A Lesson In Losing My Sprint Android Phone: Security Is A MAJOR Cause For Concern

This is a second post from guest blogger Amy Stewart, Manager of Social Media Strategy for Intouch Solutions & author of great Kansas City-focused blog at beyondtheplazalights.com. Amy also tweets at @amylynnstewart, so be sure to check out her blog & twitter account. Thanks to Amy for sharing her great story!

Yesterday, I told the story of how Google+ aided my detective work that led to the recovery of my lost/stolen cell phone. Today, I’ll discuss the major security flaws I uncovered about Android phones and Sprint service in the process.

Long story short
To catch you up, I reported my cell phone lost to Sprint, ordered and re-activated a new one, yet my lost/stolen phone was still connected to my accounts as evidenced by the photos Yellow Cab Driver #957 was taking that were automatically uploading to my Google+ account. Here’s another photo that I didn’t include yesterday. . .

Sprint says they fixed the problem
The first question I had was “Why were all of my accounts still connected to my lost/stolen phone even after I had activated my new one?” That’s a question that I still can’t figure out. I called Sprint about the situation on Friday, August 5 when I realized that several photos had been uploaded that weren’t mine and I didn’t get a straight answer.

On the call, the Sprint customer service rep said he deactivated service on both phones (old and new) and reactivate my new phone. He told me that would fix the problem. However, it didn’t.

The problem was bigger than I thought
Sprint deactivated the phone service, but the internet based features and apps still worked anywhere there was Wi-Fi. I even tested it when the old phone was returned and sure enough. . .the test picture I took on the “deactivated” phone uploaded to Google+ in a matter of seconds.

Fortunately, I have my phone back, but I find it very eye-opening that Sprint never actually deactivated my phone. Mr. #957 had access to:

  • Multiple email accounts
  • All of my contacts
  • Photos of me and my friends
  • My calendar
  • All of my social networks

Basically, my entire life. . .for 16 days.

The solution?

Option 1: Download an Android remote wipe app on your phone. I had no idea this was possible or necessary until Sprint, my service provider, didn’t wipe my phone completely after I reported it lost.

Option 2: Buy an iPhone. Apple offers a service called MobileMe allowing users to save all of their data in one location, locate their phone, and wipe it clean if it’s lost or stolen.

Lessons Learned

  • Lock your phone – Mr. #957 would have never had access to any of my information had the home screen locked.
  • Download a remote wipe app on your Android – I thought my old phone would be deactivated the minute I reported it lost. I then thought it was deactivated after I called customer service and was told that it was. I would have never known any different had I not gotten my phone back. At this point, I feel this is the only way to truly protect yourself.
  • If you think your cab driver stole something you left in his cab, he probably did, but there’s a better chance of him returning it if he can’t get into it in the first place. So lock your phone and download the remote wipe app!
Thanks again, Amy, for sharing your story and suggestions! Hopefully your experiences will help someone else avoid having a thief gain access to personal information on their mobile phone.If you have a similar story about how social media helped locate something lost or suggestions on how to secure the information stored on a mobile device, we’d love to hear your experience in a comment!

Comments And Reactions

  1. Daron Pratt says:

    Hey Sean!!! As always — enjoyed the article, but wanted to give a Shout-Out to Amy. After reading this, I immediately set a lock on my Evo — prolly should have had it all along, but I’m lazy. Now… I just need to find a remote “Wipe” ap… 🙂


  2. Even locking the phone isn’t 100 percent secure. The phone can be reset, clearing the password protection. The phone is cleared of many things, but if there is a memory card in it like an SD card.. it will not clear that information. It will also not clear certain social network information.

    Sorry for any grammatical errors I’m writing this very late …and very frustrated.

