Mobile phones are amazing devices. They're much more than just having your email or social media at your fingertips; they're truly portable general-purpose computers that also happen to be able to make phone calls.
We do a lot with our phones. Because they're always with us, they're one of our primary means of content consumption -- everything from social media to news to maps to ebooks and more -- as well as our primary means of communication (though ironically, rarely by actually using the telephone) and one of our primary content-creation devices as well, in the form of photos and videos.
As tiny computers, we've come to rely on them to store data, act as security keys, wallets, fitness trackers, automotive trackers, and dozens of things I can't even think of right now.
Given everything we use our phones for, to say that we shouldn't lose them is stating the obvious. And yet lose them we do. I'm going to review some of the things you need to be aware of when (not if) you lose your phone, and some of the ways you can mitigate the damage when it happens.
Become a Patron of Ask Leo! and go ad-free!
- You lose access to data on the phone.
- You lose control of data that can be accessed by the phone.
- You risk losing access to any account that can be accessed by the phone.
- You risk losing access to your accounts via other means.
- You risk someone being able to impersonate you.
- Back up all data on your phone.
- Set a PIN
- Use a tracking service, ideally with remote-wipe.
- Have backup mechanisms in place for two-factor authentication.
- Contact your carrier immediately.
If it's in only one place
The first thing most people think of when they lose their phone is the collection of photographs and videos they keep on it. Most commonly, these are images they've taken using the device and haven't bothered to copy anywhere else.
In other words, they're not backed up. They exist only on the phone. When the phone is lost or stolen, so are all the photos.
While a few items might have been shared either directly or via social media or other means, you can't count on it. You also can't count on those that were shared having been saved, or having been shared in original quality.
Remember, of all the other data you keep, particularly on your phone, photos and videos are the only ones that cannot be re-created.
If it's on your phone, it's in their hands
If your phone is stolen, the data on it is now in someone else's hands. All of the data stored on your phone: your emails, contacts, texts, chats, documents, photos and videos, and everything else.
And yes, it's sometime difficult to know what's on the phone and what's online in "the cloud". As a result, you must assume it's all been handed to the person now holding your phone. Besides, as we'll see shortly, the distinction between what's on your phone and what's online may well be irrelevant.
If your phone is your key
Security experts and not-so-experts strongly recommend two-factor authentication as a means of securing your online accounts. Without a doubt, for maximum security you should avail yourself of this option if it's available for any account you consider important.
Phones are common and convenient two-factor authentication devices. Be it via code-generating apps that run on the phone, to codes in text messages that you receive when logging on elsewhere, your ability to provide those codes on demand "proves" you have the phone -- the second factor -- in your possession. Thus, you must be who you claim to be.
When a phone is stolen, the first thing people worry about with two-factor authentication is that the thief now has their second factor. That's typically not as huge a problem as you might think: they need both factors -- your password and the phone -- in order to sign in as you elsewhere. Typically, getting access to the phone won't gain them access to your passwords as well.
The real, larger problem is you no longer have your second factor. Unless you've prepared, you may not be able to log in to the accounts so protected.
Your phone becomes their portal
Much of the data we access using our phone is not actually stored on the phone. Using various apps and interfaces, our phone is a portable gateway to our online world. Email is the most obvious, but cloud-storage services, note-taking apps, music players and more all work primarily by fetching your information from your accounts online.
Once a thief has access to your phone, they have access to this portal. They can -- and often do -- proceed to immediately change your email password so as to take control of that account, and at the same time remove their need for your phone to continue; they can access your email anywhere now. Since your email is also often your backup/recovery account for other online services, just getting access to that opens a second portal for the thief to then wrest control of those accounts as well.
They might become you
Stealing your mobile device is one of the best ways hackers and thieves begin to impersonate you, possibly even leading to outright identity theft. Not only by stealing your accounts, as I've discussed above, but by literally impersonating you. Calls they make, or perhaps more realistically, text messages they send, appear to have come from you. They can use that ability to fool everyone from online services and banks to your friends and family.
