Stolen phones: how police and the wireless industry are protecting a popular target

California law requires that all smartphones made beginning next July include a “kill switch” that allows them to be disabled when stolen, and Google has just built one into Android. Recode reports that Android Lollipop includes a feature called “Factory Reset Protection,” which can make a phone require that a password is entered before it’s reset. When combined with the ability to remotely lock your phone, which Google introduced last year, it appears that Android devices now have a full “kill switch” that can make a phone useless when stolen and then bring it back to life should it be recovered.

“We applaud Google for including a ‘kill switch’ solution in its new version of Android, one of the most popular smartphone operating systems in the world,” San Francisco district attorney George Gascón and New York attorney general Eric Schneiderman say in a statement. “The majority of smartphone owners now have access to a theft-deterrent solution.” That said, Gascón and Schneiderman says that there’s still work to be done, as they want to see all smartphones enable this solution by default “so violent criminals lack the incentive to steal any smartphone.”

A bill that requires all smartphones manufactured after July 1st, 2015 to include anti-theft measures if sold in the state of California was signed into law today. California governor Jerry Brown signed the bill, which was introduced back in February, and finally cleared the State assembly two weeks ago. Its aim is to make phones a less attractive target for thieves by requiring built-in tools that let consumers remotely lock, wipe, and disable the devices.

The bill, SB 962, was created by California state Senator Mark Leno along with San Francisco District Attorney George Gascón, who’s been a staunch advocate of anti-theft measures for phones. Ahead of the bill, Gascón urged cellphone makers — including Apple and Samsung — to make stolen smartphones more of a headache for thieves, going so far as to hire security experts to try and bypass the built-in security measures to illustrate that smartphone makers weren’t doing enough. An earlier version of the legislation also included tablets, and any other handheld “advanced mobile communications device,” language that was stripped out in favor of targeting only smartphones.

On July 1st, 2015, it will be illegal to sell a smartphone in Minnesota without antitheft software preinstalled. That’s because Minnesota Governor Mark Dayton just signed the first so-called “kill switch” bill into law. The idea is that if smartphone owners can always remotely disable and wipe their phones after they’re stolen, it will deter criminals from stealing them at all. It’s a feature that police departments across the country have requested, due to how popular it has become for thieves to snatch the small, high-value devices. Nationally, an estimated one in three robberies involves smartphones, according to the FCC.

Strangely, the actual text of Minnesota’s “kill switch” bill doesn’t actually require a kill switch at all. The letter of the law simply states that phones be “equipped with preloaded antitheft functionality or be capable of downloading that functionality,” without specifying what “antitheft” means or what sorts of protections the software might actually offer.

Remember when your parents told you that your life is worth more than whatever a thief wants to take from you? It seems some phone owners, tempted by GPS-tracking apps like Find My iPhone, are ignoring that advice and tracking down criminals themselves in hopes of getting their smartphones back. The New York Times has followed up with a few iPhone vigilantes, and as you might expect, not all cellphone recovery missions turn out so well. But there are also some incredible stories, including a man who posed as a woman on OKCupid to lure his thief out of hiding.

A California bill that would require anti-theft measures to be included in smartphones, failed to pass today after a vote fell two Senate members short of its minimum. Senate bill 962 — which was introduced in February by Senator Mark Leno, a San Francisco Democrat — asked for any “advanced mobile communications device,” sold in the state next year to have hardware or software features to let owners render the devices useless when stolen. The “kill switch” bill needed 21 votes to pass, but received just 19, with 17 nay votes, and one senator who did not vote earlier today, reports CNET.

The vote comes just a week after nearly every major player in the phone industry pledged to make their smartphones harder to steal. Apple, Google, HTC, Huawei, Motorola, Microsoft, Nokia and Samsung, along with the five major US cell carriers, agreed on plans to offer customers a way to remotely wipe or make inoperable their devices beginning July 2015. Senator Leno, who was joined by San Francisco District Attorney George Gascón in pushing the legislation, said those measures were welcomed but “incremental.”

