A Lesson In Losing My Sprint Android Phone: Security Is A MAJOR Cause For Concern

This is a second post from guest blogger Amy Stewart, Manager of Social Media Strategy for Intouch Solutions & author of great Kansas City-focused blog at beyondtheplazalights.com. Amy also tweets at @amylynnstewart, so be sure to check out her blog & twitter account. Thanks to Amy for sharing her great story!

Yesterday, I told the story of how Google+ aided my detective work that led to the recovery of my lost/stolen cell phone. Today, I’ll discuss the major security flaws I uncovered about Android phones and Sprint service in the process.

Long story short
To catch you up, I reported my cell phone lost to Sprint, ordered and re-activated a new one, yet my lost/stolen phone was still connected to my accounts as evidenced by the photos Yellow Cab Driver #957 was taking that were automatically uploading to my Google+ account. Here’s another photo that I didn’t include yesterday. . .

Sprint says they fixed the problem
The first question I had was “Why were all of my accounts still connected to my lost/stolen phone even after I had activated my new one?” That’s a question that I still can’t figure out. I called Sprint about the situation on Friday, August 5 when I realized that several photos had been uploaded that weren’t mine and I didn’t get a straight answer.

On the call, the Sprint customer service rep said he deactivated service on both phones (old and new) and reactivate my new phone. He told me that would fix the problem. However, it didn’t.

The problem was bigger than I thought
Sprint deactivated the phone service, but the internet based features and apps still worked anywhere there was Wi-Fi. I even tested it when the old phone was returned and sure enough. . .the test picture I took on the “deactivated” phone uploaded to Google+ in a matter of seconds.

Fortunately, I have my phone back, but I find it very eye-opening that Sprint never actually deactivated my phone. Mr. #957 had access to:

  • Multiple email accounts
  • All of my contacts
  • Photos of me and my friends
  • My calendar
  • All of my social networks

Basically, my entire life. . .for 16 days.

The solution?

Option 1: Download an Android remote wipe app on your phone. I had no idea this was possible or necessary until Sprint, my service provider, didn’t wipe my phone completely after I reported it lost.

Option 2: Buy an iPhone. Apple offers a service called MobileMe allowing users to save all of their data in one location, locate their phone, and wipe it clean if it’s lost or stolen.

Lessons Learned

  • Lock your phone – Mr. #957 would have never had access to any of my information had the home screen locked.
  • Download a remote wipe app on your Android – I thought my old phone would be deactivated the minute I reported it lost. I then thought it was deactivated after I called customer service and was told that it was. I would have never known any different had I not gotten my phone back. At this point, I feel this is the only way to truly protect yourself.
  • If you think your cab driver stole something you left in his cab, he probably did, but there’s a better chance of him returning it if he can’t get into it in the first place. So lock your phone and download the remote wipe app!
Thanks again, Amy, for sharing your story and suggestions! Hopefully your experiences will help someone else avoid having a thief gain access to personal information on their mobile phone.If you have a similar story about how social media helped locate something lost or suggestions on how to secure the information stored on a mobile device, we’d love to hear your experience in a comment!
  • Pingback: How Google+ Helped Me Find And Recover My Stolen Mobile Phone

  • http://twitter.com/SocMedSean/status/101858156283576320/ Sean R. Nicholson (@socmedsean) (@SocMedSean)

    A Lesson In Losing My Sprint Android Phone: Security Is A MAJOR Cause For Concern http://t.co/OcO0zJc

  • Daron Pratt

    Hey Sean!!! As always — enjoyed the article, but wanted to give a Shout-Out to Amy. After reading this, I immediately set a lock on my Evo — prolly should have had it all along, but I’m lazy. Now… I just need to find a remote “Wipe” ap… :-)

    Cheers,
    Daron

    • http://www.socmedsean.com Sean R. Nicholson

      Thanks for letting me know, Daron!! Amy will be glad to hear that her story has helped raise awareness of the issue!

      Hope all is great with you!

      –Sean

  • http://twitter.com/AmyLynnStewart/status/102034818694520832/ Amy Stewart (@AmyLynnStewart)

    A Lesson In Losing My @Sprint Android Phone: Security Is A MAJOR Cause For Concern http://t.co/1fDh2y6 via @socmedsean

  • http://twitter.com/VictorGaxiola/status/103577497827950593/ Victor Gaxiola (@victorgaxiola) (@VictorGaxiola)

    A Lesson In Losing My Sprint Android Phone: Security Is A MAJOR Cause For Concern via @SocMedSean http://t.co/HUDbA9B

  • Misty

    Even locking the phone isn’t 100 percent secure. The phone can be reset, clearing the password protection. The phone is cleared of many things, but if there is a memory card in it like an SD card.. it will not clear that information. It will also not clear certain social network information.

    • http://www.socmedsean.com Sean R. Nicholson

      Agreed, Misty!

      Since the SD Card often contains the most sensitive data (photos, text messages, etc..) it’s a good idea to make sure that your remote wipe app can also wipe the SD Card.

      Check out Plan B, which can even be installed after you have lost your phone and can wipe both the handset and the SD Card.

      https://market.android.com/details?id=com.lookout.labs.planb&hl=en

      –Sean

  • Pingback: How Google+ Helped Me Find And Recover My Stolen Mobile Phone

  • http://none michelle

    TO ALL SPRINT USERS: OUR ACCOUNTS WERE HACKED AT RANDOM
    Sorry for any grammatical errors I’m writing this very late …and very frustrated.

