From left, the Find My Phone feature on Windows Phone, the Find My iPhone app on iOS, and Android's pattern unlock feature.
According to the San Francisco Police Department, more than 50 percent of the robberies that occurred in the city in 2012 involved the theft of a smartphone (the robberies are referred to as "Apple Picking"). That's nothing to discount, and remember that the SFPD only tracks data for crimes that were reported. The fate of your phone after it's stolen could be just about anything. A thief may keep it himself, she may sell it to a friend or an unsuspecting buyer on eBay, or it may have been stolen only for the parts. Other phones may even be smuggled out of the country where they can fetch a premium price in developing markets. For more on that market, check out this comprehensive story from Huffington Post.
That's why if you own a smartphone and bravely brandish it on the street or the train, it's essential that you take every step necessary to protect your data from thieves, and to track and manage your smartphone once it's gone. In this feature, I've described the essential security features available for each smartphone operating system and the major US carriers. Also, read Jessica's Dolcourt's smart tips for safe phone use in public. The wireless industry is taking some steps to confront phone theft like the creation of a national phone "blacklist," but that's as far as it's willing to go for now. Some law enforcement agencies, particularly those in San Francisco and New York state, want a "kill switch" that would essentially brick a phone, but carriers and OEMs are balking at that idea. I'll discuss both issues in more detail below.
Before I begin
First, there are a few things that you should know. In the first section, I've divided each operating system into two parts: the basic security features which come on the smartphones for preventing data theft that use an OS, and the more sophisticated app-based services available for tracking and wiping a device. Note also, I purposely did not include any third-party security apps. Though such titles exist, and many will do the job quite well, my intent is to focus on the default solutions that are either already on a handset, or officially endorsed by an OS provider.
Also, keep in mind that no security feature is completely foolproof. A sophisticated thief with the right equipment may be able to bypass any security measure. What's more, there's always the chance that a thief is stealing your phone just for parts, and has no intention of reusing it. In that case, a password isn't going to stop him from just taking it apart.
iOS
Preventing data theft and casual hacking
Lock codeYou can use either a 4-digit number (a "simple passcode") or a longer "complex passcode" of case-sensitive letters, numbers, spaces, and characters. And if you prefer, you can activate a feature where entering a passcode incorrectly 10 times will wipe the phone. The iPhone 5S has the same passcode features, with an added Touch ID fingerprint scanner.
Lock screen features
This is important. iOS can give you access to some features without entering your lock code. Though sensitive personal information is not accessible, you can use some functions of Siri, such as placing a voice call or sending a text message, as well as reply to a missed call with a canned text message. Though you might find those shortcuts convenient, your handset will be more secure if you turn them off. Go to Settings > General > Passcode Lock.
Similarly, you'll also need to turn off access to the Control Center and the Notification Center from your lock screen. To get there, go to Settings > Control Center, and Settings > Notification Center.
Tracking and wiping your phone
Find My iPhoneThis feature enables you to track, manage, and secure your phone once it's missing. To use it, you'll first need an iCloud account, though you do not need to sync any of your data, like e-mail and contacts, to the cloud. After you're set up, then go to the iCloud page of your iPhone's Settings and slide the Find My iPhone toggle to on.
After you sign into your iCloud account, click on the Find My iPhone option.
After locating your phone and clicking on the icon, you can do a number of things. The first is to make the phone make play a sound at full volume for two minutes (even if it's in silent mode). As this step is more useful if you just happen to lose your phone in your sofa cushions, I'd advise not using it if you're certain that your handset is stolen. It just won't do a lot of good except annoy a thief. You also can erase your handset completely, but this step is rather premature. Instead, first try activating Lost Mode as soon as you as you can. Not only does it give you more options for controlling your phone, it also adds a stricter level of security.
The online interface for Find My iPhone.
Lost Mode does a couple of things, the first of which is give you more features for controlling your device. To begin, if you haven't yet secured your device with a passcode (and, really, there's no reason why you shouldn't), you'll be able to select a four-digit simple passcode and lock the screen remotely. At the very least, that will prevent all but the most sophisticated thieves from accessing your personal information. Remember, though, that to make your phone as secure as possible, you should have already deactivated lock screen access to the features I mentioned previously.
The next step is to send a custom message to your handset's lock screen that can't be erased. You can write whatever you want, from your name or phone number, to a plea to contact you, to a more colorful message telling thieves what you really think of them. The latter, however, probably isn't the wisest course of action.
Lost Mode also lets you see a history of your phone's location over the last 24 hours with points displayed as pins on the aforementioned map. Finally, if all hope is gone, you can erase your device completely. Once you erase it, you'll lose the ability to track it further, but your lock code and onscreen message will remain.