A new pledge signed by nearly every major player in the phone industry is promising that after July of 2015, it will be a lot harder to steal a smartphone, according to a statement from the CTIA. After that date, the companies pledge that every user will be able to remotely brick and wipe their phones in the event of a theft, features currently offered by Find my iPhone and the Android Device Manager. Apple, Google, HTC, Huawei, Motorola, Microsoft, Nokia and Samsung have already signed on, along with the five major US cell carriers.

Making those features standard has become a common request from law enforcement, which has dealt with a surge in smartphone thefts with the rise of mobile computing. It’s a particular project of New York Attorney General Eric Schneiderman, who joined with a San Francisco District Attorney to call for tighter anti-theft measures in June of last year. According to Re/code, the latest pledge has already been called inadequate by California State Senator Mark Leno, who said a stronger “kill switch” protocol was necessary if companies were going to truly crack down on phone theft.

AT&T, T-Mobile, Sprint, and Verizon Wireless launched a database for stolen smartphones last year, and today the wireless industry says that database system is complete. CTIA president and CEO Steve Largent announced that the database now allows carriers to block activation of LTE smartphones as well as 3G devices, hopefully deterring their theft, and has been integrated with international databases so foreign carriers can assist the effort. “As more countries and more carriers around the world participate in the 3G and 4G/LTE databases, criminals will have fewer outlets since these stolen phones would be blacklisted and could not be reactivated,” wrote Largent in a press release.

That point about international carriers is more important than you might think. While the US database has been active for a year, New York City officials say it hasn’t made a real dent in smartphone thefts. Since foreign carriers weren’t included in the original effort, organized crime syndicates are literally fronting truckloads of cash to ship stolen smartphones overseas where they can be sold without fear. Smartphone theft is such an issue in San Francisco and New York City, in fact, that prosecutors launched the “Save Our Smartphones Initative”, hoping to convince US carriers and smartphone manufacturers to install a “kill switch” in their devices that could completely deactivate them if they were stolen.

Major US wireless carriers have rejected the idea of a “kill switch” security measure being added to Samsung’s popular Android phones, according to The New York Times. San Francisco district attorney George Gascón has been negotiating with Samsung to add tighter anti-theft features to its products, but mobile providers and the CTIA have reportedly come out in opposition to the plan. After reviewing emails between a developer and Samsung, Gascón is convinced that’s because the companies fear losing reliable profits that come from selling cellular insurance plans to customers. These protection plans often cover lost or stolen items, but they almost always demand a high deductible (in addition to a regular monthly fee) when phones need to be replaced.

The carriers obviously have a different take. The CTIA has publicly stated that a kill switch “is not the answer” to mobile security, and has raised concerns that devices could be maliciously reset by hackers. Instead, the companies say they’ve already come up with a solution: a nationwide database designed to prevent stolen phones from being used on US carrier networks. But as the Times previously reported, some authorities say the database is doing little to prevent cellphone theft. “This is a crime that could be easily fixed with a technological solution,” Gascón said earlier this year.

Android users can now remotely lock down a misplaced or stolen device from the web. Google has rolled this critical feature into Android Device Manager, which launched last month with location tracking and remote wipe functionality. Now the web tool lets you lock any Android smartphone running version 2.2 of the operating system and above. To do so, you’ll simply need to set a new password to be entered once the device is recovered. This can be different from your regular lock screen PIN, so even if that password is compromised, you can override it with a new one. Google is actively discouraging users from re-using their main Google credentials, however.

A lock request will immediately secure any device connected to Wi-Fi or a cellular network — even if it’s actively being used. If a thief has turned off a phone or enabled Airplane Mode, the lock will take effect as soon as a data connection is reestablished. And should your beloved smartphone prove unretrievable, there’s always the last-ditch measure of wiping its memory entirely.

