Device and OS Security

8 min readarticleIncludes quiz · 5 questions

Your phone or laptop is the front door to your bitcoin. Lock it down. Keep software current, only install trusted apps, and use strong device protections.

Simple definitions (plain English):

  • OS update: The latest security patches from Apple/Google/Microsoft. Install them promptly.
  • Full‑disk encryption: Protects your data if the device is lost or stolen. Enabled by default on iOS and modern Android—use a strong passcode.
  • Biometric unlock: Face/Touch ID. Convenient, but always set a strong passcode as the fallback.
  • Authenticator app (TOTP): Generates 6‑digit codes on your device (better than SMS).
  • SMS 2FA: Codes by text message. Useful, but weaker—SIM‑swap risk.
  • Sideloading/APK: Installing apps from outside the official store—high risk.
  • Jailbreak/Root: Disabling built‑in protections to modify the OS—don’t do this on a wallet device.
  • Secure enclave/TEE: A protected chip area that holds sensitive secrets (biometrics/keys) separate from the OS.

Core device hygiene checklist:

1) Update OS, browser, and wallet apps regularly. 2) Use a long device passcode (prefer 6+ digits or alphanumeric). 3) Enable full‑disk encryption (default on iOS/modern Android). 4) Prefer authenticator‑app 2FA over SMS for exchanges/email. 5) Install wallets only from official stores or vendor sites—never from ads/DMs. 6) Review app permissions; deny camera/microphone/location unless needed. 7) Keep a clean device: uninstall unused apps, disable unknown keyboards/extensions. 8) Use a reputable password manager and unique passwords. 9) Turn off Bluetooth/Wi‑Fi when not in use; avoid public Wi‑Fi for sensitive actions. 10) Back up your seed phrase OFFLINE (paper/metal), not in photos or cloud notes.

Phishing and malware defenses (simple rules):

  • Type URLs yourself; don’t click wallet/exchange links from ads or messages.
  • Verify app publisher/name and reviews before installing.
  • Beware clipboard malware that swaps addresses—always verify the address on your hardware wallet screen.
  • Don’t open random attachments; keep antivirus enabled on desktops.
  • Never share seed, private keys, or passphrases—support will never ask.

iOS quick setup (recommended):

  • Settings → Face/Touch ID & Passcode → Use a long passcode.
  • Turn on Find My iPhone and enable remote erase.
  • Automatic Updates ON for iOS and apps.
  • Safari: Block pop‑ups, prevent cross‑site tracking.
  • Use official App Store only; disable unknown profiles/VPNs you don’t use.

Android quick setup (recommended):

  • Security → Screen lock: Use strong PIN/password; enable fingerprint if desired.
  • Encryption: On by default—confirm in Security settings.
  • Google Play Protect: ON; disable install from unknown sources.
  • Find My Device: ON for locate/lock/erase.
  • Disable developer options/USB debugging on your wallet device.

Network & travel safety:

  • Prefer cellular or your own hotspot over public Wi‑Fi; if you must use public Wi‑Fi, use a trusted VPN.
  • Use a privacy‑respecting browser; keep extensions minimal.
  • On trips, consider a travel‑only phone with minimal apps and no seeds.
  • Avoid charging from unknown USB ports (use a data‑blocker cable).

Separation of concerns (good practice):

  • Daily spending: a hot wallet on phone with small amounts.
  • Savings: hardware wallet or multisig—never kept on the phone.
  • Consider a dedicated "finance" device (spare phone/Chromebook) used only for exchanges and wallet coordination, with no social apps.

Emergency readiness:

  • Enable remote‑wipe (Find My / Find My Device).
  • Keep device backups encrypted; know how to restore your authenticator.
  • Record support contacts for carrier/email to lock accounts after loss.
  • Practice restoring your wallet from seed on a test device with tiny funds.
Harden Your Device
Harden Your Device

Test Your Knowledge

This lesson includes a 5-question quiz (passing score: 75%).

Quiz functionality available in the mobile app.