Comparing Security features by OS
| Feature | iOS | Android | Windows Phone |
|---|---|---|---|
| Mobile app | Yes | No | No |
| Device Tracking | Yes | Yes | Yes |
| Remote wipe | Yes | Yes | Yes |
| Remote screen lock | Yes | Yes | Yes |
| Play a sound | Yes | Yes | Yes |
| Onscreen message | Yes | No | Yes |
| Prevent new activations | Yes | No | No |
| Lock code choices | 4-digit PIN or password | 4 to 17-digit PIN, password, pattern, or face unlock | 4 to 16-digit PIN only |
| Features accessible from lock screen | Siri (including placing a call, or sending a text), Notification and Control centers | Missed calls & text messages | None |
Lost Mode also plays a role in Activation Lock, which is a few feature added in iOS 7. Built after Apple users rightfully complained that Find My iPhone wasn't comprehensive enough, Activation Lock tries to close the loop by preventing a thief from reusing your device after you've accepted that it's gone for good.
Running in the background from the moment you turn on Find My iPhone, Activation Lock pairs your Apple ID and password with the serial number of your handset in Apple's servers. Your ID and password are then required before anyone can turn off Find My iPhone on your handset, attempt to erase any data (that's assuming they aren't stopped by your password), reactivate your phone under a different account, or claim a new phone under your warranty. Activation Lock also remains in place if a thief tries to swap out your SIM card. If you happen to get your phone back and can't remember your password, you can retrieve it by calling Apple support and properly identifying yourself.
Now, the fine print
Don't forget that Find My iPhone only works as long as your device is online through your carrier's cellular network or Wi-Fi. If a thief turns off your phone or manages to activate Airplane Mode, you won't be able to track it. You can send commands to erase the phone, lock it, and add an onscreen message, but those commands won't be carried out until the phone reconnects. There may be a short gap between when a phone comes back online and when your request to erase it comes through, but setting a passcode ahead of time will keep a thief from accessing anything during that period.
The bottom line
Between Find My iPhone and Activation Lock, iOS has the most comprehensive solutions for protecting your phone (iPhones also are the most popular smartphone targets for thieves). As a result, though, you need to spend more time getting everything set up and running. And with so many features accessible from the lock screen at default, there's more responsibility on the user to lock down the phone as tightly as possible.
Android
Preventing data theft and casual hacking
Lock codeYou can secure your handset with either a numerical PIN of four to 17 digits, a password of case-sensitive letters, numbers, and characters (but no spaces), or a pattern. If you use the latter, though, remember that a thief may be able to see your unlock pattern by following the finger smudges on your display. That's another reason why it's a good idea to wipe your handset's screen often. Android phones that run Jelly Bean and above also have the face unlock feature. That feature can be a kick, but it's definitely the less secure option. Beyond a lock code, the new HTC One Max has a fingerprint scanner. Lock screen features
Like with iOS, Android will let you access some features from the lock screen. The list here is smaller -- just your missed calls and a preview of any missed texts -- but you must disable access by accessing the Security page of the Settings menu.
Tracking and wiping your phone
Android Device ManagerSimilar to Find My iPhone, Android Device Manager lets you control access to your phone if it's stolen. Activate the feature by going to the Google Settings menu and choosing Android Device Manager option. Then, check the boxes for remotely locating, locking, and resetting your phone.
Locate your phone with Android Device Manager
Setting up Android's Face Unlock feature
Now, the fine print
Like with iOS, you won't be able to track a device that is powered down or offline. If you send any commands to the phone during that period, though, they also will be carried out when the handset reconnects. You will not be able to track a device after you wipe it, but you will be able to track it if the thief swaps out the SIM card. Also important: you can't wipe microSD cards remotely, only the phone's internal memory. So be careful what you store on a memory card.
The bottom line
Android delivers the essential protection features in an attractive, easy-to-use interface and it runs circles around its rivals with lock code options (big points for the ability to use spaces). On the other hand, the ability to add an onscreen message and a mobile app would make Android Device Manager even more useful. Also, Google needs a service comparable to Apple's Activation Lock.
Windows Phone
Preventing data theft and casual hacking
Lock codeThough you can lock your phone only with a four to 16-digit PIN, Exchange users can add a separate code to access their e-mail. Windows Phone does not make features accessible from the lock screen.
Tracking and wiping your phone
Find My PhoneAs this feature is active from the moment you start using your handset, there's no separate set up process. Yet, you can choose to save your handset's location periodically on Microsoft's servers under the Find My Phone option in the Settings menu. Doing so will make it easier to find your device and track its movements. If your device is stolen, sign into WindowsPhone.com using your Microsoft ID, select your handset from the drop-down menu at the top right of the page, and choose the "Find My Phone" app. Microsoft does not offer a companion Find My Phone mobile app.
Find My Phone has a plainer interface, but it's just as useful.
Now, the fine print
Here again, you won't be able to track a device that that's off or not connected to the network. But, if you send any commands to the phone during that period, they will be carried out when the handset reconnects. Also, if you can't find your device right away, Microsoft's system will keep trying to locate it, which saves you from constantly refreshing the page. And if you wish, Microsoft will send you an e-mail when it pinpoints your device's location. Like with iOS and Android, you won't be able to track a device after you wipe it, but you will be able to track it if the thief swaps out the SIM card.
