 This is a second post from guest blogger Amy Stewart, Manager of Social Media Strategy for Intouch Solutions & author of great Kansas City-focused blog at beyondtheplazalights.com. Amy also tweets at @amylynnstewart, so be sure to check out her blog & twitter account. Thanks to Amy for sharing her great story! |
Yesterday, I told the story of how Google+ aided my detective work that led to the recovery of my lost/stolen cell phone. Today, I’ll discuss the major security flaws I uncovered about Android phones and Sprint service in the process.
Long story short
To catch you up, I reported my cell phone lost to Sprint, ordered and re-activated a new one, yet my lost/stolen phone was still connected to my accounts as evidenced by the photos Yellow Cab Driver #957 was taking that were automatically uploading to my Google+ account. Here’s another photo that I didn’t include yesterday. . .
Sprint says they fixed the problem
The first question I had was “Why were all of my accounts still connected to my lost/stolen phone even after I had activated my new one?” That’s a question that I still can’t figure out. I called Sprint about the situation on Friday, August 5 when I realized that several photos had been uploaded that weren’t mine and I didn’t get a straight answer.
On the call, the Sprint customer service rep said he deactivated service on both phones (old and new) and reactivate my new phone. He told me that would fix the problem. However, it didn’t.
The problem was bigger than I thought
Sprint deactivated the phone service, but the internet based features and apps still worked anywhere there was Wi-Fi. I even tested it when the old phone was returned and sure enough. . .the test picture I took on the “deactivated” phone uploaded to Google+ in a matter of seconds.
Fortunately, I have my phone back, but I find it very eye-opening that Sprint never actually deactivated my phone. Mr. #957 had access to:
- Multiple email accounts
- All of my contacts
- Photos of me and my friends
- My calendar
- All of my social networks
Basically, my entire life. . .for 16 days.
The solution?
Option 1: Download an Android remote wipe app on your phone. I had no idea this was possible or necessary until Sprint, my service provider, didn’t wipe my phone completely after I reported it lost.
Option 2: Buy an iPhone. Apple offers a service called MobileMe allowing users to save all of their data in one location, locate their phone, and wipe it clean if it’s lost or stolen.
Lessons Learned
- Lock your phone – Mr. #957 would have never had access to any of my information had the home screen locked.
- Download a remote wipe app on your Android – I thought my old phone would be deactivated the minute I reported it lost. I then thought it was deactivated after I called customer service and was told that it was. I would have never known any different had I not gotten my phone back. At this point, I feel this is the only way to truly protect yourself.
- If you think your cab driver stole something you left in his cab, he probably did, but there’s a better chance of him returning it if he can’t get into it in the first place. So lock your phone and download the remote wipe app!
| Thanks again, Amy, for sharing your story and suggestions! Hopefully your experiences will help someone else avoid having a thief gain access to personal information on their mobile phone.If you have a similar story about how social media helped locate something lost or suggestions on how to secure the information stored on a mobile device, we’d love to hear your experience in a comment! |
A Lesson In Losing My Sprint Android Phone: Security Is A MAJOR Cause For Concern http://t.co/OcO0zJc
Hey Sean!!! As always — enjoyed the article, but wanted to give a Shout-Out to Amy. After reading this, I immediately set a lock on my Evo — prolly should have had it all along, but I’m lazy. Now… I just need to find a remote “Wipe” ap…
Cheers,
Daron
Thanks for letting me know, Daron!! Amy will be glad to hear that her story has helped raise awareness of the issue!
Hope all is great with you!
–Sean
A Lesson In Losing My @Sprint Android Phone: Security Is A MAJOR Cause For Concern http://t.co/1fDh2y6 via @socmedsean
A Lesson In Losing My Sprint Android Phone: Security Is A MAJOR Cause For Concern via @SocMedSean http://t.co/HUDbA9B
Even locking the phone isn’t 100 percent secure. The phone can be reset, clearing the password protection. The phone is cleared of many things, but if there is a memory card in it like an SD card.. it will not clear that information. It will also not clear certain social network information.
Agreed, Misty!
Since the SD Card often contains the most sensitive data (photos, text messages, etc..) it’s a good idea to make sure that your remote wipe app can also wipe the SD Card.
Check out Plan B, which can even be installed after you have lost your phone and can wipe both the handset and the SD Card.
https://market.android.com/details?id=com.lookout.labs.planb&hl=en
–Sean