So, what to do?
Now that I've laid out the great risk we embrace by relying so heavily on these portable and easily lost or stolen devices, what should we do?
Certainly returning to luddite ways and abandoning the technology is not an option. Oh, I know it will be for some people, but it's their loss.
And there's no need. There are several simple steps you can take to protect yourself.
Back up your phone
Particularly when it comes to photos and videos, there's simply no excuse. Most cloud storage apps like Dropbox, OneDrive, and others offer to automatically upload the photos and videos you take. Depending on your choice, they can upload immediately regardless of where you are as long as you have an internet connection, or they can upload the next time you're connected to Wi-Fi, so as to save on your mobile data plan.
If you do nothing else, back up your photos.
When it comes to the rest of the information on your phone, solutions vary. By virtue of being linked to an online account, for example, email and contacts are often automatically backed up. Many mobile providers automatically track which apps you have installed and reinstall them if you move to a replacement phone.
The data stored by the various apps you have installed, however, is a wild card. For each app with which you have a significant investment of data, make sure you understand where that data is stored and what happens if your device disappears. If additional backups are called for, look to the app developer for guidance.
Set a PIN
One very simple step to protecting the information on your phone is to set an unlock code or PIN, and make sure your phone automatically locks after some amount of time.
In order to access the device, the correct PIN must be entered. Without it, accessing what's on your phone becomes difficult, if not impossible.
Also, consider configuring your phone such that if the wrong PIN is entered too many times -- say ten times -- then the phone automatically wipes all data.
A PIN isn't perfect -- it's sometimes easy to guess or "shoulder surf" (watch someone enter their pin) -- but it's an excellent first level of defense when it comes to protecting the information on and accessible by your mobile device.
Consider a tracking service
You may or may not need an additional tracking service for your phone -- you may already have one, courtesy of your platform (iPhone or Android) or your mobile carrier. In my opinion, it's important that such a service have the following features:
- The ability to locate your phone using its GPS.
- The ability to remotely lock and/or wipe your phone of all data.
- The ability to display a message on the phone's screen.
Remote wipe is critical, in my opinion, as it's the only way to protect yourself should a thief gain access to your device.
Personally, in addition to the facilities made available via Android and my carrier, I use Prey to protect my phone, my wife's phone, and the laptop with which I travel most.
Set up two-factor properly
It's not enough to set up two-factor authentication. Whenever possible, you need to set up a recovery mechanism.
Most services that use two-factor have alternate approaches available when your second factor, such as your phone, isn't available. They're often more cumbersome and time consuming, but they're infinitely preferable to not being able to access your account at all. Some of the recovery mechanisms include:
- Additional second factors, such as additional devices or text-message numbers to which a code can be sent.
- One-time passwords. These are created and saved somewhere safe. Should you not be able to log in using your second factor, you can use a one-time password instead. As the name implies, each can be used exactly once. If you run out of these passwords, you return to the service to generate more. The critical thing to realize is that you need to create one-time passwords before you need them, and keep them in a safe place.
- Recovery email address(es). Again, these must be set up beforehand, but they act as a type of second factor: prove you can access this pre-defined account, and you must be who you say you are.
Regardless, make absolutely certain that if you lose your two-factor device, you have an alternate way in.
Contact your mobile provider as soon as possible
Finally, if your phone has been lost or stolen, contact your mobile provider as quickly as possible. There are two reasons you don't want to waste time on this:
- They can disable the phone, preventing it from accessing the mobile network (though the phone will likely still be able to access the internet via a Wi-Fi connection).
- They will be aware of all the security options -- from remote wipe to simply locating the phone -- that may be preinstalled, and be able to help you make the wisest decisions about what steps you need to take.
Given how much we use them and what we use them for, losing your mobile device is no small matter. It pays to prepare beforehand and act quickly when disaster strikes.
Do this
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!
