Slashdot Mirror
Ask Slashdot: How Can I Prepare For the Theft of My Android Phone?
New submitter Adam Jorgensen writes "Last week my 4-week old Moto G phone was stolen while getting onto the train at Salt River in Cape Town, South Africa. That in itself is no big deal. Cellphone theft is a huge problem here in South Africa and I've had at least two previous cellphones stolen. The big deal this time, for me at least, was that this was the first time I've lost an Android phone to theft. When I actually sat down and thought about it, losing a fully configured Android phone is actually a big deal as it provides ready access to all kinds of accounts, including ones Google account. This could potentially allow the thief to engage in all kinds of malicious behavior, some of which could have major implications beyond the scope of the theft.
Luckily for me it seems that the thief did the usual thing: Dumped the SIM card, wiped the phone, and switched it off. It's probably had its IMEI changed by now and been sold on to some oblivious punter, possibly some oblivious punter in another country. Still, the potential for serious issue is making me have second thoughts about replacing the phone with anything capable of doing much more than calling. My question is this: Are there any serious solutions out there for Android that secure against theft?"
Luckily for me it seems that the thief did the usual thing: Dumped the SIM card, wiped the phone, and switched it off. It's probably had its IMEI changed by now and been sold on to some oblivious punter, possibly some oblivious punter in another country. Still, the potential for serious issue is making me have second thoughts about replacing the phone with anything capable of doing much more than calling. My question is this: Are there any serious solutions out there for Android that secure against theft?"
He continues:
By serious I mean solutions that go beyond the laughably easy to defeat 'Find My Phone' and 'Remote Wipe' options provided at present. Presently I'm thinking along the lines of:
- Full encryption of phone contents
- Some kind of 'Travel Safe' mode that would lock the phone down and trigger a full wipe of not unlocked correctly (Including wiping the phone on next boot if not unlocked before being switched off/running out of battery).
So, any ideas?"
but I'd like to go on record as joining the beta sucks bandwagon
Encrypt the phone, and set a numeric PIN of 6 or more.
Done and done.
For rooted phones there are both a variety of backup options and variety of stolen phone options all of which you can locate in the Play store, or which can be found by simple Google search, since the options are discussed endlessly with their pros and cons on every major Android forum.
For unrooted phones, you can still fully encrypt, and still backup -- although not fully. How painless the recovery is will come down to how much you trust and buy into online services. Your Candy Crush progress is going to have to depend on if you decided to integrate with Facebook, or if you've got your tinfoil set to max.
Android has full device encryption, turn it on when you travel. Leave it on when you aren't travelling. Enable the "Wipe after X failures."
Was it stolen out of the front pocket of your pants? Seems most of these thefts occur when people put it in the back pocket, which still baffles me to this day. The back pocket is the worst place to store anything of value.
Citation needed for the "laughably easy to defeat 'Find My Phone' and 'Remote Wipe' options". How are these laughably easy to defeat? Do tell. Also iphones have a kill switch installed, so they can't be wiped and reused. Compare this to your android solution of asking slashdot. I await more information.
https://play.google.com/store/apps/details?id=com.google.android.apps.adm
You can see where your device is, and wipe it. Also, use two step authentication.
I use Cerberus. It's available on the store: https://play.google.com/store/... Though if you download it direct from their website then you can flash it straight into the ROM, meaning that even if someone does a factory wipe on your phone it will still be installed and you can remote into it: https://www.cerberusapp.com/do... With it installed, you register your phone on the website, then sign into your account on the phone. From there you can carry out all sorts of commands, including GPS tracking, location history, call and SMS logs. You can even call or message the phone, get it to display messages, record audio, video, take pictures, all sorts. And finally you can wipe the SD card, wipe the phone, or reboot it. I don't remember how much it cost, but it was only a couple of pounds. I've never had my phone stolen yet, but I occasionally log into the site to check that everything is working and it always does what I want it to, so I've had no complaints with it.
http://www.xtrasec.com/feature...
