In major US cities, 30% to 40% of thefts involve mobile phones, according to the Federal Communications Commission. In some cities, the percentage is higher: In New York, it's over 40%, and in San Francisco, the figure is about 50%.
To help keep smartphone owners safe -- because some thefts have resulted in the injury or death of the victim -- New York Attorney General Eric Schneiderman and San Francisco District Attorney George Gascon are backing a Samsung proposal for an opt-out kill switch.
Samsung wants to include the Absolute LoJack software on all its phones so they can be rendered inoperable from afar. It ships the code as firmware in its Galaxy S4 and Galaxy Tab 3, so the security program can survive a factory reset.
Wireless carriers have rejected Samsung's proposal, citing the risk that hackers could find a way to disable people's phones. But according to the Associated Press, Samsung provided email evidence to the San Francisco District Attorney's office that Gascon said, "suggest[s] that the carriers are rejecting a technological solution so they can continue to shake down their customers for billions of dollars in (theft) insurance premiums."
Apple's iPhone employs its own software-based kill switch in the form of its Find My iPhone software. The company recently added its Activation Lock as part of iOS 7 to prevent Find My iPhone from being disabled, and introduced its Touch ID fingerprint sensor in the iPhone 5S to provide better security than the typical password.
Gascon and Schneiderman have recommended several actions individuals can take to mitigate the risk of "Apple picking," the perversely brand-specific term used to describe mobile phone theft. We at InformationWeek have a few recommendations of our own as well. Here are 10 ways in countdown order to avoid phone theft.
10) Use security applications
Android phones and iPhones both come with security software. But that doesn't mean the software is active, or that third-party software might not help even more. If you have an Android phone, make sure you're using Android Device Manager or a third-party security software such as Lookout Security & Antivirus. If you have an iPhone, make sure Find My iPhone has been set up and activated.
9) Use a strong password
Too many people just give up when it comes to passwords, access codes, and PINs. They pick something such as "password" or "qwerty" or "1234." Raise the level of your game: Come up with a functional password generation recipe, then apply it to your devices and websites. You don't need a password manager. This is not rocket science.
Here's one way to do it: Take the last letter in a website's domain or a device's manufacturer ("k" from "informationweek.com"), a punctuation mark ("?"), and a phrase, like lyrics from a song ("Here comes the sun," in the song of the same name by The Beatles, but capitalized). Then string them together in a pattern you can remember, replacing at least one vowel with a number, like the letter "o" with the number "0". The result is "k?HereC0mesTheSun?k" -- a reasonably strong password that will be different for most websites. Or develop your own system. Just make it memorable and commit to it.
8) Keep phone data handy
Write down your phone model number, serial number, and International Mobile Equipment Identifier (IMEI). If your phone gets stolen, you'll want these numbers (along with your mobile carrier's support phone number) to help your carrier place your IMEI number on the GSMA IMEI blacklist. You can find your IMEI number in most phone settings menus by dialing *#06#, or by checking the battery compartment, if accessible.
7) Be aware of your surroundings
We've all seen them. People who meander down the sidewalk, staring at their phones, forcing others to take evasive action to avoid a collision. People chatting on phones oblivious to those nearby. People who set their phones down on cafe tables or on public transit seats. People who let their phones dangle from purse or pocket. Don't be one of these people.
6) React quickly if your phone is stolen
Report the theft to the local police. This will allow police to check websites that might be trying to unload your stolen phone and will provide you with a police report in case you want to make an insurance claim. Report the theft to your mobile carrier, so your phone service can be suspended and the phone's identifier can be blacklisted. Activate any applicable security software such as Find My iPhone or Lookout. You might also want to change your phone and app passwords, in case the thief was able to login and access some of the services you use through stored passwords. If you're really lucky, your phone's security software will help you recover your device.
5) Choose your phone to match your security expertise
Google executive chairman Eric Schmidt recently insisted that Android phones are more secure than Apple's iPhone. That might be true if you're talking about recent-model Android phones with the Android 4.4 "KitKat" operating system. But security experts scoff at Schmidt's claim. The reality is that the majority of mobile malware affects Android devices.
In August, the FBI and DHS issued a report that found 79% of mobile malware affected Android devices, 19% affected Symbian devices, and less than 1% affected BlackBerry, iOS, or Windows Phone devices. Android's troubles largely arise from the fact that as many as 44% of Android users worldwide rely on Android versions 2.3.3 to 2.3.7, which have known vulnerabilities. So although it's possible to run Android securely, it requires more diligence. Choose BlackBerry, iOS, or Windows Phone if you don't want to be proactive about security. Choose Android if you require the flexibility of a more-open ecosystem and are comfortable with the responsibility.
4) Choose your WiFi network carefully
Just because a WiFi network is visible and accessible doesn't mean it's safe. Use secure WiFi networks when possible. When there's no other option, avoid doing anything that involves authentication if you can. You never know who might be listening or intercepting unprotected network traffic.
3) Choose your apps and websites carefully
User behavior represents a major source of insecurity. If you can avoid downloading sketchy apps and visiting suspect websites, you will reduce your chances of acquiring malware. Security firm Trend Micro says it has analyzed 3.7 million Android apps and updates, and found 18% to be malicious, with an additional 13% categorized as high risk. Almost half of the malicious apps (46%) were acquired from Google Play, the company says.
2) Don't buy phone insurance
If the mobile carriers really are fighting pre-installed security software to sustain revenue from insurance premiums, you can fight back by refusing to participate. Carrying your expensive smartphone without an insurance net should also encourage you to guard your phone more carefully. Of course, you'll be wishing you had insurance when your phone slips from your pocket and fracture lines spread across the touchscreen...
1) Leave your phone at home
It's easier said than done. But you can't lose what you don't have. Shocking though it may be, people used to get by without mobile phones. Try it once in while, if only to highlight your device addiction.
Making decisions based on flashy macro trends while ignoring "little data" fundamentals is a recipe for failure. Also in the new, all-digital Blinded By Big Data issue of InformationWeek: How Coke Bottling's CIO manages mobile strategy. (Free registration required.)