Find My Phone will send you an e-mail like this when it locates your device.
There's no set-up process and Windows Phone deserves praise for offering features that Android lacks (an onscreen message and the automated e-mails). Yet Microsoft needs to give customers a mobile app for Find My Phone and its own version of Activation Lock.
Carriers
All US carriers will suspend service to your phone once you report it as lost or stolen. When you make the report, the unique number that identifies your phone to the carrier (called an IMEI on a GSM phone, and an ESN on a CDMA phone) will be entered in a "blacklist." As a result, the network will reject service (calls and data) to any device if its IMEI or ESN is on the list (it would be able to access Wi-Fi, though). Also, since the IMEI on a GSM phones is independent from the SIM card, swapping the SIM for the same carrier would not make a difference. It's a different story if your handset is unlocked, but I'll get to that later.Sprint, AT&T, and T-Mobile have partnered with third-party developers like Lookout Mobile Security and Assurion to either load tracking and protection apps directly on the handset, or to make them available for download. The apps are similar to Android Device Manager and Find My iPhone, though you'll need to purchase monthly insurance programs to use them.
Verizon Wireless does things bit differently by offering its own branded app for controlling a handset once it's gone. Like with Big Red's carrier rivals, you'll need to subscribe to Verizon's Total Mobile Protection insurance program ($10 per month).
Verizon's security app has far more features for Android users.
U.S. Cellular has its own app which is part of the carrier's Mobile Data Security Plan ($2.99 per month). Features include remote locate, wipe, and lock, and it's compatible with a long list of devices. MetroPCS's MetroGuard app is comparable, but costs $1 per month.
A national blacklist
As mentioned, individual carrier blacklists only go so far. If a thief unlocks an AT&T phone (or the handset is unlocked to begin with), for example, the IMEI of that device wouldn't be on record with T-Mobile. The CTIA, the wireless industry's lobbying group in Washington, D.C., worked with carriers to set up a nationwide blacklist that went into effect in October 2012, but it was limited to phones that used 3G networks (both CDMA and GSM). Granted, a thief probably won't bother stealing a non-3G phone, but you can't argue that the list was fully comprehensive.
Jamie Hastings
A more pressing issue, however, is that a US-centric list does nothing to stop phones from being reactivated in other countries. Or as New York Attorney General Eric Schneiderman put it, "This is an international problem that demands an international solution."
The CTIA says that it supports an international list, but it stopped short of recommending a detailed plan for getting there. "We also need more countries and carriers to participate in the database so that when criminals try to sell them internationally, the stolen devices would be blacklisted and would not reactivate," said Jamie Hastings, the CTIA's vice president for external and state affairs, in a statement to CNET.
Is a Kill Switch the answer?
The CTIA is not, however, signing on to the idea of a "kill switch" that some law enforcement officials support. Though San Francisco District Attorney George Gascón has not advocated for a specific technology or solution, he wants carriers to use a kill switch to remotely deactivate all features of a phone (possibly via a text message) and render it completely useless."The solutions we're demanding will eliminate the value of stolen devices on the secondary market," Gascón said in a statement to CNET. "We commonly refer to this technology as a kill switch, since it 'bricks' the central features of the phone, making its value equivalent to that of a paper weight. We know this technology exists."
Essentially, that's pretty much what Apple's Activation Lock already does. But Gascón wants carriers and manufacturers to put it on all phones and be more vocal about encouraging customers to use it.
"The only way thieves will stop robbing people for their devices is if they know there's no payoff," he said. "That's going to require a comprehensive deterrent that renders stolen devices useless."
George Gascon
"Where mobile devices are permanently disabled by malicious use of a 'kill switch,' the safety of subscribers may be jeopardized as they will be unable to make emergency calls," the paper said. "Even if technically feasible to develop, a permanent kill switch has very serious risks."
Those are valid risks, but they may not be the whole story. In a CBS News story posted this morning, Gascón said that a kill switch would eat into the revenue that carriers make from customer insurance plans. Also today, the New York Times reported that carriers prevented Samsung from installing kill switch-like technology in its smartphones.
As an alternative, the CTIA would support the Mobile Device Theft Deterrence Act of 2013 (S.1070). Introduced by Sen. Charles Schumer (D-NY), the legislation would impose a five-year criminal penalty for tampering with the IMEI or ESN of a cell phone. Changing the IMEI or ESN, which would a allow a stolen phone to be reused, is a loophole that skilled thieves have begun to exploit.
"We strongly support and need Sen. Schumer's legislation to pass that would impose tough penalties on those who steal devices or modify them illegally since it would help dry up the market for those who traffic in stolen devices," said CTIA's Hastings. As of last May, though, the bill is still in the House Judiciary Committee and has not come up for a vote.
No comments:
Post a Comment