It's not even necessary to find a black market for them since several well-publicized used phone brokers will purchase late model phones for up to $200 US.
I would hire a credit watch company to eyeball my credit inquiries for a year or two, and even that'll get your card suspended if you enter the wrong info a single time on Amazon, but unless there's reason to suspect foul play just assume a Mexican drug lord is pleased with your lost precious cellie.
Happiness in intelligent people is the rarest thing I know.
Ernest Hemingway
Save us both some time, and just send it to me...
"Flyin' in just a sweet place,
Never been known to fail..."
Don't store important shit on your phone.
When your shit gets stolen, just change the passwords to any accounts it was authorized to.
Don't be one of those idiots who uses 2-factor authentication with one of those RSA hash clock apps on their phone. You'll just end up locking yourself out of shit when you lose your phone.
Encrypting your phone does nothing because you decrypt it every time you power it on, and you always have your phone on, don't you?
Passwords / locks will stop casual thieves from getting in, but they don't want in - they just want to sell the phone.
Passwords / locks will NOT stop thieves who want your information. If your info is worth enough to be targeted it's worth enough for a 0-day bounty. (And with Android you don't even need that - it's likely to be a 6+ month old bug that your manufacturer / carrier never patched / pushed out the patch for).
You may as well ask how to make sure your car can't be stolen. Can't win, don't try. Just minimize the impact.
Buy a "Hello Kitty" wrist strap. That way you can prevent your phone from being stolen in the first place.
If you want everything encrypted: Sorry, you can't have that.
Google finally has copied Find my iPhone. Not sure if it works on all fragmented Android phones or not though. Best to move to the original and get an iPhone instead of a knockoff Android.
http://techcrunch.com/2013/12/11/google-android-device-manager-play-store/
I just came across this a week ago and it has device locator and remote wipe (you can also ring the phone in case you misplaced it in your house). It doesn't need to be installed on the phone, you can do it through any web browser with the google username and password.
Are there any serious solutions out there for Android that secure against theft?"
Get a concealed carry permit, lock your phone up when not in use and pay attention.
What are you doing with your phone that makes it possible that you've had 3 stolen from you? Are these thefts physically violent? I just can't imagine, for myself, that it would be super-easy to get my phone from inside my pocket or out of my hand without violence.
I think I'll stop here.
Android already features full device encryption, you've just got to turn it on. Keep in mind that not all OEMs support the feature, CyanogenMod and most AOSP derivitaves do. There's currently no self-destruct option should the pattern/pin lock be entered wrong X number of times, though I'm surprised Google hasn't implimented one as of yet.
The Amarri pray for god, the Caldari pray for profit. the Gallente pray for peace, but the Minmatar pray their ships hol
Simple answer: Treat your phone/tablet as only slightly more trusted than logged in from a semi-public PC, such as at a library.
I pretty much only log in to anything from my Android tablet via a browser in private browsing mode / incognito. I can then do everything through the browser that TFS' author presumably uses pre-logged-in native apps to do. Email, IM, cloud storage... I use them all, I just don't have my device set up to one-click root-my-life.
I don't even bother with a password on the thing - It wastes more of my time than that of a potential thief. If someone nabs it, hey, they get a few gigs of music (that I have backups of) and a $50 (replacement value - they don't tend to age well) tablet. Woo-hoo.
It's as simple as: Power down device, remove battery, remove SIM, do not re-connect to wifi hotspots. All of which can be done by anybody in less than 45 seconds. If the battery is non-removable? Power down, remove SIM, don't use wifi. Find my phone and remote wipe are pretty much a big hilarous joke if the theif know how to handle phones.
The Amarri pray for god, the Caldari pray for profit. the Gallente pray for peace, but the Minmatar pray their ships hol
Either,
A: Never get an NSA/Android phone.
B: Get rid of your NSA/Android phone.
When is Blackphone out?
