Blog: Consumer Advice

How can you protect your data, privacy, and finances if your phone gets lost or stolen?

Lambros Zannettos 30 Sep 2024

Steps to take when your device is lost or stolen

TL;DR

  • This is a guide to help prepare for a situation where your mobile device is lost or stolen, including where it is stolen in an unlocked state.
  • The post covers:
    • Creating good habits in your digital life.
    • Using available features to secure your device.
    • How to prepare for loss or theft by having the right information available elsewhere.

The UK is witnessing a rise in phone thefts. This surge in criminal activity sees thieves brazenly snatching smartphones from unsuspecting pedestrians, often in broad daylight and crowded areas. In an age where our smartphones are virtual vaults of personal information, understanding safety measures for your mobile device is crucial.

Whether it’s sensitive emails, financial data, or personal photos, the impact of having your phone stolen or lost can be significant. This guide aims to help you prepare for such an eventuality, outlining the steps you can take to secure your information beforehand and the actions to take immediately after an event. By adopting proactive measures and knowing how to respond swiftly, you can minimise the potential damage and protect your digital life.

Before losing your phone

Nobody plans on being robbed or losing their phone, but if you follow this advice you’ll be in a good place if it happens.

Taking proactive steps can greatly reduce the risks if your phone is lost or stolen. This section covers essential measures like setting strong passwords, enabling encryption, backing up data, and using tracking apps. These precautions ensure your personal information remains secure and increase the chances of recovering your device.

General good practice

Offline access to important information

Memorise important phone numbers.

Print a business-card-style piece of paper with important information on it, such as:

• Relevant embassy number if you’re going abroad.

• Phone numbers of friends or family who can help you.

Make sure you can access critical elements of your digital life without your device, such as:

• Your password manager account.

• Your primary email address.

Set emergency contacts

Emergency contacts on smartphones are designated people who can be reached without unlocking the phone, useful in emergencies or if the device is lost. A finder can access these contacts via the “Emergency” feature on the lock screen to help return the phone to its owner. This feature can also provide important medical details if needed.

iOS: To set up emergency contacts on iOS, open the Health app and tap on your profile picture in the top-right corner. From there, select Medical ID, then tap Edit in the upper-right corner. Scroll down to the Emergency Contacts section, and tap add emergency contact. Choose a contact from your list and specify their relationship to you. Once set, your emergency contacts can be accessed by first responders via the Emergency option on the lock screen, even without unlocking your phone.

Android: To set emergency contacts on Android, go to Settings and search for Emergency Information (the exact steps may vary depending on your device). Select Emergency contacts, and from there, tap Add contact to choose someone from your contact list. You can also add other important information like medical conditions or allergies. These details will be available to first responders on the lock screen by tapping Emergency and selecting Emergency information, even if your phone is locked.

Make a list of important accounts

Make a list of important accounts (for example banks and crypto) which you will want to change passwords to in case your phone is lost or stolen. This way you won’t have to rely on your memory during a stressful time.

Enable screen lock

Enabling a screen lock on your smartphone is crucial for safeguarding your personal data from unauthorised access.

iOS: Go to Settings > Face ID & Passcode (or Touch ID & Passcode on older models), enter a passcode, and follow the prompts to set up Face ID, Touch ID, or a passcode.

Figure 1: Enabling screen lock on iPhone

 

Android: Navigate to Settings > Security > Screen lock, choose a screen lock type (pattern, PIN, or password), and follow the instructions to set it up, and then set up fingerprint recognition or facial recognition if supported by your device.

Figure 2: Enabling screen lock on Android

 

Between pattern, PIN, and password: a password is generally considered the most secure option. It is recommended to use a strong, unique password, combining letters, numbers, and special characters.

Use a password manager

Password managers generate and store complex, unique passwords for each of your accounts, reducing the risk of breaches caused by weak or reused passwords. They automatically fill in login details, making it easier to access your accounts without the need to remember multiple passwords.

Additionally, password managers provide a centralised place to manage your credentials securely. By encrypting your passwords and requiring a master password to access them, these tools ensure that your sensitive information remains protected, even if the device itself is compromised. Using a password manager that is synced across multiple devices (for example your mobile phone as well as your laptop) will also ensure that you have access to all your account credentials if your mobile device is not available.

Use Multi-Factor Authentication (MFA) but consider your MFA channels

MFA is a security measure that requires users to provide two or more verification factors to gain access to an account or application. For example, it is common practice to use an email address or phone number as the MFA solution. When the account or application you’re trying to access requires additional verification, it will send a one-time passcode (OTP) to your designated email address or phone number. This OTP must be entered to complete the verification process, ensuring that only you can access the account or perform specific actions.

Using MFA is a good idea, however it’s important to consider where those OTPs are sent. For example, if you have used your phone number as the MFA channel for an account then a thief who has taken an unlocked device would have access to those OTPs and would be able to perform privileged actions, such as changing passwords to important accounts.

