What to do if the phone is lost/stolen?

thickness6087

Hello everyone,

While riding to work this morning, my phone slipped out of pocket and has been switched off ever since (1+ hour at the time of writing). I am based in Oxford, UK, if that is of any help. I am in bit of a panic as I have recently moved to UK and facing this situation for the first time.

Till now, I have contacted my mobile network provider and asked for a replacement sim thereby disabling the current sim. I was running GOS with sandboxed play services. I have also removed the device/logged sessions from my 2FA app (Ente Auth) and my primary bank. If anyone has an understanding, what else can I do to ensure that the device is not misused and I don't face further trouble?

Happy to answer questions.

Kamika242

thickness6087

Was your phone locked (not only by 12345)? Then its pretty useless for a thief or finder, the only thing that could be done is installing a fresh OS with the intention of selling the device.
A report to the police should be done anyway, as told before and you should disconnect/disable payment cards that are used for contactless payment.

maro

thickness6087 Assuming a positive scenario in the form of an honest finder: Do you have a pin to SIM card? If yes, then did you have emergency contacts set? They should be visible before unlocking the phone and would give the finder a chance to contact you fairly quickly in order to return the phone. If you have a SIM pin and didn't have emergency contacts set up and the phone turned off for some reason, then I imagine it's more difficult and maybe then the lack of contact so far is not a bad signal. Anyway, I think checking the office of things found is a good idea, as suggested.

schklom

You should make a police report about loss/theft.

If you have insurance for phone loss/theft, I'm 99% certain they will require the police report to compensate you.
If by some bad luck your phone is used to do something about you, the police report will make it a lot easier to exonerate you. E.g. if your phone is used to make a loan in your name, proving it wasn't you without a police report might be difficult and painful.

Less important but still useful

I have also removed the device/logged sessions from my 2FA app (Ente Auth)

For important accounts, maybe go to each website to register a new password and 2FA code.
If you use a cloud password manager, log out remotely.
If you use e.g. KeePass synced to a cloud, change the master password. In the (unlikely) event the thief opens your phone and keeps internet, KeePass will sync to the new database file with a new password. But it's easy to do and can't hurt.

and my primary bank

Do the same for your secondary banks.

If you use NFC payments with any bank, tell your bank to remotely disallow your lost phone from doing NFC payments.

thickness6087

schklom

Police information completed online. It will take them 24 hours to assess and get back to me. Since there was no insurance, as you said, it is still a good idea in case of any misadventures.

I have changed passwords of my password manager and email as well. In the process of migrating WhatsApp as the data was locally stored on a home server.

NFC was not active (don't think if it ever worked on GOS as well).

Thanks for the detailed response. Really appreciate it.

Developer-Dude

Kamika242 the only thing that could be done is installing a fresh OS with the intention of selling the device.

I may be wrong, but I don't even think a thief could install another OS if OEM unlocking isn't enabled (which I doubt it is) and if the USB port is set to charging only when locked then it won't ever connect to a computer.

thickness6087

Kamika242

Yes, it was locked with a code more secure than 12345. And the bootloader was locked as well. I don't think they should have much luck (if I remember correctly about USB debugging) because the USB default to charging only and this can't be changed without unlocking.

Police report has been done and I have disabled virtual payment card that was on the phone too.

MineralWater

The personal data on the phone should be safe, unless you didn't write your password on the device nobody can access it.

The SIM should be deactivated, and you have done this already.

As Graphene has no Google Pay, unlocking the phone for third party NFC payments is necessary. As this can't be done without the password, it's enough to manually disconnect the payment app/phone via your payment provider/bank. Many times you can do that yourself on your bank accounts webpage.

You could also tell the police you lost it. So they know if the phone is ever used in a crime that it is a stolen/lost phone.

Contact lost and found offices during the next weeks, sometimes people bring found items there or give it to the police-there are still more honest people than criminals, so chances are good that someone finds it and gives it back.

Kamika242

Developer-Dude

Ah yes, you may be right, I thougt because of the still active power button menu and the possibility to reach the fastboot mode it's possible to wipe the device and install a new OS.

maro

Developer-Dude I may be wrong, but I don't even think a thief could install another OS if OEM unlocking isn't enabled (which I doubt it is) and if the USB port is set to charging only when locked then it won't ever connect to a computer.

Developer-Dude then it should be 99% unusable

I believe that unfortunately, if the finder turned out to be a thief, they will be able to wipe the device, set a new pin and unlock the bootloader, after which install any OS.

https://github.com/GrapheneOS/os-issue-tracker/issues/4557#issuecomment-2558296036

Kamika242

thickness6087 NFC was not active (don't think if it ever worked on GOS as well).

Away from topic, but it works very good in combination with CurvePay and in scanning tags for Home Assistant.

schklom

You're welcome :)

thickness6087 NFC was not active (don't think if it ever worked on GOS as well).

Btw, NFC works well on GOS. It's only Google Pay that doesn't work. For example, I scan a NFC tag to quickly enable Wi-Fi and login to my home network.

Some banks provide NFC payments by themselves, e.g. I think in Norway there is Vipps that can do NFC payments because it doesn't use Google Pay. In EU, Wero can do that with affiliated banks.

Developer-Dude

thickness6087 yep, then it should be 99% unusable. And another tip for the future, if you have a Duress PIN set, leave it behind the phone case then you can rest assured that the phone will get wiped at some point (at which point the hacker could enable OEM unlocking after and install another OS. But at least your data is off of it then)

DeletedUser733

Go to the website https://www.immobilize.net/ and record the phone's IMEI number to your personal details and then mark it as lost.
By law secondhand retailers of devices must check to make sure the device is not listed.
If its found and given to police, they will check this site as well. You might not want a battered scratched device back, but if it is returned, at least you will know the contents are safe, again.

thickness6087

DeletedUser733 thanks for this, done as well!

thickness6087

Developer-Dude clever idea!! for future when I can buy another device :D

thickness6087

Kamika242 noted! thank you.

DohnJoe

maro hey will be able to wipe the device, set a new pin and unlock the bootloader, after which install any OS.

Data will be safe regardless.

If I lose my phone or someone stole it, I would much rather have them unable to peek inside than preventing them using the phone.

Once formatted, data is lost forever, because of the encryption.

I liked the idea of passkey FRP, tho, would be nice to opt-in to use a fido key or similar to enforce "identity check" after a factory reset.

Kamika242

maro

For the scenario of a honest finder, I have an email address that's shown on the lock screen, this can be set up through "Settings→Background&Style→Lock Screen→Notification on lock screen" (just freely translated this from german language).

Developer-Dude

Kamika242 hey, I do that too! Have with all my Android phones