Become a Patron of Ask Leo! and go ad-free!
Transcript
Are you ready to lose your phone? One of the things that I’ve been asked about recently is mobile phone security. If you have a smartphone, a mobile phone of some sort, chances are there’s a fair amount of information on it.
Now, the first thing a lot of people are concerned about is hacking and malware and those kinds of things. Even just recently, there’s been another vulnerability disclosed about how phones can be hacked in some interesting ways.
You know what? That’s probably not the biggest threat. The biggest threat is something way more subtle yet way more mundane, and that’s simply losing your phone. Or having it stolen from you. Physically, phones are so wonderful in that they are small, and they’re mobile, and you can take them with you wherever you want. The problem of course, is that they’re small, and they’re mobile, and they fall out of pockets, or get left behind on benches, or who knows what else?
What if that happens to you? Some stranger walks up, picks up your phone, they have your world in their hands. What can you do about that? If you have a smartphone, there are two things I want you to do and possibly a third.
So, here’s my phone. It’s currently with Verizon wireless as my mobile provider. This is a Samsung Galaxy Note 3. First thing you’ll notice is that if you turn it on (hopefully you’ll be able to see this), what you should see is not a set of icons but you’ll see instead, a number pad. The first thing I want you to do right after watching this video is, I want you to put a PIN lock on your phone.
Mine’s a simple 4-digit number. It’s meaningful to me. It will prevent someone from just wildly picking up my phone and being able to do anything with it. There are other technologies. I know that you can use a swipe pattern; you can use fingerprint identification on some phones.
I honestly don’t care what you use, but I recommend that you set something up immediately, because not only does it keep honest people honest, but it actually does end up as a frustratingly good first layer of defense against thieves and people who just somehow end up with your phone in their possession. It prevents them from accessing your world.
Now there are two interesting aspects of the PIN code – at least on my phone. One is, if you get it wrong ten times, the phone will self-destruct. And by self-destruct, I mean it will simply erase everything that’s on it, which is pretty much what you want.
Getting it wrong ten times in a row is not something you or I are going to do with our own phone. We’re going to remember our own pin codes. If somebody has gotten it wrong ten times in a row, chances are they are trying to break in.
The safe thing to do, the right thing to do is for the phone to erase everything on it, and then therefore, no longer be of interest to the hacker as anything other than a naked phone. The other thing, though, that a PIN code will do is it will prevent the data connection from being able to access any data on the phone.
Like most phones, mine has a USB connection on it, and using that USB connection, I can copy files to and from the phone without any problem. Of course, if that is the case, that means then that if anybody can hook up a USB cable to my phone after they’ve stolen it, they theoretically would be able to access whatever data I happen to have placed on that phone.
The PIN lock prevents that from working. It allows the phone to keep on charging through the USB cord if that’s what you wanted to do, but it will prevent data from being able to be accessed. That can be very important depending on the sophistication of the person who has your phone, who ends up with your phone.
So that’s the first thing I want you to do. The second thing I want you to do is, I want you to go to the Android device manager on the web. That will actually, for Android phones, allow you to set things up so that you can locate your phone if you’ve lost it.
And, in fact, you are also able to ring it (which, of course, you can do by calling it), or there is, in fact, a remote wipe option, so that rather than having to wait for a hacker to get the PIN code wrong ten times, you can just say, “You know what, I’ve lost my phone. I don’t know where it is or it’s in some place where I know it shouldn’t be. Wipe it. Just erase all of the data off of it right now. I’ll deal with it some other way.”
The Android device manager does require that, you have location services enabled on your phone, which is fine. Honestly, if you’re paranoid about that, if you’re concerned about location services on the phone somehow exposing you to some higher level of tracking or something, then you probably shouldn’t have a mobile phone to begin with, because all of that could be done by the authorities if they need to, just using the cellular network or the data network that you’re probably already using.