There are several options when securing your MFA channels:

  1. If you use email as your MFA channel, lock the email application on your phone using the methods described in this post. This way the attacker would not be able to access the OTPs.
  2. Use an email which is not directly accessible from the device.
  3. Use a hardware MFA device.

Make use of biometric authentication

Biometric authentication, such as fingerprint scanning or facial recognition, provides several benefits. It enhances security by using unique biological traits that are difficult to replicate or steal, reducing the risk of unauthorised access. Biometrics also offer convenience and speed, allowing users to unlock devices or access applications quickly and effortlessly without the need to remember complex passwords.

Don’t keep sensitive information on your phone

Make sure that you don’t keep unprotected sensitive information on your device. This would include things such as:

  • Photos of your passport / ID; these could be used to bypass MFA or in identity theft.
  • Passwords
  • Crypto recovery phrases
  • Compromising photos of yourself or others; these could be used for blackmail.

Make sure you check all locations where these could be found:

  • Any note taking applications on the phone.
  • Emails accessible via phone.
  • Photo gallery
  • Messages

Increase the chances of recovering your device

Find my phone (or similar)

iOS: Enable “Find My”

In the iPhone settings page, make sure the “Find My iPhone” option is enabled. This way you can locate your device by logging in to your iCloud account at https://www.icloud.com/find/.

Note: if there is a password setup on the iPhone, then signing out of the Apple account (which would disable “Find My iPhone”) would require the password.

Figure 3: Enabling Find My iPhone

 

iOS: Enable “Stolen Device Protection:

iOS “Stolen Device Protection,” introduced in iOS 17.3, enhances iPhone security by adding extra measures for critical actions when the device is away from familiar locations. It requires biometric authentication (Face ID or Touch ID) for accessing sensitive information and enforces a security delay for changing key settings. This feature helps prevent unauthorized access even if the thief knows your passcode. Users must enable two-factor authentication, set a passcode, and activate Face ID or Touch ID to use this feature.

Figure 4: Enabling “stolen device protection” to help recover a stolen iPhone

 

Android: Use “Find My Device”

The “Find My Device” feature on Android phones allows you to locate, lock, or erase your phone remotely if it’s lost or stolen. By enabling this feature, you can track your phone’s location in real-time, send a message to the lock screen, or wipe all data to protect your personal information. This feature is built into most versions of Android.

Figure 5: The “Find My Device” feature can help recover a lost or stolen Android phone

 

There are also several open-source solutions which may appeal to the more privacy-focused or very technical users, such as:

Keep a copy of your phone’s identity

The International Mobile Equipment Identity (IMEI) is a unique 15-digit number assigned to every mobile device, acting as its identifier. It is used by networks to verify the device’s identity, track lost or stolen phones, and can be crucial for ensuring the device’s validity.

iOS: You can find your iPhone’s IMEI in a few ways:

  1. Settings: Go to Settings > General > About and scroll down to find the IMEI number.
  2. Dialling Code: Open the phone app and dial *#06#. The IMEI number will appear on the screen.
  3. SIM Tray: On some models, the IMEI is printed on the SIM tray.

Figure 6: Viewing the IMEI code using the dialling code on an iPhone

 

Android:

  1. Settings: Go to Settings > About Phone > Status or IMEI information to find the number.
  2. Dialling Code: Open the phone app and dial *#06#. The IMEI number will be displayed.
  3. Battery Compartment: For devices with a removable battery, the IMEI is often printed inside the battery compartment.

Figure 7: Viewing the IMEI code using the dialling code on Android

Minimise unauthorised access

This is how to lock, hide, or restrict application access.

iOS: iOS 18 introduced a new feature that allows users to lock or hide individual apps. Locking an app protects its contents, requiring Face ID, Touch ID, or a passcode for access. Hiding an app moves it to a locked, hidden folder, also requiring authentication to open.

Figure 8: The new iOS 18 supports locking or hiding apps (from https://www.apple.com/uk/ios/ios-18-preview/)

 

Android: While stock Android doesn’t have a built-in app lock feature, users can create multiple user profiles or use guest mode to restrict access to certain apps, such as banking or crypto. This would:

  1. Prevent an attacker from accessing these applications even if the phone was taken while unlocked, as additional authentication would be required to switch to the banking/crypto profile.
  2. During a mugging an attacker would not see any banking/crypto apps and will not be likely to pursue that type of attack.

Additionally, specific vendor variants of Android have their own versions of the app locking feature (for example Samsung Secure Folder, Huawei App Lock and Xiaomi App Lock).

Figure 9: Samsung’s “Secure Folder” feature

 

Where available and relevant, enable additional authentication at the application level. Some example applications:

  • Banking apps
  • Crypto apps
  • Email apps (this might also prevent additional compromise if this email account is the one used for 2FA)

Temporarily restricting access to single application

When there is a need to use the phone in an increased risk environment, such as using a navigation app on a motorcycle, additional precautions should be taken to secure the device and its data. In such scenarios, activating features like “Guided Access” (iOS) or “App Pinning” (Android) can ensure that the phone remains locked to the navigation app, preventing accidental access to other apps and sensitive information.

iOS: Set the “Guided Access” feature which allows you to lock a specific app in the foreground. Closing the app or navigating to anywhere else on the phone would require a PIN or other authentication.

