Wipe/lock a stolen Android phone - not as secure as you think?

italdesign

Level 2 Member
I had a few things stolen on my trip. My phone was not among them, but it prompted me to prepare. In researching, it seems these are the requirements for a remote Android wipe/lock:

1. Android Device Manager is installed and enabled on the phone.
2. You have access to your Google account on some device (to initiate the wipe/lock)
3. Phone is connected to the internet (to receive the wipe/lock signal)

#1 is easy. However, #2 and 3 are easily disrupted. For #2, if you're on a trip, after losing your phone, you may not have another device where you have logged into Google before. In that case, it requires two-factor authentication. It can either send a txt msg to your phone (wonk wonk), or use a printed backup code. But there's a decent chance the perpetrator also has your wallet, where you kept the codes. So now you have no access to your Google account which is required to perform the wipe/lock.

For #3, the perpetrator can just go into airplane mode and the wipe/lock would never happen (I just tested lock with airplane mode on and it never took place until phone got on internet). He can leisurely read everything on your phone, including all those sensitive Google docs you've made available offline for convenience.

Sure, if you're in a neat situation where you brought your laptop to the trip (and it isn't stolen, and you have quick access to it, and there's internet...), AND the perpetrator didn't take the phone offline, then you can wipe it. But chances are it won't be that handy when it comes to it.

I'm hoping there are solutions to what I've outlined? Any Android experts?
 
Last edited:

cav

Level 2 Member
Android Device Manager is mainly useful if you lose your phone, but not so much if someone steals it.

2. You have access to your Google account on some device (to initiate the wipe/lock)
You can link a family member or friends phone number as a backup option for account recovery. Alternatively, if you can access your voicemail remotely then you should be able to get the access code that way.

3. Phone is connected to the internet (to receive the wipe/lock signal)
This is the problem with remote wipe on any type of device. The thief can easily circumvent this by enabling airplane mode, turning off the device, or putting it in a shielded bag.

You can help protect the data on your phone by changing a few settings:
  • Enable encryption
  • Use a strong PIN or password
  • Set the phone to wipe internal storage after several repeated wrong PIN entries
 

italdesign

Level 2 Member
That's really unfortunate. I access my phone about 100 separate times a day (maybe more). Having to login each time is highly annoying. I think the best design would make it easily wipable if stolen, so that we can have the convenience when it's in our hands and the security when it's gone.
 

cav

Level 2 Member
Try out the Smart Lock feature, it lets you set safe conditions where the PIN will be bypassed- such as when you are at home, or when the phone is connected to your car Bluetooth system or smartwatch.
 

MickiSue

Level 2 Member
Supporter
If you use the phone that frequently, then set the time lapse before re-entering the code to something that allows you to set it down for a few minutes without it locking.

But really, I have my iPhone set to lock at 5 minutes. It takes, maybe, all of 2 seconds to punch in my code after swiping. And I can find it, if it's taken, because Apple uses GPS, not internet, to find a product.
 

MickiSue

Level 2 Member
Supporter
Not if you have locked it, and they don't know your passcode. It's worth the few seconds a time, in order to make it easier for your phone to be safe, don't you agree?
 

Voyaging Doc

Level 2 Member
security always comes at the expense of convenience and practicality. I used to be a lot more paranoid and secure, and have gotten more lazy in the past few years. Your post has motivated me to rethink a security plan. Unfortunately, in my opinion, having a phone wipe after X # of incorrect PINs will only protect from newbie hackers/thieves. I think if the smart ones are really after your information they will exploit a vulnerability in the OS, just as the 3rd party has presumably done to gain entry on the san bernadino terrorist's iphone. Also, I carry a phone with expandable memory through a microsd slot. Someone can easily just pop out the microsd and steal the info on that. I think one of the best ways to protect your data is to have every single item encrypted when saved to the memory. Android has an option for that, but again that comes at the expense of convenience/speed/decreased battery life AND still has its vulnerabilities.
 

MickiSue

Level 2 Member
Supporter
Doc, the "third party" is the FBI. One would hope that the run of the mill phone thief does not have access to the level of knowledge and technology to break into phones that the FBI does.
 

Voyaging Doc

Level 2 Member
Last I read i thought the "third party" was an Israeli security consulting firm that probably sold the method to the FBI
 

italdesign

Level 2 Member
OK, I setup the lock screen today. And what do you know, it shows the password as it's entered (one digit at a time, a la normal keyboard entry). How convenient for the thief who might be peeping and/or being friendly. I see no way to disable the showing.
 

MickiSue

Level 2 Member
Supporter
italdesign, I know it's frustrating.

But, it may be whistling past the graveyard, I don't know.

I do what I can to protect my things, and then let it go. I'd rather play the fool about "security" than waste my precious energy and mood on constant worry about the safety of things.

Phones are replaceable. What's not is the time we have to live and enjoy life with the people we love, right?
 

italdesign

Level 2 Member
I hear you, but yes, it's frustrating when you see an obvious security hole that can't be overrided. Phones are replaceable, but the data on it if it gets in the wrong hands can be a nightmare for a long time. I'm doing my best to make sure it doesn't happen.
 

JSU

New Member
It seems like in the end it comes down to how much security you need and then weigh it against the added inconveniences. If the data on the phone is important enough that you can't have anyone looking at it other than yourself, set a pin or password that is long enough to not easily be brute forced + enable encryption on the phone like a previous poster suggested. Unfortunately, security and convenience doesn't really work together well just because of the way phones are designed.
 
Top