How safe is private info if lost is phone?

[AnnDroid]

How secure is the screen lock pattern? I have a detailed pattern, but if I were to lose my phone, are my passwords safe behind that lock?

I'll be traveling soon and I'm not going to take my netbook this time, just my phone. I've read up a tad on Lookout, but you need to log in somewhere to find your phone and/or activate the alarm. I won't have a second device.

I use LastPass on my laptop & desktop, but it's inelegant and clunky on Android. Also, gmail app is right on my home screen, so it's in the clear if someone can get past the phone's main lock.

Advise or suggestions?

 

[aphxtwinin]

im sure where ever your going, that your taking your phone and expect to have service there will be an available computer to use lookout. Does where your going have an Apple Store? lots of open computers to use there, im sure even a friendly fellow citizen would allow you to use their laptop in an emergency

 

[AnnDroid]

I was thinking of an airport. Sorry that I wasn't very clear on location.

 

[project.in.process]

there's been recent articles which state that lock screen patterns can be broken due to the smudges left by your finger on the phone screen when unlocking it--but only able to be broken after a vast amount of tries, normally with computers being involved to generate potential sequences.

i agree, LookOut might be your best option for a remote lock/wipe in the event of losing your phone.

once HTCSense.com is up and running for Evos (hopefully) this won't be any sort of a problem in the future

 

[Doc]

I thought that Lookout did not offer remote wipe of data? I believe WaveSecure does but you do have to pay for the app after the trial period.

Doc

 

[Tattrpuff]

The thing I've been looking for is there some lockscreen message, that by chance some good willing person finds your phone, has a number or an email to give you a heads up that they have your phone...I have lookout on my phone, but have always wanted this feature.

 

[AnnDroid]

Thanks for the replies. project.in.progress, are you saying then that our lock screens are safe as long as we have a very smudged up screen?

If not, when I'm traveling and don't have a second device, do I run to a stranger and beg the use of their phone/laptop? I'd rather know it's locked down and secure.

Tattrpuff, I agree with you. I've found two phones in the past and I was able to locate the owner by dialing someone in their contact list. How can someone return a phone they can't id the owner. I bet if I returned a phone to a carrier store, they would just wipe it. I have a case, so I have my email address inside that. Helps the honest people.

 

[Gekko]

the question is - what data can a malicious person get to if they get access to your device (past the screen lock).

my concerns are -

1. the Google Services/Checkout/Gmail account - can the password be changed from the device by a malicious party? i think the answer is no because it is hidden and you need the password to change the password. so as soon as you lose the device - change your Google password.
2. banking and retail sites etc. - best to always log out of these on the browser when done. this is why i like mobile sites over apps. banking and retail apps etc. scare me due to login data being left open or left behind.
3. passwords/confidential data - best to use a strong encrypted password protected file or app. i use an MS Word 2007 file with Docs To Go 3.0 with strong encryption and password.
4. Dropbox - just change the Dropbox password immediately after you lose your phone.

i'm not worried about Contact list, Calendar, or someone making long distance phone calls. of course changing the Google password will cut off the Gmail account and calling Sprint will cut off the phone.

are there any other vulnerabilities anyone can think of?

 

[Johnly]

Good thinking. The best, unremarkable security is to not loose the phone. (obviously we know) the apps like lookout provide a sence of relief, but if the phone goes missing, and ends up in the wong hands for even 5 minutes, it is to late. Having a strong pattern lock will buy some time, and is the first defense. Go with a program that can remote wipe, while maintaining A gps local. Lookout has many people that have commented on the apps unreliable gps (off by city blocks at time) though I think that is more of a device gps issue? Thanks, good topic to think on.

 

[jrun]

The title for this thread sounds like it was written by Yoda.. haha.. just sayin

 

[caliskimmer]

Well, if the guy isn't smart and there is no lock screen bug, then kind of safe. There is always a chance that the person could figure the code out. My favorite phones are the ones with a simlock code that will destroy the sim if the password was incorrectly inputted 10 times.

 

[Fried Rice Mofo]

I bet if I returned a phone to a carrier store, they would just wipe it. I have a case, so I have my email address inside that. Helps the honest people.

When I worked at Verizon, we would track the ESN to the account owner and contact him/her if we got an unidentified device in. I can't recall if it was standard protocol or not but that's what we did at my location.

My advice? Obviously, never leave your phone off your person. Continue using your lockscreen pattern or password. Use Lookout (it can't hurt). If your phone is swiped/lost, call your carrier and blacklist the phone immediately. Get on a computer and remote-wipe the phone. That way, all data is cleared, the phone is reset to default, and it can never be used again, unless you remove it from the blacklist. Call your insurance for a replacement.

 

[vel7wil]

I'm using app protector for mine which gives you the option of which apps you want locked behind a password, such as google, contacts phone....in each case a separate password is needed to gain access...it has both a free and paid version

 

[Gekko]

Smartphone banking apps expose sensitive customer data
By Kim Zetter, wired.com | Last updated about 16 hours ago

A number of wireless banking applications for iPhone and Android phone users contain privacy and security flaws that cause the phones to store sensitive information in cleartext that could be gleaned by hackers, according to a report.

The applications distributed by such top banks and financial institutions as Wells Fargo and Bank of America placed various types of information at varying degrees of risk. But at least one Android application, distributed by Wells Fargo, stored an account holder’s username and password on the phone in cleartext. The application also stored account balances on the phone, according to a security researcher who spoke with the Wall Street Journal.

Smartphone banking apps expose sensitive customer data

 

[bclinger#IM]

The GPS issue - are they using towers or GPS. It shows my location precisely using GPS.

 

[bclinger#IM]

This application goes a long way in meeting my needs. I used TealLock with my Palm devices. Add the remote functionality of TealLock and this becomes the application to have.

I'm using app protector for mine which gives you the option of which apps you want locked behind a password, such as google, contacts phone....in each case a separate password is needed to gain access...it has both a free and paid version

 

[Gekko]

Are Android unlock patterns as secure as numeric PINs? ? What can scientific models tell us about the world?

 

[AnnDroid]

I'm using app protector for mine which gives you the option of which apps you want locked behind a password, such as google, contacts phone....in each case a separate password is needed to gain access...it has both a free and paid version

I'm giving this app a try, there's a 7-day free trial. It's only been a day, but it gives me the layer of protection that suits my needs.

 

[AnnDroid]

The title for this thread sounds like it was written by Yoda.. haha.. just sayin

Funny you are.