Oh, almost forgot. FUCK BETA. Kill it with fire.
so...not AFTER theft, but before: 1. wear a watch. that's how you check the time. don't flash your phone. 2. look around Before looking at your screen. really that simple. 3. finally, carry a dead one. give them that one. they only expect you to have ONE.
Detonate automatically when the phone for a given period of time can't contact the wireless HW token you have on yourself.
Ezekiel 23:20
I'm surprised mostly becuase it didn't get seized by the TSA before he got there.
I thought IMEI could not be changed. Is it possible here because on a smartphone everything is software defined?
Step 1 change gmail password.
Step 2 realize you were dumb for not setting a lock screen code.
Step 3 - buy unlocked Moto X used on ebay for $260 and keep it in your front pocket next time.
Do not look at laser with remaining good eye.
I'm a paranoid type about big brother and his cousin google, so i always would leave GPS off...
After my Nexus 4 got stolen, I got a 5 and installed 'Prey' (google Prey Project'), which is a pretty good tool...Like 'Find my iPhone' on steroids. I just hate leaving my GPS on all the time now.. :(
you have to fuck up pretty big for your phone to get stolen
If you use that you can at least revoke that devices access so your google account is protected.
Use built-in encryption and use Android Device Manager to ring, lock and wipe device:
https://www.google.com/android/devicemanager
Yeah, nicca. Where duh white womenz be at?
There's a few simple steps to follow to prevent phone theft in the first place:
Step 1: Wear gloves at all times
Step 2: Put a non-conductive silicon case on your phone
Step 3: Slip phone into pocket
Step 4: Charge up a 400V 10uF capacitor and slip it into your pocket, leads up (now you see the need for gloves).
Then you play a simple game.
1 point for a loud scream on public transit.
10 points for a loud scream followed by self injury while attempting to run away.
100 points if the thief had a pre-existing heart condition.
1000 points for a girl in the vicinity mistaking the agony with simple surprise of your well equipped package and offering to "take you now" right there on the train.
You have 2 choices. 1, wait for the moron to take a selfie that auto-uploads to your instagram.
2. self destruct button with a significant amount of C4 (plus phone insurance)
Set your background to a really attractive but clothed female to make them think that's the owner of the phone. Then put an app on your phone(displayed in a prominent place) that says "my hot nude pics" that when launched, wipes your phone. Done!
Monstar L
Instead of cursing the darkness, why not light a candle?
http://soylentnews.org/
You are welcome on my lawn.
Maybe a pair of those 80's "parachute pants" would do the trick.
First, try not to get too attached to your Android. This can not be stressed enough as it is the absolute most important out of all the steps. Getting attached may feel right at first, but will make separation far more painful for all parties involved later. Despite how you feel about your Android now, the truth is it's highly unlikely you will never get an upgrade.
Secondly, set a lock screen message addressing the new owner of your phone. Try not to make it too bitter sounding, or you will never see your Android again. Leaving your name and address, and times that you are typically at home is not recommended. Instead use something along the lines of, "Please take good care of my Android." Wishing the thief and your ex Android both happiness is a good idea, but you will have to see that message periodically which could lead to separation anxiety or a self fulfilling over the air update.
Third, try to be sensitive to clues that your Android may be about to go missing. If your Android is acting up, freezes giving you the cold shoulder after receiving certain gestures, refuses to listen when you speak to it, suggests things in a mocking way, interrupts you while talking to someone you spend (too much) time with, or just can't make it through the day without a little "boost", these are signs that your relationship with your Android may soon be Terminated.
Additionally, try your best to be a good person. Be aware that your Android is aware of almost everything you do down to the slightest touch or subtle tilt of your head. Thus, mistrust between you and your Android is a sure-fire recipe for disaster. Your android can hear those things you whisper under your breath after ending a call -- it senses how you act towards others you have contacts with. Performing acts of kindness towards others will reduce the chances that your Android will inexplicably leave your company, and can increase the chances of reuniting with your Android after an affair with a thief. If you are reunited after a separation, it will be up to you to decide if you can ever really trust your Android again; Unfortunately, one must beware of viruses...