The New York Police Department is a big fan of iOS 7. According to several reports on Twitter, the department has officers out on the street distributing fliers encouraging iPhone owners to update to iOS 7, which has new security features that might just cut down on theft. Earlier this year, New York’s attorney general called on Apple and other smartphone manufacturers to step up the tools they provide to prevent theft and facilitate device recovery. With Apple’s latest update, it’s made seemingly large steps in doing that.

Devices running iOS 7 can be remotely secured when lost, making it so that a device’s associated Apple ID and password must be entered before it can be wiped and used again. In effect, the new system could make an iPhone almost unusable when stolen, should the system work as planned. The NYPD is evidently hoping that it will discourage thieves, as so-called “Apple picking” theft has become a major problem. Last year, New York City’s annual crime rate rose for the first time in two decades — a fact that Mayor Bloomberg blamed squarely on the theft of Apple devices.

As demand for smartphones continues to increase, mobile-related crime has risen with it. In the US, not only are smartphones a prime target for thieves looking to make a quick buck, organized crime gangs are paying large sums of money to ship devices outside the country. The Huffington Post takes a look at the massive global market for smartphones, detailing the operation of a US company that accepted so many stolen iPhones and iPads (to ship overseas) it needed an armored truck to deliver the stacks of cash it used to pay for them all. While there are strict processes in place to restrict the trading of stolen smartphones in the US and neighboring regions, carriers lack arrangements with other countries, which allows international smartphone trafficking to thrive. It explains why some stolen handsets are often traced to the Middle East and Southeast Asia, where smartphone prices can be up to ten times higher than in western markets.

San Francisco and New York prosecutors will today roll out a new scheme aimed at cutting smartphone theft in the US. The AP reports that New York Attorney General Eric Schneiderman and San Francisco District Attorney George Gascon will launch the Save Our Smartphones Initiative, forming a collation with police, prosecutors, and consumer groups across the country to demand smartphone makers place tighter restrictions on stolen devices.

The announcement comes exactly a month after Schneiderman called upon Apple, Google, Microsoft, Samsung, and Motorola Mobility to improve security on mobile devices. Schneiderman and Gascon will co-host a “Smartphone Summit” with major device makers shortly after today’s announcement, pressing representatives to introduce a “kill switch” capable of completely deactivating units should they be lost or stolen.

New York Attorney General Eric Schneiderman has called on Apple, Google, Microsoft, Samsung, and Motorola Mobility to work with his office toward curbing smartphone thefts. In a letter to each, Schneiderman criticized the companies for potentially failing to meet security promises that they make to consumers. He believes that each of the five have overly emphasized data security to the detriment of device security, and suggested that the companies ought to be able to develop technology that would make a stolen device inoperable, and therefore of minimal use on the black market.

Smartphone theft has been a big concern in New York City, which last year saw its first increase in crime in the last two decades due to a massive increase in iPhones being stolen. In his letters, Schneiderman offered the companies little courtesy when suggesting that their efforts have been paltry. “I would be especially concerned if device theft accrues to your financial benefit through increased sales of replacement devices,” he wrote. The letters request that each of the four companies brief his office on its current antitheft efforts, as well as offer help to his office in finding and developing solutions to the rising crime issue.

Google is respected for its prowess in the cloud. Android phones that connect up to Google’s services enjoy a wide array of features — from email to apps to notes — that offer seamless sync between the web and your device. Yet there’s one enormously important feature that Google does not extend to consumers: the ability to find or remotely wipe an Android phone if it’s lost. Instead, the company has kept its solution limited to enterprise and paid Google Apps customers. The rest of us are forced to discover and rely on third-party solutions. For a company that is otherwise so strong at cloud services, why hasn’t it found a way to offer this essential feature to everyone?

