The biggest threats to your cold storage are human errors (including forgetting passwords). Followed by attacks when you are initializing or restoring your backup phrase. The evil maid threat can be thwarted by using any encryption method. Here you are protecting yourself from physical violence away from home. As you won't have access to your level 3 wallet outside your home. Later when we create a level-4 wallet you will protect yourself from rogue police and 5 of 6 Fenton tests[12].

I recommend using a brand new phone (Android or iPhone) not an old phone! An old phone might already have malware or viruses. Buy a new phone from a physical retailer (not a refurbished phone) if you can over an online retailer (to avoid targeted attacks).

Bitcoin hardware wallets (HWW) separate the signing from the blockchain wallet data. They depend on a separate user interface from the HWW itself. This separation leads to a massive attack surface that is repeatedly exploited but falls outside the scope of what the HWW vendors claim to protect you from. You gain very little confidence when using a HWW. This recommendation is counter to an industry full of marketing claims.

So, let's get to strictly comparing layer 1 key security between a Bitcoin hardware wallet (HWW) versus a brand new dedicated generic smartphone (DGP).

We will compare both over several real world attack surfaces. We are optimizing for a teachable error free process.

In this comparison, we don't protect against physical attacks at home. We don't use BIP39 passphrases because this is a poor 2-of-2 setup[13]. Later I will explain the proper 2-of-2 setup and how it protects against attacks described as the Fenton tests.

Real attack Surface A "Purchase/Repurchase device", you need to replace the device and restore from paper mnemonic. HWW is less secure than a DGP. A DGP can be bought anywhere anonymously and quickly. The feeling a user gets when their HWW electronically fails, is damaged, lost, or stolen puts them in a risky mindset. They may not have the luxury of time to patiently order a replacement HWW online and wait for delivery. The HWW vendor might be out of business[14]. Who knows what software, on what device they'll input their backup phrase into in a panic? That's a bigger risk than a targeted interception of the HWW. A HWW is difficult to verify that it's an authentic device. Therefore, vendors suggest you buy from them directly and then your name, email and shipping address will be leaked and you'll be targeted with convincing phishing emails[15]. It's not a nice feeling to know your address was leaked in association with a Bitcoin wallet.

Real attack Surface B "download the trusted software", the first time you setup your wallet you must download the correct trusted software. With a DGP and Bluewallet, because it connects directly to the Bitcoin P2P network, you are never forced to download the trusted software again (unless you lose the phone). With a HWW they force you to update the firmware and/or the software before allowing you access to your funds. They require you to find and use your backup phrase. Their PIN policy might lead to high likelihood of accidentally wiping or bricking the device. This is the largest attack surface for HWWs. The HWW vendors often do not build companion software[16] or they build companion software that puts the user at undue risk[17]. They do not advise against using desktop computers. They make false claims that your Bitcoin is safe even if you connect it to a desktop with malware. When they do make companion software they do not do enough to steer the user to only use the official companion mobile software. They abandon companion software[18]. It's way to easy to download malware on a desktop and all desktop apps have access to the data of the other apps. Unlike desktop computers, phones enforce authorized software distributions and the binary is secured by Google/Apple. As well, phone apps are isolated and malware on a phone cannot read your Bitcoin wallet file (in the majority of cases). You can get the correct Bluewallet version by going to bluewallet.io or verify that the developer shows as Bluewallet Services S. R. L. on the Play store. A DGP with no emails, no chats, using the default keyboard without cloud learning and no sims is better than a HWW because you don't in practice use the secure element chip safety aspects (and some HWW don't have secure element chips) and the keys and the wallet will be together on one device and usable without any updates.

Real attack Surface C "you forget how to use Bitcoin", you don't practice Bitcoin and are easily led astray. HWW are rarely used by the majority of users. Phones are used on a daily basis. Users are more comfortable with phones. Ironically, a HWW is better paired with a phone than with a desktop but old myths that desktops are more secure than phones hasn't gone away. If your cold wallet and hot wallet are the same app on same brand phone this makes the phone more secure than the HWW because you will operate it correctly. HWW are often wiped or bricked if you forget the PIN. A phone supports fingerprints and facial recognition and many users are more comfortable with that method of encryption.

Real attack Surface D "armed robbers have tied you up at home", if they find your HWW they may compel you to input the PIN to access your wallet. If they find phones they may default to seeing the phone as something they can wipe and sell for $100 and move on. Some HWW (and Bluewallet) have a feature for plausible deniability PINs. It's not clear how effective this is under duress. If you enter the wrong PIN under duress it should still help your safety as a user. We will revisit this threat when we describe the level-4 setup. Under this threat the phone is slightly more secure because these violent attackers do not currently possess the necessary hacking skills to decrypt any encrypted device. There's been no reports of stolen phone's being hacked for their Bitcoin wallets. The only exception where a HWW with a secure element and brute force resistance using device wiping is more secure is if the government is seizing your single sig no passphrase device. The government can hack your phone using brute force. Your PIN or pattern is not secure against government brute forcing, so we address this threat with our level-4 wallet. Professional thieves cannot afford the cost of zero-day exploits[19] to get into your phone.

Read Appendix C for a discussion on traveling with your Bitcoin wallet.