Enabling location services allows you to know where the phone is going to be, and in fact, it will actually allow you to allow trusted others to know where the phone is as well. So, you’ll need to enable location services on your Android phone for this to work, but it will then allow you to quickly and easily determine where the phone is and whether or not that’s something you want to be concerned about.
I know that iPhones have something similar. I’m not as well versed on the iPhone but they definitely have the same kind of thing associated with your Apple account. You can log in and find out where your phone is. One of the interesting things you can do if you’ve got an Android phone, and you’ve got it associated with your Google account, is you can just Google, “Where’s my phone?” and one of the things that will result in the search results is (if all of this is enabled) a map showing you where Google thinks your phone is.
Very convenient. It’s a great shortcut if you forget the URL for the Android device manager. Now, I talked about a third thing that I actually happen to have, but it may not be something that everybody needs. It may not be something that you all want to jump on but it is something to consider.
And that’s third-party software that gives you an additional layer of tracking and control over your phone if you happen to have lost it. Now, I happen to use a service called Prey Project and one of the things, it does much of what Android device manager allows you to do. Like the Android device manager, Prey will tell you where your device is or at least its last known location.
But you can do a few more interesting things with Prey, like send a message to the device or sound an alarm on the device or lock it, completely, or like the Android device manager, you can wipe the device. Prey also happens to work with laptops so I’ve got it set up for my laptop that I travel with all of the time. Again, in case I lose that as well.
So it’s something additional to consider. It’s probably not something for everyone. It is not a free service. There is an annual charge. It’s not terribly bad. But it is something to consider if you have multiple devices, or if you do a lot of traveling, or if you want an additional layer of control above and beyond what things like the Android device manager or the Apple equivalent have.
But, bottom line is that there is so much that we use our devices for these days, there’s so much information that’s either on the device or easily accessible through the device that it pays to have some level of security on the device. At a minimum, add a PIN code. Do it now, and then go visit the Android device manager and have a look and see what you need to do to set up that opportunity to recover your device and potentially even nuke if recovery is not going to be an option.
Let me know what you think. Here’s the URL for this article if you’re watching it anywhere but on askleo.com. Go here to the askleo.com site. Leave your comments. Let me know what kinds of things you’re doing to keep the data on your mobile devices secure. Do you use a PIN code? Do you use something else? Have you used something other than Prey for tracking or keeping track of your mobile devices? Let me know what you do.
But of course, above all things, set that PIN code. All right?
Thanks again. Talk to you again next week.
Perfect timing! I just heard on the news about these phones. I have Samsung Galaxy Note 4 and was just wondering what to do. Taking your recommendation for Prey too and installed that as well. You didn’t mention a firewall though. Not that I do any shopping or banking on my phone anyways. Nothing sensitive in fact but, it seems our phones are the most hackable and better safe than sorry? Thoughts?
One problem with location services is that they cut battery life by 2/3.
A dead phone is pretty useless.
Actually I no longer find that to be the case. While they do use more power, it’s not necessarily as severe as it once was. (YMMV of course, based on model and other apps installed). I find other applications to be the biggest offenders when it comes to battery life.
You can can check which apps use the most location requests by going to Settings -> Location
Unfortunately you can’ disable them easily unless you root.
If your mobile phone is stolen do not attempt to recover it from a thief.
A teenager from Brampton, Ontario tracked his stolen phone to London, Ontario. When he attempted to recover the phone he was shot and
killed.
Whether it be a phone or a stolen car with tracking service, the smart thing to do is let the police make the inquiry of the person(s). You just give them all the information that you have showing it’s location and hopefully you still possess your purchase receipts and/or registration documents.
Android 5.1 “Device Protection” is supposed to “fix” this issue but it’ll take a long time before it even trickles down to users.
Better late than never.
Right now I’m just using Cerberus which is good till the fact where someone pulls out the SIM card.
It can however prevent power off when the phone is locked mode and take photos if someone gets the PIN wrongly.
Unfortunately it is kind of useless once it can’t obtain a data connection but that’s all i can have now with what’s available.