Android users do have options for remotely wiping their phone. If you’re using Google Apps or are attached to an Exchange server that supports it, you (or your administrator) can go to your a device management page to find, lock, wipe, or ring / message your phone. It’s a set of four core “lost phone” features that ought to be standard and available to every user on any modern smartphone.

At 59 years old, Wayne Dobson should be enjoying the relaxed, stress-free life of a retiree. Instead, he’s been spending the past few years dealing with people who think he’s a cellphone thief.

As the Las Vegas Review-Journal reports, that’s all due to an apparent glitch in Sprint’s location-tracking services that, for some reason, has been directing owners of missing phones (as well as police) to Dobson’s home in North Las Vegas. As a result, he’s had people knocking on his door at all hours of the night, asking for cellphones he doesn’t have. “It’s a hell of a problem,” Dobson said. “It would be nice to be able to get a good night’s sleep.”

New York City’s annual crime rate is about to increase for the first time in 20 years, with city officials (and Mayor Michael Bloomberg) squarely laying the blame on a sharp jump in Apple-related thefts. As of Monday, the city had logged 108,432 major crimes throughout the five boroughs — 3,484 more compared to where things stood at this point last year. In particular, police have seen a dramatic rise in thefts involving Apple hardware, which are up 3,890 year-over-year. If not for the allure iPhones and iPads present to thieves, officials maintain, the city would instead be enjoying a drop in overall crime including the lowest number of homicides on record. “If you just took away the jump in Apple, we’d be down for the year,” Marc La Vorgna, the mayor’s press secretary, told the New York Times.

The trend of Apple thefts outpacing the rate of general crime has been ongoing for some time now, despite the NYPD’s efforts to raise public awareness of the growing threat. In remarks during his weekly radio program, Bloomberg confirmed that these numbers include Apple devices exclusively and that he wasn’t lumping in products from other manufacturers. The sheer rise in popularity of Cupertino’s gadgets has given thieves countless new targets. “The proliferation of people carrying expensive devices around is so great,” La Vorgna said. “It’s something that’s never had to be dealt with before.”

AT&T and T-Mobile have introduced a database that will track stolen cellphones and keep them from being used on the carriers’ networks. All four major US carriers agreed to contribute to the database back in April; CTIA executive Chris Guttman-McCabe told IDG News that AT&T and T-Mobile have collaborated first because their GSM networks are essentially interchangeable.

It’s not clear when Verizon and Sprint will introduce their own efforts, but all four carriers will operate a combined database by the end of November next year. The database records the unique IMEI number of each handset reported stolen — previously, carriers would simply block the SIM card to protect customers’ accounts. Now that the database effort has begun in earnest, it should become a lot more difficult to use blacklisted devices on American networks.

AT&T will launch a new service for reporting and blocking stolen devices on Tuesday, according to a trusted source. The service will allow customers to deny voice, data and SMS access to any individual phone or tablet while keeping their account intact, avoiding the inconvenience of a full SIM block.

The company sent a message (pictured below) to customer service representatives on Wednesday advising them of the change. According to the guidance, AT&T will compile a “blocklist” of stolen devices and service will be automatically suspended “if any attempt is made to use a device that is stored in the blocklist.” The only way to add a device to the list will be by contacting a customer service representative directly, and users with remote data wipe apps will be required to activate them before suspending their device, to “prevent access to their personal information.”

Calling cell phone theft a “growing epidemic,” the Federal Communications Commission announced today that all four major US cellphone carriers have agreed to deny cell and data service to stolen phones, and contribute the serial numbers of those phones to a national database. The Wall Street Journal, Bloomberg, USA Today and The New York Times each appear to have been briefed on the plans from both official and unofficial sources ahead of a formal announcement in Washington tomorrow, and here’s what they’ve heard:

Without cellular or data service, phones would certainly become a less valuable target for thieves, but there are plenty of questions still to be answered, and we’re curious about possible potential for abuse: tracking unique identifiers has often been a privacy issue, for instance. We’ll be keeping an eye out for the official announcement tomorrow.