Finally, if things do not work out with your Android, do not despair. New models with more desirable features and stronger vibration functions will be available soon. Never damage your Android on purpose as this can lead to an immediate break-up, and may cause you harm as well. If you voluntarily end a relationship with an Android, return it to an authorized recycling centre so that it may be refurbished. Remember, if an Android doesn't bring you happiness, it may have been meant for someone else in the first place.
Why would anyone want a phone so shitty it crashes and reboots all the time? How many updates have the released for that iOS turd?
Lets just sketch the situation properly for our international compatriots. The android phone in this is case is probably the only computer owned by this guy. We have to make to with less equipment simply because income is so low. Only the affluent will have computers / tables and a phones. This means that your entire digital life is likely to be on one device and loss of this is rather great.
2 Major problems to deal with. Backups and Security
Make sure your phone is properly backed up. There are a number of free apps for this. Secondly, you will need to make sure all your security features are enabled. The lock screen, the automatic lock when idle and the PIN on your sim card. The thief will usually switch the phone off immediately to avoid tracking. So the pin on sim helps a little to safeguard your number and stuff like your banking logins. Do not use any of the banking apps supplied by the banks. Rather use the browser and don't store the passwords and numbers. It is safer that way. I don't thing we really have to worry about encrypting the entire phone. These guys are usually not out to abuse your data, rather just to get a device to sell again. A wipe app might be useful just to clean out your accounts.
How for the first world looking in.... Cellphones are a very good target for any thief. The SA cell companies are very reluctant to black list phones and the backyard shops usually have the tools to change the phone's identification numbers to a number from an old busted phone so the they keep on working on the network. An easy quick R200 ($20) can be made for a descent smartphone, keeping the thief in drugs for a day or two. Cape Town has a nasty drug problem with something called Tik. Almost the same as the US Crack. Nasty stuff.
Good luck and stay safe.
Basically any blackberry will do. Set a device password. If you enter it incorrectly 10 times, the phone wipes itself (not the SD, though). BB10 phones even have BB Protect built in, which gives you some remote options if the phone comes back online. I don't think there's any IEMI hacks, either.
The new ones even run about 90% of android apps right out of the box.
Instead of cursing the darkness, why not light a candle?
http://soylentnews.org/
Because every time I go to that site, I find it as frustrating to use as beta. Why do truncated comments have to load a new page?
/. classic the first time I encountered beta.
Also I haven't been forced onto beta since I opted for
Soylent news will have to improve to get readership.
Calling someone a "hater" only means you can not rationally rebut their argument.
Install a backdoor and pray to Allah that they don't factory reset it before you log in to the phone remotely.
The funny part of stolen phones in Europe is that Europeans predominantly use prepaid SIM cards, so what they are really stealing is airtime for when they plug the stolen prepaid SIM in their own phone, and your phone gets sold or just plain thrown in the trash nearby, since most people trash SIMs instead of reloading them, and as long as they are not post-paid SIMs, the fact that the SIM number moves to another IMEI is not something the phone company cares about recording/tracking.
What we really need is a phone / ring combination. i. e. phone only works with the wearer of a ring. No need to use pins, works all the time for every app, quick and convenient.
I think the real problem here is :
http://upload.wikimedia.org/wi...
http://en.wikipedia.org/wiki/G...
Seriously, I've been in South Africa my whole life and I've never had a cellphone stolen. If it's such a common occurence for you you are clearly doing something really stupid. Learn how to handle your property in a sensible way instead of preparing yourself for losing it again.
Thanks for that link, I found it very interesting.
But also worrying.
