DooKey
[H]F Junkie
- Joined
- Apr 25, 2001
- Messages
- 13,581
Jason, over at Micro Soldering Supply, has successfully recovered a Mycelium BTC wallet from a dead Android phone. He managed to do this after removing the EMMC chip from the phone. After that, he put it in an EMMC reader and copied the wallet database to another phone. Apparently he was able to do this because Mycelium doesn't encrypt the private keys even with a PIN set on the app. His advice is to keep your device up to date and don't root it either. My advice would be that you shouldn't carry your cryptocurrency wallet around in a mobile device. Thanks, cageymaru.
While it is less of a problem now that Android encypts the filesystem by default since Nougat, if a root exploit was to be released today then it would be extremely easy to extract the database from a victim’s device and copy it over to an attacker’s device, even with a PIN set in the app. Therefore I would caution all Mycelium wallet users to keep their devices up to date with security patches and don’t root them either.
While it is less of a problem now that Android encypts the filesystem by default since Nougat, if a root exploit was to be released today then it would be extremely easy to extract the database from a victim’s device and copy it over to an attacker’s device, even with a PIN set in the app. Therefore I would caution all Mycelium wallet users to keep their devices up to date with security patches and don’t root them either.