I have 3 backup email addresses set up as recovery email for all of my important accounts in case I lose my phone or travel to a place I can’t use my phone. Having a GSM (SIM card) phone, I can receive a text in most countries I travel to. All of my email accounts have all of my other email accounts as recovery accounts. The only data I’m interested on my phone are photos and videos. Those are automatically synced to Dropbox and OneDrive (dual backup). All other data are already stored on the cloud.
Leo,
Even if you have no data of any importance on the phone, the badies that steal phone’s often use your internet to do bad things often to other people using your phone number. So your advice to immediately contact your phone provider and have the account cancel is very important.
Not that I think that there’s much money for the badies in selling stolen phones, but if you contact your provider and give them the IMEI number of the phone (dial *#06# to find what it is) , they can make it so the phone can no longer be used as a phone even with another SIM card. If everybody did that, there would be less incentive to steal phones.
Fortunately I’ve never had a phone stolen or lost one. But I’ve had many instances where the phone has become faulty or broken such that I could not get the information off it. That’s why I prefer a phone which has removable storage, Micro SD card. However these are double sided sword. The baddies can get information off them by simply removing it from the phone even if the phone is locked. Except if its encrypted. Which I no for Android, is the default setting. However I don’t know what happens if I put the encrypted SD card in another phone or device? I don’t want to have so much security that I have locked myself out.
Don’t see my reply, so I’ll have second crack at it…
Geoff, An encrypted SD card is – of course – NOT readable in another phone or device!
(I don’t think that encryption is the default setting for Android.
https://www.androidcentral.com/why-you-might-want-encrypt-sd-card-your-galaxy-s7
But encrypting an SD card also has a drawback — you can’t ever read the contents in another device. That means if you break your phone while the SD card was encrypted, everything on it is gone.
Also worthwile reading material is on: http://www.androidauthority.com/how-to-encrypt-android-device-326700/
Your previous comment didn’t show up because it was awaiting approval. Comments with links are now being held for approval. This is due to the large amount of spam appearing in comments. We review the comments daily so legitimate comments with links will be posted to the page within a day in most cases.
Leo, I can only say that I’m am so very glad that my cell phone is just that — A mobile telephone. I can make and receive calls no matter where I am, as long as there are cell towers within range. IT’S A PHONE! It’s not a computer! It’s not a camera! It’s not a game box! It’s not a diversionary device to cause accidents nor to keep kids and others amused.
I’ve had it for almost 25 years and it works just great. The only added piece for it is an extra battery, altho’ the original one still works just fine and lasts about a week ere it requires recharging. The newer one will last about 2 weeks but it’s only about 12 years old.
For all that, I have no qualms or complaints if I lose it or it gets stolen. The only thing anyone can get off it of any consequence at all would be a list of telephone numbers of my doctor, lawyer, family and a few friends, a total of 12 numbers. Ergo, I sleep quite well and have no trepidation at all about being excessively paranoid if something happens to THE PHONE.
Thanks for listening. About time to set up my 35mm camera for some shots of stuff to sell .
Mike Johnson
Epic… lqtm
I find your story more than a bit unbelievable. No phone manufactured 25 years ago will work on today’s cellular network. None. Zero. Zilch. Nada. It’s simply impossible and to make that claim is laughable.
I can still use my 18 year old phone in a pinch. I don’t see why an older phone would be any different. My phone is a GSM SIM card phone and I live in Europe. I don’t know if this applies to older CDMA phones which are the most common in the US.
My concern is accidentally losing the phone, more than theft. Found one in a shopping cart once, but it could also be lost in a park. At one time I edited the picture on the lock screen to include my non-cell phone number. (But I change the picture too often.) What do you think of this?
A good idea if someone honest find your phone. I’ve returned a few phone I found and had a few or out kids phones returned. I have a few of my business cards in my phone case which I assume would help if an honest person finds it. Most people are honest.
Good idea. I’ve put my wive’s e-mail-adress&mobile-number on my lock screen. And she has put mine stuff on her screen.