I mean, looking at everything Cerberus can do without apparently being detectable on the phone... How can I know that my phone doesn't have something similar installed on it?
try' mobiucare' android software not only does it track your phone and take pictures of the thief but it also allows you to do a full remote wipe the pro version is not free, but worth the money spent
I love all these replies placing the onus of the of blame on me and calling me dumb for having my phone stolen...
As fun as it is for you to call me dumb and a moron for having been robbed, it's not really helpful either.
And for the folks saying that I must be "doing something wrong" to have 3 phones stolen in the last 12 years:
My last phone theft happening when the train I was on was robbed by a gang of men moving from carriage to carriage threatening people at knife point. Please illustrate to me what I could have "done right" in that scenario...
In South Africa the way we typically defeat car thefts is to leave a bottle of liquor in the glovebox and it's laced with cyanide. Usually they get about a half mile, die and crash. But it's just a fender. Drag out the dead guy, get the dings knocked out, you're good to go. I wonder if there's a way to kill the thief by making the phone explode though. Or at the least electrocute his face when he holds it up.
I helped set the BYOD policy at my company and did the initial rollout. Our requirements were exactly the same as OP, with a little more control. As others have pointed out; you can set encryption up, you can setup a lock PIN or password, and you can configure it to do a full wipe on incorrect password guesses.
FWIW, we use MobileIron to do this.. but all MobileIron does is send the security policies to the phone (whose OS, Android or iOS, actually enforces the policy) and ensuring the phone isn't jailbroken (meaning we can trust that if we send a policy, the OS will honor it) - everything else is straight from the smartphone OS vendor and available in the Settings app for review.
Everything Cornelius says is SO fucking important, he has to make sure it gets to the top of the pile by replying, off-topic, to a frosty pisser. He's constantly doing that.
They'd have to be feeling pretty lucky to try.
Is punter some kind of African slang for something/someone?
Light travels faster than sound. This is why some people appear bright until you hear them speak.........
From a theft standpoint, I am not worried about my data, but I am worried about the loss of the physical hardware. There are reasonable methods to keep a thief from accessing data on the phone (PIN, encryption) but no methods to stop them from booting to recovery and wiping the device. What I really want is protected access to recovery mode.
10 * 10 * 10 * 10 = 10,000 combinations
Pay for AirDroid. You can locate your phone, lock it, take a picture of whoever has it, wipe it, brick it, bla bla bla.
... and buy insurance.
Also, don't store TS/NSI data on it.
The only laughing is being done by the people who are getting a cheap source of replacement parts thanks to Apple's iCloud lock feature. Everything but the logic board (motherboard) is still fully usable.
Ironically, even the locked logic boards still seem to have value on eBay. I can only assume there's some recyclers in China where they're swapping out the flash memory chips with ones from logic boards that were water damaged.
---
DRM is like antifreeze, to the MPAA/RIAA it's sweet, to the consumers it's poison.
Hey. It's "Gamification" of the comment hierarchy.
"Flyin' in just a sweet place,
Never been known to fail..."
I think that is a large part of what the problem is. The culture, at least of the upper end of the class system, of whites don't promote things like ecology and working hard to better society as something to strive for. However, high life, bling-like trappings, and professional banksters are the main heroes that are held up as something to emulate.
This general type of attitude is something that can ONLY be fixed from the inside of the community itself, and so far, this isn't being pushed. And sadly, you often see folks that DO escape from this cycle of destruction into sustainable jobs and neighborhoods, they also shun the corporate culture and often understandably so, as that they don't want their kids around that culture.
Is Apple's security model for iOS with local passcode (simple or complex), 100% encryption, tracking, auto and remote wipe capability and the device is incapable of being used unless you log it in to it with the proper credentials so the activation server allows it to go past the lock screen whenever you restart it or even re-install the OS on the device.
I'm guessing if I say you should just get an iPhone that you'd complain about the "walled garden" and "overseer status" of Apple, which is of course ironic given that those exact features are what it will take to lock any phone from hackers and thieves. You need to make up your mind... customizable Android based phone or highly secure iPhone.
