Centre for Internet & Society

Losing a phone has become even more costly after the government's push for a cashless society.

The article by Sanjay Kumar Singh was published in the Business Standard on January 16, 2017. Udbhav Tiwari was quoted. Read the full article on Press Reader. Udbhav Tiwari was quoted.

Prime Minister Narendra Modi, while pitching for cashless transactions, has coined a new phrase — your mobile is a bank. If you really want to use your mobile phone as a bank, remember the costs of losing it are much higher. Earlier, if you lost your mobile phone, there was the risk of misuse of personal data. Now, with most gadgets also carrying mobile wallet apps, there is the added risk of serious financial loss. A number of security solutions, available in the form of external security software or in-built into the phone, can help you track the device, lock it and minimise the probability of misuse.

First, it should give you some satisfaction that if your device is of recent vintage, someone stealing your phone will not be able to use it. Earlier, thieves would wipe the data on the phone (if it had a pin), set up a new account, and use it. But if it is an Apple phone that came out after 2014 or a phone with Android 6.0 Marshmallow or higher operating system (OS), the server will ask for login information of the first account (with which the owner had initially set up the phone). Only then will it allow someone to set up a second account on the same device. Since that information is not likely to be available to the thief, the phone will be of little use to him.

Track your device

Both Apple and Android have in-built features that allow you to track your device if it gets lost. In Apple it is called 'Find my phone' and on Android, 'Android device manager'. When you log in through your Apple or Google account while setting up the phone, this feature gets enabled by default. After your phone is stolen, go online and type 'Find my phone' or 'Android device manager'. Use your account credentials to log in. As long as your phone is on and is connected to the Internet, it will broadcast its location. If it has been switched off or can't connect to the Internet, you will only be able to see the last location from where it transmitted.

Antivirus software for mobile phones also offer tracking features. "Using our mobile security software, users can locate their lost device on a map or receive the location coordinates through an SMS," says Ritesh Chopra, country manager, Norton by Symantec. These software also enable you to lock the lost device remotely either from the antivirus software's web site or by sending an SMS. Chopra informs that you can also remotely delete all the data stored either on the device or its memory card. Users can also trigger an alarm if they think their device is still in the vicinity. "Some antivirus software also allow you to take snapshots of the illegal user once the original user has reported it as stolen," says Udbhav Tiwari, policy officer at the Centre for Internet and Society, Bengaluru.

Take preventive security measures

How well your phone and the data on it are protected after theft will, however, depend on the security measures you adopt proactively while the phone is in your possession.

Install a password: The first stage of protection you should adopt is a pin, pattern lock, or password for your mobile phone. If you don't set up a pin, everything that doesn't require a second level of authentication is available to anyone who gets possession of your device. If you lose your laptop but have logged out of your email or social networking account, the thief can't access them. But on mobile phones most of these services don't require a second level of authentication.

Most alarming from a financial standpoint is the fact that most mobile wallets don't ask for a password before allowing you to transact (Paytm has introduced one recently). "If you have a mobile wallet and don't have a pin on your phone and it gets stolen, the thief can easily transfer money from your wallet to another," says Tiwari. Most mobile and net banking apps, however, require a login and password every time you want to access them, and are hence safer.

Set a pin promptly--a strong one that can't be easily guessed. Numbers associated with you, such as your birthday, are a strict no-no. If your phone carries especially sensitive or important data, eschew pins altogether and use a detailed password with a diverse combination of characters.

Nowadays you can also deploy fingerprint-based unlocking feature on your phone. "By using Fonetastic for the Android platform, you can set the fingerprint unlock feature on your phone," informs Sanjay Katkar, managing director and chief technology officer, Quick Heal Technologies.

Encrypt data on your device: Even if you set up a pin or password, the data on your mobile phone is not protected. Hackers can bypass it and gain access to your files. To protect data, OS developers like Google and Apple encrypt data. The device encryption feature works using something unique on your device, such as its serial number, and your pin. Even if someone gets access to your files via a computer, they will not be able to open them. These files will open only on your phone, and for that they will need your pin, password or pattern lock (presuming you have set one).

In all iOS phones, the moment you set your pin, all files get automatically encrypted. In any Android phone purchased within the last one year (that runs on Android 6.0 Marshmallow by default), the same holds true. But if you have an older Android phone or OS version, you need to enable this feature manually. Go to Settings, then to Security, find an option called 'Encrypt phone' and click on it.

Install an app lock: Some security apps allow you to lock the apps on your phone and also encrypt the files produced by those apps. When you start an app, the security app will ask for a pin. And when you exit an app, it will encrypt the files stored within the app. Go to Google Play or iStore and type 'encrypted file storage' to get the most popular lock-and-encrypt apps. "If you use device-level encryption, you may not need these apps, as the former locks and encrypts the entire device," says Tiwari