    So tonight was a normal night for my husband and I grocery shopping after work and so on. We get home and feed our infant son and I try to make a phone call to my grandmother whom I call nightly religiously and when I had not heard from her (usually she calls me by the time I get around to it) I attempt to make a phone call and get an error voice message (your account cannot be validated) hmm. Hang up try again maybe it’s a fluke… and again same thing. First thing I tell my husband he immediately pulls up sprint.com we always pay our bill early (have never once been late) thinking hmm… did we maybe forget to pay our bill or something?????
    No billing issues then look over at the phones associated with our account they are not the Galaxy Note 2 ‘s we own they are two LG lotus flip phones or something…
    Immediately alarm bells go off and he dials sprint. They inform us our phones had been SWITCHED PER CUSTOMER REQUEST ACTUALLY PER MY REQUEST?!?
    NO ABSOLUTELY NOT BY “OUR”REQUEST…so she sends us forth to the fraud dept.…. where again we are informed the request to change phones has been made per the account holder (my husbands) wife (me). They proceeded to ask me has anyone borrowed your phone? NO! So they tell me they are going to restore our phones and I said wait one-second let me SPRINT FAMILY LOCATE THEM. And I do and I retrieve the phones to be in DELAWARE. Okay, now we live in Michigan and minutes prior to the account switch we had made phones calls IN MICHIGAN … wondering how could we have made it to Delaware to switch phones in minutes DON’T THE SPRINT REPS WONDER THESE OBVIOUS THINGS AS WELL? It would be odd to me if they did not question this…I tell them this information and the rep tells me okay we are going to pull the audio from the conversation when this request was made…. after about a half hour of holding and thank you for waiting they tell me this will not be available until tomorrow and they will call me back then with the audio as well as more information and for now to change all of our information (passwords) and call in information (PIN YOU MUST KNOW TO ACCESS ACCOUNT AS WELL AS SECURITY QUESTION)…..ALL OF THIS I WAS TOLD THE PERSON WHO CALLED IN WOULD HAVE TO KNOW AS WELL TO MAKE ANY KIND OF CHANGES *AGAIN ALARM BELLS STILL RINGING..
    And they advise us to remove our bank accounts tied to the sprint website…. which we already did…
    As I’m about to hang up I tell the rep as I look at our phone call logs that I see phone calls made to (MULTIPLE TO) CUBA, NORTH DADE FL., TAMPA FL.HACKENSACK NJ. AND TUCSON AZ.
    The Cuba charges racked up 401.00$ in international long distance calls alone in just two hours. They assure me this will be taken into notes and addressed tomorrow…
    So basically we are left questions unanswered…feeling uneasy as to what is going on. Did they get our bank accounts…did they hack our computer systems.is this something larger than us and our identities…could it be something illegal using our numbers as aliases… knowing how powerful technology is I’m terrified.
    Before we head to bed my husband checked his voicemail and seen he had received a call from SPRINT CUSTOMER SERVICE…. it was A REP SAYING …HELLO MRS…***** THANKS FOR CALLING US I DID PROCESS YOUR REQUEST AS YOU TWO LEAVE FOR YOUR TRIP DON’T FORGET TO TURN OFF THE DATA/LONG DISTANCE ROAMING OKAY HAVE A WONDERFUL TRIP YOU TWO…
    So now I know someone was claiming to be my husband & I leaving on a trip…she did leave her name…hopefully this is not a dead end. Hopefully they will find the audio…. HOPEFULLY OTHER PEOPLE WHOM THIS HAS HAPPENED TO WILL COME FORTH AND HOEPFULLY SPRINT WILL COOPERATE WITH US AS WE PUSH THIS AS FAR AS POSSIBLE TO PREVENT THIS FROM HAPPENING TO OTHERS… I don’t know…one thing I do know is that I’m going to bed a very misunderstood person tonight…considering when I call things like the bank, sprint, and any other companies they give me leaps and bounds of security protocols to go through but who did not do this for our account tonight….

  • Brenda

    sounds like a personal problem not sprint’s problem. a sprint customer service rep can’t go and wipe your phone for you however you can get the total equipment protection app when you get your android device and when you lose it go on the insurance website and have everything on the phone wiped and even locate where the device is.

  • Kevin

    I still can’t see how Sprint did anything wrong. It sounds like you’ve figured all this out the hard way, and i’ve been there. Losing a phone without a security lock is very frightening. Android comes with security locks, as well as all smartphones. This would have also saved you during your unfortunate lose.

    Sprint service reps are taught the systems that they use, and just like other businesses with customer support, the reps don’t learn everything about the products they sell let alone the apps they can recommend for security. You’d have to visit a store and talk to a well educated rep or just google the solution.

    An answer is not to buy an iphone. The answer to to realize when you have personal information on your phone, and research ways to protect that information that make the most sense to you. I was in the same boat and didn’t have security on my phone. I do now and google has my contacts, pictures, text, and email backed up to the cloud.

  • Steve

    Hi i just wanted to enlighten everyone that a lost smartphone is the same as a lost wallet/purse, in the event of a lost wallet you would call up all the cc card and have them send out new one with new number and deactivate the old ones and obviously take the loss on the money and other notes or random things in your wallet, well in the smartphone case all the account that you signed into, Speaking for the Android community Ex: Google, Dropbox, Skydrive, youmail U have to manually go online and change the password so the next time Your Beloved smartphone attempts to login they will be denied also Gmail on you desktop browser all the way at the bottom of the Gmail page has a tiny button thats says Details that will let you all internet connectable device to you Google/Gmail Account Also Android phones in all your application has a Google setting app, in this app you will see android device manager where you can remotely locate, lock, and perform a factory reset all over the web through you own Google account online(I use it sometimes when i misplace my phone in my own house). and its awesome and ? feel free to aks.

Read previous post:
google_plus_recover_lost_cell_phone_featured_2
How Google+ Helped Me Find And Recover My Stolen Mobile Phone

This is a story about a social-media savvy woman who left her cell phone in a cab and thought she’d...

Close