Android: Use the “app pinning” feature. Very similar to the above iOS feature but will require the phone-level biometric/PIN authentication already in place to escape the pinned application.

Protecting your digital wallet

With mobile payment services like Google Wallet and Apple Pay becoming more popular, it’s essential to know how to protect your financial information in case your phone is stolen—especially if it’s unlocked. Fortunately, these platforms offer strong security measures, and there are proactive steps you can take to safeguard your digital wallet against unauthorised access.

iOS (Apple Pay): Use Biometric Authentication: Apple Pay is designed to require biometric authentication (Face ID or Touch ID) for every transaction, so ensure this is set up and enabled.

Wallet Access on Lock Screen: While Apple Wallet can be accessed from the lock screen (for things like boarding passes or event tickets), payments using Apple Pay still require biometric or passcode authentication. You can disable wallet access from the lock screen entirely if desired by going to:

Settings > Face ID & Passcode (or Touch ID & Passcode) > Toggle off “Wallet” under “Allow Access When Locked.”

Figure 10: Google Wallet access on lock screen

 

Android (Google Wallet): Google Wallet requires screen lock to be enabled for payments. However, the authentication requirements for Google Pay can vary by country. Local regulations, banking rules, and security standards influence whether additional authentication is required for certain transactions. For example, some regions mandate stronger security protocols for contactless payments above specific amounts, which may trigger the need for PIN or biometric authentication even if the phone is unlocked. Additionally, individual banks or card issuers might impose their own security measures, leading to variations in how Google Pay functions across different countries. If authentication for each transaction when the phone is unlocked is not enabled by default in your region or Android version, enable it.

Enable encryption

If the phone is lost or stolen, an attacker could access the data on the phone if it is not encrypted. Ensure encryption is enabled on the device.

iOS: Most modern iPhones are encrypted by default as soon as you set a passcode. Apple’s encryption is robust, tying the encryption key to the device’s hardware, making it extremely difficult to extract data without the passcode.

Android: Encryption is available on all modern Android devices, but it’s not always enabled by default. Users often need to enable it in the settings. The process and effectiveness can vary depending on the manufacturer and model.

Enable backups

To minimise data loss after a device is lost or stolen, having a robust backup solution is essential. Regular backups ensure that your important data, such as photos, contacts, and documents, can be easily restored to a new device.

iOS: Enable iCloud Backup by going to Settings > [your name] > iCloud > iCloud Backup and toggle it on.

Android: enable Google Backup by navigating to Settings > System > Backup and turn on “Back up to Google Drive.”

Additionally, consider using third-party backup services for extra security and redundancy, or if you disagree with the Apple or Google’s privacy policies.

After losing your phone

If your phone is lost or stolen, acting quickly can minimize damage and increase the chances of recovery. If you have followed some or all the above advice, you should be well placed to regain control of your digital life with minimal stress and effort.

This checklist is a suggestion of immediate steps to take, including remotely locking or wiping your phone, notifying your service provider, changing passwords for critical accounts, and reporting the loss to local authorities. Following these steps can help protect your personal information and facilitate the recovery process.

Steps to take when your device is lost or stolen

  1. Get access to an Internet-enabled device as soon as possible or contact someone you trust who can perform some or all the following steps for you.
  2. Lock your device remotely using your chosen “find my device” solution.
  3. Alert your bank or other financial institutions if you suspect your accounts are at risk.
  4. Alert your network provider:
    • Inform your mobile carrier to disable the SIM card and prevent unauthorised use.
    • Request a new SIM card with your existing phone number.
  1. Key accounts:
    • Change passwords for key accounts (email, banking, social media).
    • Update recovery options for key accounts to ensure you can regain access if needed.
    • Add alternative contact methods if your primary email is compromised.
  1. Notify authorities:
    • Report the theft to local law enforcement and provide them with the device’s IMEI number.
    • File a report to create an official record, which may be necessary for insurance claims.
  1. Monitor account activity:
    • Regularly check for any suspicious activity on your accounts.
    • Set up alerts for unusual login attempts or transactions.
  1. If your device was insured or if you were covered by something like travel insurance, get in touch with your insurer to make a claim.

Conclusion

Losing your phone can be a distressing experience, but being prepared and knowing the right steps to take can significantly mitigate the risks. By setting up robust security measures, such as enabling screen locks, using biometric authentication, and configuring backup solutions, you can protect your personal information.

In the event of loss or theft, promptly locking and tracking your device, changing critical passwords, and notifying authorities are crucial actions to secure your data. Implementing these practices not only safeguards your information but also provides peace of mind, knowing that you are well-prepared to handle such incidents effectively.