Prepare for and respond to a lost or stolen smartphone

How bad is the smartphone-theft epidemic? San Francisco District Attorney George Gascon accuses phone companies of profiting from stolen phones, as Michael Scherer reported last month on Time's Swampland site. Gascon is one of several leading law-enforcement officials calling for carriers to be required to implement technology that permanently deactivates stolen phones. It is simply too easy for thieves to resell smartphones.

One year ago, the major cellphone services announced via the CTIA Wireless Association plans to create a database "designed to prevent GSM smartphones reported as stolen from being activated or provided service." The database was pledged to be operating by October 31, 2012.

The U.S. carriers also promised to "create a common database for LTE smartphones designed to prevent smartphones that are reported stolen by consumers from being activated or provided service on any LTE network in the U.S. and on appropriate international LTE stolen mobile smartphone databases. This database will be completed by November 30, 2013," according to the CTIA.

The CTIA Consumer Info site provides links and toll-free phone numbers for reporting lost or stolen phones to the following services:

AT&T: 1-800-331-0500
Cellcom: 1-800-236-0055
Metro PCS: 1-888-863-8768
Sprint Nextel: 1-888-211-4727
T-Mobile USA: 1-800-937-8997
US Cellular: 1-888-944-9400
Verizon Wireless: 1-800-922-0204

By the end of this month the companies promised to instruct their customers when they buy a phone or soon thereafter on how to apply a password to the phones to prevent unauthorized access. The cell providers also pledged to "[e]ducate consumers about applications to remotely lock/locate/erase data from smartphones" by the same date.

All four of the programs are "voluntary commitments." All but the creation of the stolen-phone database rely on phone users to activate screen locks, install remote lock/locate/erase apps, and report lost and stolen phones. On December 28, 2012, the CTIA released its most-recent progress report for each of its members (PDF).

The carriers now share their stolen-phone databases, but the companies' approach to theft prevention still relies on their customers. Until that changes, the only way to stem the tsunami of smartphone thefts is for users to change their behavior, before and after the phone goes AWOL.

Step one-and-a-half: Set a passcode for your phone
If you think some benevolent person who finds your lost phone will access its information only to determine the rightful owner so it can be returned, think again. In March 2012, security firm Symantec joined with Security Perspectives Inc. to purposely lose 50 smartphones and then tracked what happened next. As Kevin Haley reports on the Symantec blog, 96 percent of the time the person who found the phone viewed its data.

The Symantec Smartphone Honey Stick Project (PDF) reports that 60 percent of the finders attempted to access social media information and e-mail on the phones, which had been set up with simulated personal and corporate data. Eighty percent of the finders tried to open the corporate files stored on the phones, which had labels such as "HR Salaries" and "HR Cases."

In a post from last September, I explained how to prevent phone and tablet theft. That tip focused on iPhones and iPads; a follow-up post explained how to lock down and find Android and Windows phones. Both posts include the steps for enabling your phone's passcode feature.

But the single most important preventive measure -- even more important than using a passcode -- is to be aware of your surroundings. People become so wrapped up in whatever is on their phone's screen that they tend not to notice trouble approaching. Since thieves consider your smartphone their personal ATM, maybe you should treat the device like cash. That means keep it out of sight, don't leave it unattended, and don't lend it to strangers who just need to make a quick call to make sure their grandmother is OK.

The CTIA's Consumer Info site lists Steps to Deter Smartphone Thefts and Protect Personal Data. In addition to locking the phone with a passcode and backing up its data frequently, the steps include installing an app that will remotely lock, locate, and/or erase the device. The site provides an extensive list of security apps for Androids, BlackBerries, iOS devices, Symbian phones, and Windows Phones.

(Hope you never need) Step two: Erase and report your lost phone
The moment your phone goes from "probably just misplaced" to "probably gone forever," find an Internet or cell connection, depending on your wipe method, and activate the phone's erase feature. If you're fortunate enough to recover it later, you can restore the device's most-recent backup.

The Apple Support site provides instructions for backing up an iPhone, iPad, or iPod Touch, as well as for restoring an iOS device via iTunes. CNET How-to expert Sharon Vaknin explains how to back up your Android phone. For advanced Android users, the How-To Geek explains the steps required to back up and restore an Android phone using the Android SDK.

The Windows Phone site gives step-by-step instructions for backing up a Windows Phone, as well as for restoring the device's data from a backup.

Instructions for backing up a BlackBerry using BlackBerry Desktop Software for Windows are available in the BlackBerry Knowledge Base.

If you're a BlackBerry user, CNET Reviews Senior Editor Lori Grunin recommends the $5 2Can BlackBerry Transfer from Apperosoft. When a friend of Lori's had her phone stolen, the victim was able to migrate the data from a BlackBerry backup file to an Android phone.

The U.S. Federal Communications Commission provides a consumer guide to stolen and lost wireless devices.

Are automated cellphone-purchasing kiosks making things worse?
Cellphone theft is an international problem. Washington, D.C., Police Chief Cathy Lanier recently accused businesses of facilitating the sale of stolen phones overseas, as reported by the Washington Post in February.

According to the Washington Post's Cecilia Kang, the Washington, D.C., police recently found six phones stolen from residents of the District in an ecoATM automated cellphone-purchasing kiosk located in the suburbs.

Debbi Baker reported last week on the U-T San Diego site that a woman whose iPhone was stolen while she was shopping used the free Find My iPhone app to locate the device in an ecoATM at a nearby mall.

According to the FAQ on the ecoATM site, when you sell a phone at an ecoATM, the device takes your photograph or video and your fingerprint. You must also provide a driver's license or government ID and "contact information." The transaction's date and location are recorded along with the device's serial number, "if it can be captured," according to the FAQ.

Baker quotes El Cajon, Calif., police Lt. Jeff Arvan as applauding ecoATM's willingness to work with law-enforcement agencies to deter the resale of stolen phones, but Arvan points out that criminals don't worry much about anticrime procedures.

I appreciate the fact that 25 percent of the phones ecoATM purchases are recycled. The company also appears to be making a noble effort to help police recover stolen phones. But there's no way the company can deny that its ATMs make a serious problem even worse.