A lost phone is not always really lost
When is a phone really lost? You may be surprised to know that some simple steps can help you recover your phone, and more importantly, protect you and your data.
- Ram Iyer
- 7 min read
Table of contents
In the previous article, we looked at some practical steps to prevent the loss of what is not always apparent. The article prepared you—at the basic level—for when you lose your phone. But then, is a lost phone really “lost”?
This article takes you to the next step of security, also increasing the likelihood of tracking and finding the phone.
Make your device findable
This is only partially effective. I alluded to this partial effectiveness in my last post because some thieves are smart. A cousin lost his phone a couple of years ago, and even though he could track it, he could not get it back. Regardless, this is worth a shot.
Apple users mostly have their Find My activated by default. Your iPhone should have an app called Find My. Open it and ensure that your phone is listed on it. More instructions here: Locate a device in Find My on iPhone. I haven’t used an Android as a daily driver in a long time; I am not sure if Androids have Find My Device active by default. In any case, have a look here and ensure Find My Device is enabled.
Do not go looking for your phone based on the information the Find My network gives you. You don’t know where or to whom it will lead you. For your safety, always go to the police.
There may be privacy concerns around this feature, though, and it may be incompatible with a tiny minority of threat models. If you don’t know what a threat model is, chances are, keeping Find My enabled is the right choice in your case. Keep it enabled until you understand what a threat model is and create yours, and then see if Find My Device is indeed incompatible with your threat model.
Enable Anti-Theft Protection
Anti-theft protection prevents a thief from disassociating your phone from your account. Some thieves cut off your access to even your account, using your phone, which is a much more undesirable (and possibly dangerous) situation, and you must prevent it at all costs. Their intent may be to merely prevent you from tracking the phone, but for you, that is a much bigger loss because then, your online data is also at their mercy. Follow these guides to enable anti-theft protection on your iPhone or Android.
Enable two-factor authentication
On the account you log in to your phone with (your iCloud account in the case of an iPhone and your Google account in the case of Android), enable two-factor authentication. Follow these guides for Apple and Google accounts. Try not to set SMS as the second factor because someone can always read messages. SMSes are unencrypted, and therefore, insecure. Also remember, thieves can always pop the SIM out of your phone and into another (unlocked) phone.
e-SIMs are resistant to this popping out and in, but still, SMSes are best avoided because SIM swapping is not the only way to work with SIMs.
Enable PIN code on SIM card
PIN is like a security code on your SIM card. When someone removes your SIM and inserts it into another phone, or so much as restarts your phone, they won’t be able to use the SIM until they key in the PIN. PIN codes are four digits by default, but you can set it to be 8 digits long, thereby increasing the number of permutations and reducing the probability of brute force. Yes, the thief may only have ten shots at unlocking, but are the odds stacked in favour of you in case of 10 in 10,000 or in case of 10 in 100,000,000? You are making the thief 10,000 times less likely to unlock your SIM by using 8 digits instead of the default 4.
Even if you would like to stick to 4 digits, go change the PIN any way. Thieves not particularly looking to use your SIM will discard the SIM the moment they see that it needs a PIN (and that ‘0000’ and ‘1234’—the defaults—don’t work).
Setting a PIN is critical, so you can call up your service provider and block your SIM immediately upon realizing that your phone has been stolen. Remember, you are not blocking your number, only so that the thief is unable to use it for criminal acts, but also for your own security—so that your bank OTPs and other such secrets are not received on your phone while the thief has it.
Force passcode/password when out and about
Archana makes a good point about identifying which devices go out of her house. Along similar lines, when I am making an overnight journey (during which I obviously sleep) or I anticipate travel aboard a crowded means of transport, or in general if I am in a not-so-safe environment, I set my phone to “require passcode”, so that no one can use my biometric credentials to unlock my phone when I am unaware or unsuspecting.
Here is how to enable “require passcode” on your iPhone and “lockdown” on your Android. If you use an iPhone, also ensure Attention for FaceID is enabled—it is enabled by default, but there is no harm in checking.
Disable access to Control Centre when locked
Control Centre (iOS) or Quick Control Panel (Android) are those drawers from where several features of your phone can be controlled, which includes network connectivity. This panel should not be accessible when your phone is locked. When someone steals your phone, they turn off network access first so that you cannot remotely lock your phone. Apart from making your device findable, you should also lock the control centre/quick control panel of your phone. This is just a toggle on iOS. On a Pixel phone that I have used, turning off the network connection was not possible when the phone was locked; it asked for the phone to be unlocked first, which is a great default behaviour.
A note on why IMEI is important
The post asks you to keep the phone carton safe at home, or have the IMEI number of the phone written down somewhere. This is because if your phone’s SIM is changed, the phone can no longer be tracked using your phone number. In the absence of “Find My”, the IMEI is critical to tracking your phone. In any case, the government setup for phone tracking is designed with IMEI in mind, as it is the most reliable and universal way to track a phone.
A note on Find My Device
On iPhones and many Androids (“many” because Androids are like the bazaar unlike Apple’s walled garden, which means, anybody can make Android-compatible devices and there are several “flavours” of Android, and so, one Android phone may not have the same capabilities as another Android device) broadcast their presence either using Bluetooth, Wi-Fi or any other medium that can communicate with devices nearby.
These devices form part of a crowdsourcing network run by Google and Apple for their respective platforms. Using this network, devices can communicate their location (and other metadata) to the other devices on the crowdsourced network of all enrolled devices. Of course, this doesn’t mean your mum can see where you are by default just because Sharma Aunty’s phone found your phone nearby and notified your mum; Sharma Aunty’s phone doesn’t know whose phone it is sensing. But you can find your phone using Sharma Aunty’s phone.
But that is not all
These steps will help you with protecting the data on your phone and increase the chances of you recovering your phone. Although, what about the other critical point that she stresses on, about not having your phone as a single point of failure?