Apple somehow has done it fairly well by tagging the IMEI to your apple account and preventing someone else from using it.
One other vulnerability is the MicroSD card which most non-iPhones have. They can simply be removed from the phone and placed in a card reader. So if your phone’s storage has the space for it, keep any sensitive information on that and not the MicroSD.
Some phones, I believe, have the ability to encrypt storage as well.
@Mark Jacobs Good point about the Micro-SD! Just checked my storage and I have 14gb available storage space on my card but only 430mb on my phone. But I don’t know how to find out which data is on the Micro-SD and which is on the phone?
You might try this: Connect your phone to a USB port on your PC. The device should show up in Windows Explorer, and you will be able to examine its file contents just like you can for any other drive or folder on your PC.
If I put a PW on my phone and there is an emergency…say I am found passed out on the floor…no one else could use my phone to call for help. Sometimes it is a child at home who could call for you so they would not have their own phone. Wondering your thoughts on this.
My phone lets you dial 911 even when it’s locked. I believe most, if not all, phones have that feature. I think that feature is required by law in the US and most other countries.
Denise,
My Galaxy S5 on T-Mobile has an Emergency Call icon on the lock screen. If you press on it and swipe you get the phone dial pad and can make a phone call. I think most manufacturers and mobile providers have this feature.
Phone can make emergency calls even when locked. Mine, for example, can do this. It might even be a requirement.
On a similar note to this article, Leo, can you talk about ways to cloud backup your phone data? For example, I use Titanium Backup, to backup to my SD Card. It’s great if I crash the phone or Dunk it in water. But if it’s lost, I would only have since the last time I off-loaded that data. I’m assuming you’d use something like Dropbox. But what options are out there? and are there things that don’t tend to get backed up automatically? This would make a great topic if you ever run out of ideas for the newsletter. Thanks!
Thank you for the video Leo. I am going to forward this (As well as the other content which I have been subscribed to) to my Children.
Excellent article !! I have Norton360 on my PC & Laptop and as a bonus, I loaded their Norton Mobile to my Android that has a number of things I can do if my phone is lost, stolen, etc.
Another free and paid version app is LOOKOUT. You need the paid version to wipe your phone but the siren mode allowed me to find my phone when calling the phone didn’t
Well, I visited the Android Device Manager link and followed the instructions, which was very easy. BUT the trouble would be FINDING the Android Device Manager page when you needed it in a hurry – because I cannot find a link to it on my Google Account page! I have however found a link to it on my Google Play account, in a drop down box under the settings cog. But Google says one account where you can Control, protect and secure your account, all in one place, which does not appear to be correct?
Excellent article Leo. This kind of information is invaluable for people to have available. A lot of phone owners aren’t computer literate and the video was perfect for them as well as others who may not have thought about losing their phone. Keep up the good work!
I can’t lose one and the other can be pinged…
because I’m all landline.
On the other hand, I can possibly misplace my WALKMAN, if it’s turned off and the built in speakers aren’t playing. Normally it stays in my bike basket though when I’m out.
“Elmer Luddite”
I have a Motorola G (2nd generation), XT 1064, and by googling I have found reset instructions that will override the PIN and then delete it. Hold the Power button down for 7-10 seconds. The phone will reboot to a non-secured screen, and from there you can set a new PIN or reuse the old one or even stop using a PIN (gasp). This method worked for me last night, and NO files, photos, apps, etc. were deleted. A good way to avoid the pain of a factory reset, either internal or external.
That’s not very secure. If a thief knows that it’s as good as having no PIN at all.
Precisely. I’ll have to look into other options.
Good stuff. Mapped it to our iPhones and all is similar. Will investigate ‘Pray’ (Prey?) for applicability.
Was wondering, Leo, why a Galaxy? Requirements? Something you need/want it does better than others? Me, I don’t care one way or tuther, they have the basics so I go with less $. But am assuming you selected a Galaxy for a good reason, even if it was $.
