gmail security risk with stolen droid

[droid_girl]

I was robbed and lost droid. Verizon told me to close my phone account and change my gmail password so my visible droid gmail would not be accessible to the thief. Sounded good...but now I am told if someone turned on the WiFi they can still access ALL my stored gmail emails I had before I changed my email password. IS THIS TRUE.?

question: my phone is stolen. Too late to wipe the phone because I closed down the account. I don't want my personal emails visible. What can I do to avoid the thief from reading my emails?

I changed my password twice on my PC. I then logged on and clicked details on the bottom and notice the alert that more than one computer-window sessions may be logged on. I didn't see any IP address though...I have to manually click to close all sessions. However when I logged off and then log back on, the detail link again tells me the same: more than one computer-windows-sessions may be be logged on.

the only way to avoid this is the keep my PC on all the time and never log off my gmail account.

Please advise on how to safeguard the information on my stolen phone.

thanks
droid_girl

 

[LtKen]

I think you're out of luck, sorry for your troubles. The theif might be able to view the email titles, but I think it will fail when they go to download the message, since the password fails. Not sure though....

Anyway, for future issues, you can use apps like WaveSecure, mobile defense, and itag to provide yourself with different levels of security and recovery capabilities.

Good luck.

 

[droid_girl]

I've had mixed advise from Verizon. One tech said once I change the email password on my PC there would never be a breach because once the thief clicks on the gmail icon on the desktop they will be alerted to a password request. I doubt this because the droid has zero email password protection....it is always active and logged on.

Tonight I visited a verizon store and was told that even if I closed down my phone account, one can turn on the WiFi and get all the prior cached emails I had stored before changing the password....thus my concern that my stolen phone has over 2000 emails that I cannot delete from the phone.

any advise from a hacker on how to resolve this mess? By the way I did think I was protected with having smobilesolutions app because they advertise saying one can lock the phone once it is stolen, back up data, restore, set off an alarm, track gps, etc. Unfortunately that IS NOT the case for the droid. According to their tech, their software can only wipe and gps for droids ...and only can gps the location of the phone IF the battery is on [will not locate if the phone is off] and if the thief doesn't uninstalls the software. I am guessing if one turns off their navigation the app wouldn't work either. On the other hand: One can wipe if they didn't cancel the phone service...I would have to get Verizon to turn it back on for a few minutes and then try to wipe and then cancel again. I don't know if it would work. Anyone tried wiping with this app?

 

[myAndroid]

If you've changed your password to your GMail account, your account will no longer be accessible to the attacker from your handset. What that means is that any previous email messages that were downloaded to the handset prior to you changing your password will STILL be available to the attacker. Obviously, no new messages will be downloaded, because the GMail application relies on the username/password that was configured at setup. Each time your device reaches out to check for new msgs, part of that communication is authentication. Did you have a passcode set on your handset to prevent physical access to the device? If you didn't, hopefully you will have learned a hard lesson with this experience. USE A PASSCODE!!!!!! It will go a VERY LONG WAY towards protecting your personal data from an attacker who has gained physical access to the handset, not to mention the risk of an attacker installing a malicious app, via physical acces...which is the only know means of malware on an Android device at this point in time.

As for SMobile Systems app, it says right on their website that the Android build DOES NOT support remote lock, backup or restore. This is not a failure of SMobile...it's a limitation of the Android API's that are available through the SDK. The description of the product in the Market states that remote wipe and GPS are supported...which it is.

This story, while painful for this user (and I feel for her), should serve as a warning for other members of this forum. Even though we pay for and utilize tools to make our lives more manageable, we cannot rely on technology for everything. If some basic steps had been taken before the device was stolen, this user would be in much better shape. Please, people, use a passcode on your device. Also, if you have location tracking services on your device, make sure you understand what is needed for it to work properly...before you actually need to employ them. Test them...if they don't work, get your money back. In this case, SMobile's GPS location AND the remote wipe DO work. I have used them before. However, they have to be employed at the right time and in the correct manner. If a product is going to locate a device via GPS, it stands to reason that the phone's account would need to be active through the provider and the GPS would need to be functional. Just saying....

Please don't attack platforms or tools because they are not being used correctly.

 

[Riddick]

Don't you guys use the touch screen lock protection on your phones? Would that have helped at all against a lost or stolen phone since the person would have to reformat the phone before gaining access to it?

 

[myAndroid]

Don't you guys use the touch screen lock protection on your phones? Would that have helped at all against a lost or stolen phone since the person would have to reformat the phone before gaining access to it?

Yes, it would have helped. That was what I was talking about when I said "passcode". it's just a visual passcode. Same premise, though.

 

[Riddick]

Another tip is to not keep the titanium backup files on your SDcard for too long. Save it to your PC and delete it from your SDcard. If you lose your droid or it gets stolen even if you have a passcode lock on your phone when they reformat and get access to your phone all they have to do is reinstall titanium from the market and then they can reinstall all of your apps and settings from the SDcard including personal stuff you wouldn't want in their hands.

 

[droid_girl]

I did instantly go to a laptop near the site of the crime and went to smobile website. I tried to locate but it "wasn't available". I tried all day. It was a Sunday. Monday morning I called up again and spoke to a person who told me it doesn't work if the battery is removed or uninstalled.

I now have a passcode on my phone and use wavesecure. I tested it a few times and got a correct gps location.

I have been using computers since 1987...before even if you count the primitive Apple computers or Texas Instrument computer. I just never thought of the notion that someone would snatch my purse with my phone inside. I think I am more seasoned now. I don't have any info of value on my phone, have the wavesecure and passcode pattern.

The phone isn't fun anymore but I wised up I live in 2010.

One bit of advise I would like to add...from a newbie...if you buy anything [i.e. apps] and use google's checkout, IMMEDIATELY go to a laptop and delete payment methods and get rid of your credit card remaining on their checkout...Luckily I did do that...otherwise the thief could have bought online and paid via google checkout.