It’s not always necessary to edit the picture, our Android phone (v7 I think) has a setting for it.
A long-time luddite, I’ve finally given in to the smartphone. But I’m a beginner to the field. I’ve tried to set up the Find my Device Google app, in case I lose my phone. The list of conditions for it to work, according to Google support pages, is horribly long — and impossible to understand.
Find my Device works from my phone — it tells me it’s in my hand. Thank you, Google. It also locates it on Google Maps. The “wipe everything” option seems to be available and at the ready. On second thoughts, I’m not even sure it’s necessary to install Find my Device on the soon-to-be-stolen phone for it to work.
However, when I try to find my phone from my desktop PC, which is what I will need to do after having lost it, Google does identify it, but it won’t locate it on Google Maps. I can’t proceed from the “erase” link either. I can’t understand why.
I just tried “find my phone” for the first time with my four-year-old Moto G, and it worked perfectly. My PC even showed me how much charge the phone battery has!
Thanks to Leo for reminding me to look into this.
Wow. A lot to digest. I keep the photos on my phone backed up, but I don’t think I’ve done any of the other recommended things; I don’t believe I have two factor on anything. And I had never even heard of the IMEI number someone mentioned above. Well, thank you – I’m going to have to come back to this. I think the first thing I’ll look into is Prey.
Never had one, never will. It will wait until I’m home. I do like to take a small radio with me (with built in speakers) to listen with on my bike, so if the world ends at least a golden oldie preceded it.
Besides that they have baseball in the summer :)
my wife and I have Iphones linked with the same icloud p/w. She had her phone stolen in Poland. I contacted the appropriate peple and the phone was blocked immediately, and a new sim sent to my home. When I put the new sim in the new phone everything was as if she had never lost it. I retrived everything.
For those that may not be familiar, the android debug bridge feature, baked right into android, is a great way to periodically back up an android phone.
Setting up adb is admittedly a bit of a hassle. But it’s not overwhelming, a couple of google searches and faithfully following directions, and you’re good to go. Once it’s set up, you’re working directly at the OS level instead of through an app that you may find limiting or difficult to use. One adb command sends all my installed apps (APK files) and shared storage (SD card) data to my PC. Tha’t a big deal. An even bigger deal is retention of what android calls “App Data”. This means user-configured settings for all apps are maintained. That is huge. This feature was a lifesaver for me when I bought a new phone. Recreating all my email app settings alone would have taken well over an hour. With myb adb copy, every setting was retained, including third party SMPT and POP3 server names and ports, login credentials, CalDAV and WebDAV particulars for my business email, theme colours, action buttons… everything. Pretty cool.
iPhone folks do have some backup options, but they are third party and in various stages of development/abandonment. XCODE and XCRUN seem to be the leaders… but let’s just say I jumped ship after iPhone 3, and have never looked back. But that’s just me.
Edit: Your android does NOT need to be rooted to use adb for backing up.
A detailed guide is here: https://forum.xda-developers.com/galaxy-nexus/general/guide-phone-backup-unlock-root-t1420351
“If your phone is stolen, the data on it is now in someone else’s hands.”
Thank Android for its encryption.
My 50 cents… ;-)
Walk through EVERY app and make sure if it has local data, you’ll backup regurlarly.
Backing up a phone is not that difficult.
I use (over wifi):
– FTP server app on my Android device.
– FreeFileSync (FFS) on my PC. FFS supports multiple pairs of Source-to-Targets. And multiple ways to Compare, Filter and Synchronize. You even don’t have to know the phones IP-address (but than you have to know it’s “name”). For example this is one of my Sources: ftp://galaxy-j5:3721/6ACF-1315/DCIM/Camera/ (://).
– FileZilla client is handy on the PC for less-standard data-copying.
Im being accused of hacking someone’s google and gaining access to all their personal information. But ive done absolutely nothing to that phone ever. How do i prove it? Please help im losing my mind and relationship
Unfortunately, it’s impossible to prove a negative.