It’s the Note 3, so it’s a slightly larger screen. Quite happy with it actually – I use it for a lot of different things.
curiously wondering why these small things are so popular;
and what folks are putting on them – other than e-addresses & ‘phone #s
which would be stolen.
Why would anyone purchase anything on-line –
without looking at the object, how can one consider the quality?
Why would anyone bank on-line –
Why would anyone pay bills on-line –
especially now with the ability to pay by ‘phone.
Just call me old-fashioned & security conscious,
Pay-by-phone isn’t everywhere. The short answer to your question is: because once set up online access is so EASY. I don’t have to drive to the bank, or the shopping center or the book store. I think of something and if I want it *boom* I’ve ordered it, or paid it or whatever. Yes, sometimes you do want to look at something in person, but that’s not true for everything. For me at least most of what I purchase online is stuff I already know about and know that I want, so don’t need the extra hassle of going somewhere, dealing with pushy salespeople, parking, traffic, whatnot. Sometimes, absolutely, I need to see it and I do deal with all that, but it’s such an amazing timesaver when I don’t.
Not only what Leo says but the phone service in so many cases has gotten terrible. Yes you can pay bills, get account info etc. but if you want to actually talk to a person (which is the only reason I call nowadays) it can take a lot of time and searching through the options they offer. I have found sometimes that if you say agent or representative even if that is not a option offered by the recording it will respond properly. But given the option I will do most of the stuff online as it is so much easier.
Some great advice, thanks Leo, but if you’ve ever had a child get hold of your phone and try to make it work…. 10 attempts at the pin code is not a lot, ha! I thought if this happened you needed an extra code to get access to the phone (PUK code?), rather than having it wipe clean.
Great article and will definitely follow some if not all of your recommendations. I do have a question, though. I live most of the year in Costa Rica, and my sim card has a PIN. The PIN needs to be entered every time the phone powers up from “off”. Whether I turn it off myself or it turns itself off when it completely runs out of battery. Will setting up a separate PIN complicate things in any way?
Don’t know – it really depends on the phone. My guess is not, but …
I use an unlock pattern, with a backup pin, on my Galaxy Note 2. But I had never heard of the Android Device Manager, so thanks for that! It shows a blue dot at my house, “accurate to 25 meters” – too cool!! On my old computer, I had Lowjack for Laptops. Right now I have nothing like that on my new laptop. I will have to look into Prey, so thanks for that, too :)
Great article! Is there any feature/app in android that prevents power off from the lock screen? I recently lost my handset and when I tried to connect to my phone (app. 1 hour after the incident) it was not connecting, the snatcher had powered off the handset soon after snatching it.
If one existed, it wouldn’t help much, as a thief could easily take out the battery.
All good info, Leo. If one gets access to your phone, they may also have access to cloud info which may be more extensive than the info on your phone! I really appreciate your work. Your continued efforts are indispensable to many of us…
I have overheard other people actually type their own PIN code wrong enough and erase their own phone.
My point:
Step 4: back up the data on your phone. Here’s one way.
https://askleo.com/back-smartphone-photos-using-dropbox/
Correction: people talking about past experiences.
I never to cease my amazement at our children and the total naive approach to security they have. Makes me even more paranoid about security. There was an article in the Washington Post – “For sale: Systems that can secretly track where
cellphone users go around the globe” that gives me nightmares!
Having working in the telecommunications industry for 46 years. Including more than one cellular/pcs system implementation/buildouts. The Washington Post article absolutely can happen. My sister-in-law uses facebook extensively from her iPad & Android phone. I’m sure it’s with only minimal security because my husband has been seeing e-mails supposedly set from Rhonda – I point him to the “real” address and none are not from who he thinks they are and most are foreign countries.
The article mentions that a PIN protects against unauthorized access to the files. That is true for the files on the internal flash memory. Micro SD cards can simply be removed and read on a computer with an adapter.
It’s unclear (to me) whether or not system encryption in mobile phone applies to, or could apply to, removable SD cards.