My boss just called. He was walking down the street and making a call and he was mugged. Bottom line, someone stole his android phone. He bought that phone (milestone 1) after seeing mine so I opened his google account.
My question is this. Besides calling the telephone company? It is enough to change his password? How soon the phone will “notice” that the password has changed and forbid the access to the Calendar, contacts, etc.
Are the contacts Google based on the internet or is this an in phone application? If it is internet based the password will be effective immediatly. If the information is stored on the phone and is run by a phone app, I don’t think that there is much you can do.
There are apps that let you wipe all data from the phone remotely, but you have to install them in advance. Sorry, no names to give you; I haven’t researched it that thoroughly. Although I probably should!
I forgot my Android tablet at the doctor’s office a few weeks ago, but I still had my Android phone with me. Because I had neglected by put a screen lock on my tablet, I got worried about my personal info and changed my Google password that night (using a “real” computer). I decided not to change the Google password in my phone immediately, to see what would happen.
My phone became unable to retrieve any new GMail messages, calendar appointments, etc., but it would still let me view all the existing mail, contacts and appointments. I got a notification about the phone being unable to connect to the Google account, but the info already in the phone didn’t get locked out.
My phone is a HTC magic, running Android 2.1 with HTC Sense on Rogers Wireless.
(I retrieved my tablet the following day, unharmed.)
So yes, a remote-wipe app may be a good investment. But it may be enough to just have a screen lock. The 9-dot pattern lock, if your phone offers it, is not that annoying.
I have ES Security Manager installed on my Android phones. It can prevent the SIM being changed, and I can lock the phone with an SMS (or get it’s location).
I also have the IMEI number recorded in my Mailbox so I can have the phone disabled by the mobile networks (Europe wide).
Si
Concur. With an Android, I suspect the contacts are the same as his Google account, but those would still be available on the phone.
Also if he has a password vault (MSecure, 1Password etc.) he might want to go through and change any password that’s stored in that, though he’s probably OK there.
I just downloaded an app to remotely lock / track my phone (it was Amazon’s free app the other day (SeekDroid, though there are others I think). I’d suggest you add it to yours, though obviously it’s too late for your boss. This reminds me I need to actually set it up.
Slightly off-topic, but do you know if there are any comparisons on the relative security of the pattern lock vs a PIN lock?
I had the pattern set up and kept messing it up, so I switched it to a PIN instead.
Just so you all know -
random muggers do not give two shits about your personal contacts. Unless of course you specifically list them as “super rich guy with poor home security” and include his address.
They also do not care about your calendar appointments.
They will be selling the phone ASAP, to maximize their return, or using it themselves, in which case it will be full of THEIR contacts from now on.
Get over yourselves 
To the OP: another vote for the remote wipe app. Gotta do it ahead of time though.
Pin protecting the whole phone would help, no?
But they might send out horrible emails for shits n’ giggles.
Or if you have passwords stored in your email somewhere, that could be bad.
When my phone was stolen Vz tried to track it because I had it GPS-enabled but it was dead. The crackhead probably didn’t even think to open the side zipper when he took my purse.
As for the rest of it - not sure about passwords and such. If I change my Google password, my phone makes me type in a new one. Same with the other apps.
Ars Technica recently had an article on this:
How Plan B found the Droid I was Looking For
The operative point is that they managed to install this software after the phone was stolen, and since the guy who stole the phone was stupid enough to keep in on, un-wiped, and charged, he could recover it.
Your boss probably won’t get that lucky, but there’s probably a remote wipe app that can be installed the same way.
Not if you change your email password on the server - the phone won’t be able to send, then.
Text messages, however, would be another story.
For future use:
http://dougvs.tumblr.com/post/9923567875/how-i-got-my-stolen-laptop-back-within-24-hours-using
If you are changing your email password you are doing it because you think the phone is lost, call the phone company and have the phone deactivated.