It’s not an idle concern: a new survey from NQ Mobile finds one in four mobile users have lost their devices or had one stolen, and the Pew internet & American Life Project puts the number closer to one in three. Sure, we know we need to make regular backups and that we ought to set passcodes on our devices. And sure, most of our apps and purchased media can eventually be downloaded and re-installed. However, restoring our stuff can take forever on top of the sheer cost of replacement devices. There’s also the uncomfortable thought of someone going through our email, photos, or social networking accounts — and maybe even posting in our names or deleting accounts.
The good news is that location-aware features can help find and recover missing devices: examples include Apple’s Find my Device service built into iCloud, Lookout for iOS and Android, the open source Prey, and the long-standing LoJack for Laptops: there are many others. Along with locating devices, many can wipe them clean to keep your personal (or business) information out of the wrong hands. Many try to take snapshots of whoever’s using them to identify culprits.
The bad news is that these services are in no way a cure-all for someone who has lost a device, let alone had one stolen. Why not, and what should someone in this unfortunate situation do? Read on …
What to expect when your device goes missing
Locator services are great if you left your tablet at a friend’s house or maybe forgot your smartphone at work. They might be able to help you get back a stolen device…but don’t bank on it.
Last summer, someone stole New York Times technology columnist David Pogue’s iPhone. A few days later, Apple’s Find My iPhone service reported the device had popped up at a home in Maryland. Pogue (and some of his enthusiastic Twitter followers) reported the location to local police, who went to the house and spent more than an hour looking around before finding the device apparently discarded in the back yard. Pogue did get his phone back; there have been numerous other reports of police arresting thieves (and even armed robbers) with data provided by location services.
Nonetheless, these cases seem to be the exception rather than the rule — even Pogue described his experience as “ridiculously lucky.” Many thieves are as aware of location tracking tools as anyone else, and turn devices off immediately. Many victims receive few or no location reports from tracking services — and, even if they do, law enforcement can’t always act on it.
“Over a year ago my iPhone 4S was taken in Manhattan in the seconds between putting it in my pocket and untangling my earbuds,” said Bridget Kihn, a project manager in New York City. “I logged in to Find My iPhone within just a couple of minutes. My iPhone was already offline, and has never once come online since. It just vanished.”
“I had Prey installed when my phone was stolen in February,” wrote Rod de la Vega, a nurse practioner in San Francisco whose Galaxy S3 was stolen from his workplace locker. “I got location reports within an hour: it was in Bayview until that night, then moved to San Bruno and stayed there for days. I kept giving the reports to police, but they said they weren’t enough. It was very frustrating.”
The FBI concluded just 12.7 percent of burglary cases were “cleared” in the United States in 2011. For robbery (where items are taken by force or threat of force) the figure was 28.7 percent.
“It can come down to a question of time and resources,” noted an patrol officer with the Chicago Police Department who did not want to be identified because he’s not a public relations officer. “Everybody wants to get bad guys, but break-ins or car prowls can’t always get the immediate response of armed robberies or violent crimes. We’ll get there, but sometimes people want us to track their stolen stuff in real time like the movies. That’s just not realistic.”
The imprecise nature of location tracking can limit what law enforcement can do — after all, a device might be determining its location using an open Wi-Fi hotspot that could be hundreds of feet (or several buildings) away. If it’s using an IP number, the location could be (many) miles off target.
“We have to have more information to enter a house than just the tracking device pinging,” said Sgt. Cindi West of Seattle’s King County Sheriff’s Office. “Location reports certainly help develop probable cause, but in and of itself is generally not enough. We just can’t kick the door in to a house where it looks like the device is at.”
What to do if your device is stolen
If your device is stolen, file a police report as soon as possible and get a case number. Give police your device’s serial number if you have it, but you can provide that information later by following up with your case number.
If your device is registered with a tracking service, give the police any location pings and other information as it comes in, using your case number. If your tracking service can take photos with your device’s camera, pass those images along to police; even if they don’t show the face of someone using your device, they might provide additional information to help establish probable cause or location. Then, police can initiate a search. Just be aware that a location report doesn’t mean officers will sprint out of the nearest precinct Hollywood-style and race to the reported location with sirens wailing.
Some theft victims have used tracking services to retrieve stolen items on their own. (Here’s a particularly dramatic example from a Prey user.) Law enforcement representatives consistently advise victims not to put themselves in danger by going after stolen devices themselves.
“We absolutely discourage people from trying to retrieve the property on their own,” noted Sgt. West. “Property is not worth risking your life for.”
The same applies to posting tracking reports to social media, as David Pogue did with his stolen iPhone last year; friends or followers could be putting themselves or others in danger if they decide to check out a reported location.
Most thieves don’t steal smartphones, tablets, or notebooks to access the owners’ personal information — more often, they want to make quick money selling the devices. Nonetheless, theft victims should change the passwords for all services and apps they use on the device, including (but not limited to) email, banking, social networking, app stores, gaming accounts, and online retailers.
Finally, if you use your device with multi-factor services like Google’s 2-step verification, use your backup access codes or other mechanisms to remove the device from your accounts.
How device locators actually work
The basics of device locator services are essentially the same. Users sign up (before a device is stolen or goes missing!) and either install tracking software or activates a built-in system. When the device is turned on and has an internet connection, it tries to check in with the locator service — typically once per hour. The check-in – or ping – includes details on the device’s location and status. If a user reports a device missing, most services try to get the device to ping more often — say, every five minutes — so it can be tracked more accurately. Usually this happens via the internet, but some services can be activated using SMS messages.
Mobile devices get location information in different ways. Gear with GPS receivers (including smartphones and most tablets with cellular data capabilities) can use signals from satellites. Satellite GPS can be very accurate, but needs time to get a fix — and only works if the satellite data can be received. So, these devices also use location information from nearby cell towers using “assisted GPS” technologies, developed in part to help out 911 and other emergency services.
What about Wi-Fi only devices that don’t have GPS? Almost every iOS and Android device collects anonymized data about Wi-Fi hotspots and sends it back to Apple and Google, who keep constantly-updated databases of Wi-Fi hotspots and their approximate locations. (Skyhook Wireless and Navizon do something similar.) Wi-Fi location doesn’t work in the middle of nowhere, but can be surprisingly accurate in areas with consistent hotspots.
There’s more: pings sometimes reveal location information just by connecting to the internet. When a device checks in, a service can use GeoIP databases to look up locations associated with the device’s internet address. Sometimes that is a street address, but it’s usually rather general, and sometimes wildly wrong. For instance, most GeoIP data for my home network is only accurate to with 15 to 30 miles, but, as I’m writing, most GeoIP data for my location is off by more than 1,400 miles.
Bottom line: location information from missing devices can be highly accurate, but sometimes it’s barely in the ballpark, and everything depends on devices connecting to the internet.
Worth the effort?
So are device tracking and recovery services worth the effort? Yes, but you shouldn’t expect these services to work miracles and return your devices to you gift-wrapped within a few hours: the bottom line remains is that most stolen devices are gone for good. There is a chance these services can help police recover your stolen items, and that’s better than nothing.
However, the real benefit to tracking services may be the ability to remotely wipe your data from the device. In almost all cases, wiping a device also eliminates the ability to track it, but it may be the best way to safeguard your accounts and services — and even your identity.
In the meantime, set up passcodes on your phone, tablet, and/or notebook: they’re probably the best protection against a thief wreaking havoc in your life with a stolen device.