Many people log in immediately after downloading the APK, skipping important verifications and settings. This article provides an 8-step checklist for the first launch after installation. Download entry: Binance website, mobile Binance official app, iOS users see iOS install guide.
1. 8-step checklist overview
| Step | Action | Time |
|---|---|---|
| 1 | Confirm package name com.binance.dev | 30s |
| 2 | Confirm signature fingerprint | 1m |
| 3 | Check permission requests | 1m |
| 4 | Log into account | 2m |
| 5 | Enable anti-phishing code (if not enabled) | 2m |
| 6 | Enable / re-bind 2FA | 3m |
| 7 | Set up app launch verification (fingerprint) | 1m |
| 8 | Check device management list | 1m |
Total 12 minutes. In exchange for a solid security foundation.
2. Pre-login secondary verification (Steps 1-3)
1. Package name
Settings → Apps → Binance → Bottom of App info. It should display com.binance.dev. Any other characters mean you have installed a repackaged fake.
2. Signature
Use tools like App Inspector to check the application's SHA-256 signature fingerprint. It must match the official fingerprint published by Binance to be considered genuine.
3. Permission review
On the permissions page, you should see basic permissions like camera, notifications, and storage. If the following permissions appear, uninstall immediately:
- Read SMS (fake packages use this to steal 2FA SMS codes)
- Phone state (used to identify devices and monitor long-term)
- Accessibility services (most dangerous, can control the screen)
- Device admin (can remotely lock/wipe the device)
3. Login and basic security (Steps 4-5)
4. Log into account
Enter email/phone + password. Do not log in using links outside the platform — log in directly within the app, do not jump from external links.
5. Anti-phishing code
If the anti-phishing code is not enabled, enable it immediately. Settings → Security → Anti-Phishing Code → Customize 8 or more characters. After setting, send yourself a login email right away to verify it works.
Not enabling the anti-phishing code leaves the door wide open for email phishing; not enabling it is like not wearing a seatbelt.
4. 2FA and biometrics (Steps 6-7)
6. 2FA binding
If it's a new account, immediately bind Google Authenticator within the app. When binding, be sure to copy or screenshot the secret seed, and store it in a secure offline location (password manager, home safe, paper printout).
If migrating from an old device, first enable Authenticator backup on the old device, then restore on the new device. Blindly re-binding will cause the old account's 2FA to become invalid.
7. App launch verification
Settings → Security → App Lock → Fingerprint/Face. Once enabled, biometric verification is required every time the app is opened. This prevents scenarios like "someone looking through your transaction history when borrowing your phone".
5. Device audit (Step 8)
Settings → Security → Device Management. This lists all devices that have logged into your account. After installing the app, you should see:
- Current phone model
- Recent login time
- IP and region
If there is an unrecognized device in the list, immediately:
- Select the unfamiliar device → "Remove"
- Change your password
- Reset 2FA
6. Push and notification verification
After setting up the account, do a simple test:
- Log in once on the desktop with the same account
- Your mobile app should immediately receive a "New device login" push notification
- At the same time, your email should receive an email with the anti-phishing code
If neither is received, there is a problem with the notification channel. Check:
- Whether app notification permissions are enabled
- Whether the anti-phishing code email went to the spam folder
- Whether the system's power-saving policy froze the app
7. Backup and emergency plans
Multiple backups for the seed
The Google Authenticator seed should be backed up in at least two places:
- Encrypted storage in a password manager (online access)
- Paper printout placed in a safe place at home (offline fallback)
Lost device plan
Log into Binance on another device in advance, and add that device to the "Trusted" list. In case the primary device is lost, the backup device can handle emergencies.
Emergency contact
Write down the Binance customer service ticket portal (in the app's Help Center). In an emergency, do not look for "Binance customer service" on X / WeChat — those are all phishing.
FAQ
Q1: Is it definitely genuine if the package name matches? Not necessarily. You must also check the signature. Both must be correct to be considered genuine.
Q2: What if the old device's Authenticator is lost and I change apps? Submit an appeal to customer service to reset 2FA following the "Account compromised / Appeal" process; this takes 1-3 days. Therefore, backing up the seed is crucial.
Q3: What if app launch verification fails and gets locked? After several consecutive failures, the system-level password or a reboot will be required. In the worst case, uninstall and reinstall; the account itself is unaffected.
Q4: Do I have to verify 2FA for every login? It is required for the first time on a new device. Trusted devices can bypass 2FA for a certain period, but sensitive operations like withdrawals and changing security settings still require 2FA.