It’s never fun to be the person whose phone was stolen.
A friend learned this the hard way when his phone was snatched in traffic. One unguarded moment of careless TikTok scrolling, and someone had his whole life in their hands.
In the flurry of password changes and advice that followed, someone mentioned how this could have been less scary if Android Theft Protection had been set up on the phone.
I nodded along with everyone else, but I felt a little panic because I never bothered to set it up.
So I spent an entire evening scrolling through all the options in the settings menu in horror. I hadn’t realized how exposed my phone really was.
Theft Detection Lock is the first line of defense
All it would’ve taken was a quick grab
Theft Detection Lock was the first security feature I set up right after the incident. It was the most relevant to what happened.
This amazing feature uses AI to analyze data from a phone’s onboard accelerometer and gyroscope to detect when the device has been forcibly yanked away by an opportunistic crook.
I didn’t need any convincing to try this one out; I’d seen just how easily it could happen. I use my phone everywhere, and I’d never thought about how vulnerable I was to the ol’ snatch and grab.
What really got me was that this wasn’t on by default. I didn’t make a conscious choice to turn it off; it just started that way.
Sure, there are sometimes false positives with this sort of thing. I noticed my phone locking up on me occasionally when sudden moves or sneezing too hard jerked my arm around.
But for me, that’s no reason not to use it. With biometric unlock, the thing is open again before I even process what happened half the time. It really should be enabled by default.
My PIN was a massive liability
A real double-edged sword in public
I love biometric unlock, but it always falls back on a PIN, and I’ve used the same code for ages. Seeing the Identity Check feature, it didn’t take long to work out the pitfall I’d been living with.
A pin is great when it’s too dark or your fingers are too wet, but it quickly becomes a security liability when someone casually observes over your shoulder.
Worse, fingerprint smudges often linger on the exact digits you use, making it much easier for someone to narrow down and guess your PIN.
Identity Check removes the need for a PIN entirely by using biometric authentication to unlock your device, thus eliminating that security weakness.
But the PIN lock exists for good reason, so how do you keep both? The answer is simple and effective: Identity Check can automatically turn itself off when you’re in a trusted location.
For me, this was my home, the office, and a friend’s home I frequented, conveniently the same places where I tend to use the PIN unlock most often.
Android 16’s Secure Lock could make lost phones impenetrable
The feature could make its way to Find Hub soon
Find My Device made me overconfident
Setting myself up for a nasty surprise
If there’s one security feature I was always aware of and set up religiously, it was the Find my Device function, now universally known as Find Hub.
I’ve always found it a great idea, and have even used it on multiple occasions when I got a bit careless with my phone.
So, I trusted it to have my back if my phone was ever stolen. Now I see that was an unfounded level of complacency.
You see, any miscreant could take a phone when the opportunity arises, but a truly experienced thief (the sort that could actually be after your data) would know to take the device offline so it can’t be remotely deactivated or tracked.
That means that in the most severe cases, even Find Hub would basically be worthless at protecting my data.
Offline Device Lock fixes that easily. It’s a built-in security feature that automatically locks the screen when it detects the phone hasn’t been connected to the internet for a while.
It’s not perfect since the timer can’t be customized, and it’s limited to two triggers a day to deal with false positives.
Still, it’s an additional layer of security that covers a gap I didn’t know existed before.
My last line of defense had a hole in it
Anyone with my number could’ve locked me out
The last thing I set up was the simplest, and it might be the one I’d reach for first in a real panic.
Remote Lock lets me lock my phone from android.com/lock, and I don’t have to log in to my Google account to do it.
If my phone is stolen, and I don’t have another device signed in to my account nearby, I can borrow anyone’s browser, enter my phone number, and lock the screen.
It doesn’t wipe anything or change my PIN. Instead, it forces my device to ask for my passcode, so I can continue tracking through Find Hub while the device is sealed.
There’s a problem, though. My phone number isn’t a secret, and anyone who knows it could’ve triggered the lock maliciously. That’s why Google added a security question to the process.
Now, when I go to Remote Lock and enter my number, I also have to answer the question I set, and only then does the lock go through.
I’m glad Theft Protection exists
Theft protection is something I haven’t taken seriously in the past, but now I would never feel comfortable with a new phone that doesn’t have these features turned on.
The toolkit seems to still be getting even better with updates, including a Cloud backup for Theft Protection settings at the end of last year.
Now that it’s all set up and backed up to the cloud, I feel much safer scrolling TikTok in traffic with my phone in one hand and a Starbucks in the other. I still wouldn’t recommend doing that, though.