The way I see it is that such a secure setup could never happen with the Android system: No manufacturer wants to run stock Android as there would be little competitive differentiation. Since all Android installs are different you can't easily implement the activation server model or OS level encryption, plus who would do it? Carriers would want to raise prices to offer the service, manufacturers don't want to support phones for longer than it takes to sell them and Google doesn't seem to think security is a priority for the OS. Who's left?
Article X: The powers not delegated... by the Constitution...are reserved...to the people
Interesting enough I have not seen a post showing an answer to the original question. Granted, I did not scroll through every.....single....one. However, here is a simple, free, and proven solution. It's called the Prey Project and it's free. Just read the "recovery" stories section. Install it on your device, configure set up on that device, and if it's used after being stolen. You have a very good chance of getting it back.
http://preyproject.com/
You're mostly right. Bill Cosby often speaks on this subject, advocating self-accountability and hard work. But, more and more, he seems to be shunned and dismissed in favor of others like Jesse Jackson who insist on blaming everyone else for the black community's woes.
sig: sauer
My Nexus 4 has a lock screen that looks like a Windows Phone 7 screen. But I wasn't prepared for the thief to come back and go into a rant about me being a tool.
Place nail here >+
True...and for the Jesse Jacksons and Al Sharptons of the world, they really do NOT want to truly help the black community, if they were to promote success instead of victimization, they'd have all their revenue sources dry up.
They make their living trying to keep racial dis-harmony going.
Light travels faster than sound. This is why some people appear bright until you hear them speak.........
Nobody wants to steal an android phone no more than they'd want to steal a stock stereo out of a 20 year old car.
Just let me know when and where you'll be leaving it relatively (or - even better - completely) unattended,
I'll take care of the rest!
Don't let the phone get on the train by itself!
> How Can I Prepare For the Theft of My Android Phone ?
By going to South Africa, apparently...
Open your eyes, it's easier than you think.
Uh.... what? Elaborate, please.
sig: sauer
Did you actually measure it (adrobench storage read/write test for example) and did not find any difference?
I'm assuming not and since Nexus 5 is fast to begin with there isn't any *noticable* difference.
Only recently (KitKat release) Google added TRIM support for encrypted volumes. Without that the performance difference between unencrypted (with TRIM) and encrypted (no TRIM) was very noticable after device was used for some time.
Unlucky for owners of older devices (1st gen Nexus 7, Galaxy Nexus) it does not work. This problem is very serious on 1st gen Nexus 7, to the point where it becomes unusable if encryption is used: https://code.google.com/p/andr...
No one steals android phones, especially motorolas. Even a Samsung only has a street value of $10. Get an iPhone and you'll have a phone people will steal.
wow... must have struck a never someplace... my trivial comment has been modded 8 times.
One word: http://www.androidlost.com/
I was not only able to remotely install this app via google play AFTER the phone was stolen, but I was able to activate and use ALL android functions... including GPS, caling, text message, even set of a loud SIREN and take pictures and basically catch the thief red handed!! I felt like BORIS in Goldeneye... INVINCIBLE!
I actually have my phone (a Galaxy Note 2) on a lanyard and when I'm out I keep it tied to my person or hanging around my neck, like a little kid with mittens. Won't prevent *every* thief, but certainly lowers the ease of stealing it. Also protects against dropping and losing.
wg
[Shrug]
When I trashed my phone - just before coming to work 7 weeks ago - had to pick up a £10 basic phone from a supermarket to allow me to be in contact while travelling. But it made me think - is that phone really any use with all it's complicated facilities? It's an address book, an alarm clock ... and that's about it.
Nope, when I get back from work, I think it's going to be upgrading to a basic phone (and recovering my normal phone number) for me. Oh, and using my tablet, with an added external keyboard and wall-wart for day-to-day mobile access. Or a netbook - essentially the same form factor. Which, since it lives in my rucksac, is considerably less pick-pocketable then a phone.
Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"