transactions?

Turn internet on momentarily just to broadcast?

5 sats \ 0 replies \ @o OP 22 May 2022

No, their phones would be on 24/7, as they're today. It depends on your threat model but having multisig across several up-to-date android phones seems relatively secure to me.

0 sats \ 0 replies \ @nout 23 May 2022

I think the biggest enemy of privacy and security is ourselves. With Android phone there is just way too many things that you can do wrong. If you don't mess up, then it can work well.

0 sats \ 0 replies \ @nerd2ninja 22 May 2022

#budl dewwit