    So tonight was a normal night for my husband and I grocery shopping after work and so on. We get home and feed our infant son and I try to make a phone call to my grandmother whom I call nightly religiously and when I had not heard from her (usually she calls me by the time I get around to it) I attempt to make a phone call and get an error voice message (your account cannot be validated) hmm. Hang up try again maybe it’s a fluke… and again same thing. First thing I tell my husband he immediately pulls up sprint.com we always pay our bill early (have never once been late) thinking hmm… did we maybe forget to pay our bill or something?????
    No billing issues then look over at the phones associated with our account they are not the Galaxy Note 2 ‘s we own they are two LG lotus flip phones or something…
    Immediately alarm bells go off and he dials sprint. They inform us our phones had been SWITCHED PER CUSTOMER REQUEST ACTUALLY PER MY REQUEST?!?
    NO ABSOLUTELY NOT BY “OUR”REQUEST…so she sends us forth to the fraud dept.…. where again we are informed the request to change phones has been made per the account holder (my husbands) wife (me). They proceeded to ask me has anyone borrowed your phone? NO! So they tell me they are going to restore our phones and I said wait one-second let me SPRINT FAMILY LOCATE THEM. And I do and I retrieve the phones to be in DELAWARE. Okay, now we live in Michigan and minutes prior to the account switch we had made phones calls IN MICHIGAN … wondering how could we have made it to Delaware to switch phones in minutes DON’T THE SPRINT REPS WONDER THESE OBVIOUS THINGS AS WELL? It would be odd to me if they did not question this…I tell them this information and the rep tells me okay we are going to pull the audio from the conversation when this request was made…. after about a half hour of holding and thank you for waiting they tell me this will not be available until tomorrow and they will call me back then with the audio as well as more information and for now to change all of our information (passwords) and call in information (PIN YOU MUST KNOW TO ACCESS ACCOUNT AS WELL AS SECURITY QUESTION)…..ALL OF THIS I WAS TOLD THE PERSON WHO CALLED IN WOULD HAVE TO KNOW AS WELL TO MAKE ANY KIND OF CHANGES *AGAIN ALARM BELLS STILL RINGING..
    And they advise us to remove our bank accounts tied to the sprint website…. which we already did…
    As I’m about to hang up I tell the rep as I look at our phone call logs that I see phone calls made to (MULTIPLE TO) CUBA, NORTH DADE FL., TAMPA FL.HACKENSACK NJ. AND TUCSON AZ.
    The Cuba charges racked up 401.00$ in international long distance calls alone in just two hours. They assure me this will be taken into notes and addressed tomorrow…
    So basically we are left questions unanswered…feeling uneasy as to what is going on. Did they get our bank accounts…did they hack our computer systems.is this something larger than us and our identities…could it be something illegal using our numbers as aliases… knowing how powerful technology is I’m terrified.
    So now I know someone was claiming to be my husband & I leaving on a trip…she did leave her name…hopefully this is not a dead end. Hopefully they will find the audio…. HOPEFULLY OTHER PEOPLE WHOM THIS HAS HAPPENED TO WILL COME FORTH AND HOEPFULLY SPRINT WILL COOPERATE WITH US AS WE PUSH THIS AS FAR AS POSSIBLE TO PREVENT THIS FROM HAPPENING TO OTHERS… I don’t know…one thing I do know is that I’m going to bed a very misunderstood person tonight…considering when I call things like the bank, sprint, and any other companies they give me leaps and bounds of security protocols to go through but who did not do this for our account tonight….

  4. sounds like a personal problem not sprint’s problem. a sprint customer service rep can’t go and wipe your phone for you however you can get the total equipment protection app when you get your android device and when you lose it go on the insurance website and have everything on the phone wiped and even locate where the device is.

  5. I still can’t see how Sprint did anything wrong. It sounds like you’ve figured all this out the hard way, and i’ve been there. Losing a phone without a security lock is very frightening. Android comes with security locks, as well as all smartphones. This would have also saved you during your unfortunate lose.

    Sprint service reps are taught the systems that they use, and just like other businesses with customer support, the reps don’t learn everything about the products they sell let alone the apps they can recommend for security. You’d have to visit a store and talk to a well educated rep or just google the solution.

    An answer is not to buy an iphone. The answer to to realize when you have personal information on your phone, and research ways to protect that information that make the most sense to you. I was in the same boat and didn’t have security on my phone. I do now and google has my contacts, pictures, text, and email backed up to the cloud.

  6. Hi i just wanted to enlighten everyone that a lost smartphone is the same as a lost wallet/purse, in the event of a lost wallet you would call up all the cc card and have them send out new one with new number and deactivate the old ones and obviously take the loss on the money and other notes or random things in your wallet, well in the smartphone case all the account that you signed into, Speaking for the Android community Ex: Google, Dropbox, Skydrive, youmail U have to manually go online and change the password so the next time Your Beloved smartphone attempts to login they will be denied also Gmail on you desktop browser all the way at the bottom of the Gmail page has a tiny button thats says Details that will let you all internet connectable device to you Google/Gmail Account Also Android phones in all your application has a Google setting app, in this app you will see android device manager where you can remotely locate, lock, and perform a factory reset all over the web through you own Google account online(I use it sometimes when i misplace my phone in my own house). and its awesome and ? feel free to aks.

  7. I just found a phone and wish I could get past the lock screen to contact the guy. Which reminded me of the times I’ve lost phones, I never had one stolen where I could see the lock screen being useful, like say you were targeted with valuable information on the phone like Kirk Hammet’s guitar riffs, then yeah… but most likely anyone who finds a phone and plans to keep it is going to wipe the phone lock or no lock. So really by locking your phone you’re statistically more likely to lock out potential people who want to return your phone.


  1. […] month after signing up for Google+ and 18 days after losing the phone, it was returned to me.Check back tomorrow to learn why Mr. #957 had access to all of my personal information and was able to (accidentally) […]

  2. […] Check out the second part of this story to learn why Mr. #957 had access to all of my personal information and was able to (accidentally) upload photos of himself to my Google+ account. […]

Speak Your Mind