They stole my phone

Hello everyone,

Today i open a topic about my recent experience and i want to share maybe some questions.
Last day i switched successfully from classic samsung rom to /e/ os.

The same day i was invited to a party with my friends, the party was great, but in the end of the night while i was going home, 5 guys went to me and took me my phone in the transport.

Before with Samsung and Google eco-system i had set many protections for this kind of situation like online phone backups, distant data removal, encryption, last position before switch off, auto data wipe after x attemps, etc …

I was very sad to lose both my phone, money, and both all time spent to make a new start with the /e/ ecosystem. Last day i had not enought knowledge about open source equivalence to protect my phone, and i didn’t secured it enough.

For me the lesson is that changing ecosystem is a process that require some secure precautions (like not using the phone like usual or using an other maybe) but moreover i won’t forget that physicial protection is very very important too, in my case the phone was like “in a transition state” where all wasn’t prepared for daily use (a sort of “dev state” instead of “production” for daily life). But maybe if i had a physical protection like a cable or something to prevent stealing i don’t know … i still feel a little bit upset by what happened.

Now i bought a less expensive phone, a Xiaomi 8T (which is not available with /e/ for the moment sadly) and i want to quickly rebound and move on by starting again.

  • i would like to know more about how to protect a phone against robery when we don’t use the classic Google or Samsung protection.

  • I think that’s difficult to have a balanced workflow between protection and privacy, between nothing and frequent gps tracking, between easy to use data and dangerous encryption that might be not recoverable…

What do you think ? any advises ?

Thanks for reading and have a nice day.

Regain your privacy! Adopt /e/ the unGoogled mobile OS and online servicesphone

6 Likes

Hello,

For now the only thing you can do against a robbery is to encrypt datas. If not, they are all exposed.

Maybe a geolocation feature will come one day (I don’t remember where I saw this).

1 Like

Sorry to hear that happened @babydriver. I’m glad it sounds like you didn’t come to any harm. The phone is replaceable luckily. I will also look into encrypting my /e/ right now because of this too

1 Like

Yes you are right about encryption (the worst things in my story is that because i was making much manipulations, screen lock was temporaly disabled and i had a document on the phone where i listed every accounts and passwords because i was migrating every accounts to a new email and a new password manager called bitwarden … i did everything wrong i deserve a medal).

  • do you have some good open source apps/tools dealing with phone encryption properly ?

I don’t think that the robbers took a look to my data, they might have wiped everything to sell it (i hope they can’t really change IMEI, i read that was possible ?)

Thank you Aloha for your kind words, you are right some of my friends told me the same, it’s better to lose a phone than life.

But … for some people like me phone or computer is a like part of yourself, we spend much time to care of it and stealing is brutal, we lose suddenly something … it’s like this scene in the movie where Tom Hanks loose his ball “Wilson” ahah :

2 Likes

No need apps to encrypt a phone. You just have to go in Settings > Security > Encryption > Encrypt phone. (It might be different if you aren’t on /e/ Pie).

2 Likes

Have a look/test if your new phone is treble supported. If it’s coming with oreo or pie or q it will. Than you can use eOS pie GSI. The standard GSI will encrypt your phone at first boot.

2 Likes

Very simple nice :smiley:

I wanted to add something very important in what i learned : when someone still your phone double auth can become a nightmare.

I refused many times to set it on my accounts except for Gmail and maybe one or two others. Right now i can’t access GMAIL and these but i can’t imagine if i had trust this kind of protection on all my accounts.

And when i see that banks want to apply this process as main mean to protect accounts … better to never loose my phone :neutral_face:

I don’t know how a robber think but if I was one, I would take the time (I guess they have it) to look at the phone to find bank apps or a way to make money. And the fact there wasn’t any password won’t help. So consider they have looked at everything.

It’s true if the 2FA method is a number phone on a stolen SIM card.
If possible, I use the code generator method.

1 Like

I checked and it supports treble.

My phone is the Xiaomi Redmi Note 8, i saw that someone on lineage community made an unofficial rom but i’m not sure to install it because i don’t know the difference between lineage and /e/ about how Google Play alternative work (i really enjoyed the /e/ default store that let find much apps from play store)

You’re right i must think like they did it, that’s why i’m taking every accounts one by one and changing every passwords … it’s very long because i listed every accounts i have on internet and i must change them all (141 credentials with different passwords)

For 2FA i’m agree with you. Do you have one good alternative to this of Google ? Where do you securely store the recovery keys ?

Than have a look here.
But use standard GSI, not mine

1 Like

Use keepass2android. You can sync via ecloud and use on every pc OS to.

At least you have already listed them. I also have a complete list of my accounts and for each of them I can directly know which email address is used, if the account has my number phone, my name, my postal address. This way if I need to change one of these informations or the password, I can do it very quickly without forgetting a single account.

I don’t know what you are talking about but I use “Aegis”, an alternative to “Google Authenticator”.

I store my recovery keys (keys used to recover an account without the code from the 2FA method) in plain text on my external hard drive. But the hard drive is encrypted thanks to VeraCrypt.

1 Like

@harvey186 Thanks i will take a look on it :wink:

@Anonyme Yes i was talking about Google Authenticator, i will try Aegis :wink:

@babydriver I’m sorry for you. But probably you will be careful next time. The issue with stock firmware is that it’s more bloated and can work slower but good think it has protections including theft protection. I’ll give you an example. A few years ago one girl called me and asked me to do something with her phone. One guy stole it and but couldn’t use it. He did factory reset or probably he even tried to flash it but stuck because of FRP lock. When police returned her phone she gave it to me, I flashed it to be sure it’s clean and then restored her account by using her name, last name and phone number. If you had original firmware and Google account the same probably worked for you. Good luck with your new phone and stay safe.

1 Like

Hi, you can get better protection if you use keepass2android using ykdroid and a yubikey hardwaretoken if your device supports nfc.
No easy way, but i use keepassxc on linux to fill my keepassfile and k2a to read it. you may handle it the other way round if your main device is your smartphone.

1 Like

@blackpoint I never heard about that FRP lock very interesting … and well done for your friend !

@bodo what can you o if you loose the yubikey or if its damaged by something ?

I use and recommend 2 Keys and a backup of the secret you generated and stored into the key. The YubiKey 5 NFC Works reliably with my Fairphone3 with /e/. I dont know if the cheaper Yubico Security Key NFC will work. The keys are robust and my 2nd is security against loosing my physical keyring.

1 Like

Hi @babydriver sorry to hear about the loss!
I think that something should be baked into /e/, via nextcloud, as @blackpoint mentioned… the option to restore all datas through external server. Of course, optional… /e/ is about privacy anyway.

@babydriver I would totally recommend using @harvey186’s GSI on your Mi8! It is a difficult install process but very rewarding.

Thanks for sharing the experience, bad as it was!

1 Like