HOW TO PROTECT YOUR PHONE AGAINST THEFT
tl;dr
Before losing your phone
- Download our phone theft emergency kit
- Setup a secure PIN/passcode
- Setup and use biometric authentication (in crowded spaces)
- Make sure you can log into your Apple/Google account from another device
- Write down your IMEI and mobile operator credentials
- Setup a backup of your photos and important data
- Enable theft and stolen device protection
- Lock important apps
Phone Theft Emergency Kit
Keep this in a safe place
This emergency kit guides you through the essential steps.
There is no need to panic if your phone is stolen! This emergency kit provides you with a step-by-step guide and will help you secure your accounts and personal information.
Please print a copy of this kit, fill in the missing details, and keep it in a safe place.
Back to Top
Use a secure PIN/Passcode
It should resist at least 10 guesses!
The PIN or passcode for your phone is usually set when you configure your phone, but you can always change it (/). Your PIN/passcode should be memorable and convenient to enter, but it should also withstand at least 10 guessing attempts, as there is a strict rate limit in place, preventing strangers from indefinitely trying guesses.
Recommendations
- Avoid using common PINs like 1234(56)/0000(00), as attackers will try these first!
- Avoid using PINs that follow a pattern that is easily observable from afar or while looking over your shoulder.
- Avoid using known dates, such as birthdays or anniversaries, if you want to shield your phone from family members.
- Please do not reuse your PIN/passcode to log into an app on your phone!
Good to know
- Unlock patterns (only available on Android) are often less secure than PINs.
- Alphanumeric passwords offer the best protection for your phone but are also cumbersome and prone to time-consuming typos.
6-digit Passcode
Fingerprint Setup
Stop shoulder-surfing attacks
Unlock your phone with your fingerprint or face.
You can enroll your fingerprint or face to unlock your phone with the help of Fingerprint Unlock/Touch ID (/) or Face Unlock/Face ID (/).
Unlocking your phone using biometrics, is fast and more convenient than entering a PIN/passcode. It is a great option to safely unlock your phone in busy spaces, like the subway, or other shoulder-surfing situations.
Good to know
You do not need to worry about your privacy. Your biometrics never leave your device; they are stored securely on an extra security chip on your phone.
Back to TopKnow how to track your phone
Have your Apple ID/Google account password ready!
To help regain your phone in case of device loss or theft, you should activate Find My on iPhone or Find My Device on Android. These features will help you locate your phone.
Make sure these features are enabled, and you know how to access them from another device, like your computer or a friends' phone.
Why?
With these features, you can ...
- Lock your phone remotely (/).
- Mark your phone as lost (/).
- Display a message on your screen (/).
- Erase all data on your phone (/).
How?
- Sign in to Find My.
- Select your device.
- Select "Mark As Lost" and follow the instructions.
- Select "Activate" to lock your phone with its passcode.
Android
- Open the Find My Device.
- Select your device.
- Follow the instructions and enter your PIN.
- Select "Secure Device."
Good to know
When you mark your device as lost, it will sign your phone out of your Apple ID/Google account and disable payments with the credit cards stored in your digital wallet.
Back to Top
iCloud Find My Website (iCloud.com/find)
Lock Your SIM Card and Get Your IMEI
Write down these important numbers and passwords!
If your phone gets stolen, you should call your provider to lock your SIM card and suspend your wireless services. For insurance reasons, it is also a good idea to report the theft to the local police station.
For this, you will need to know the following information:
- your phone number or mobile operator online credentials
- your IMEI number or device serial number
Suspend your wireless services
Suspending your wireless services and locking your SIM card is a good idea to fight the unpleasant after-effects like identity theft and impersonation or social-engineering attacks. For example, by locking your SIM card, attackers cannot receive your two-factor SMS codes, cause fraudulent transactions, or impersonate you in your favorite instant messenger like WhatsApp.
To suspend your wireless services, you should contact your mobile network operator. This can be done either online using your mobile operator's username and password or by calling their hotline and answering some questions about yourself and your contract (go get a copy of your last invoice).
Report the theft to the police
Reporting the theft to the police is a good idea and often important for insurance reasons. The police will usually ask for your phone's IMEI number. This number is unique to your phone's modem and helps the police to identify it. Legitimate phone shops will always check the IMEI of a device before buying/selling it.
You can find an explanation on how to look up your IMEI number (/) online, but it is also often printed on your device's invoice (in case you still have it). Note, modern smartphones might have more than just one IMEI number.
Back to TopChange Important Passwords
... and monitor your accounts for suspicious activity!
If your phone is gone, it is recommended to log in to all your important accounts (email, banking, shopping, etc.) and change your passwords.
If your phone is configured to receive your emails, you should start with changing the password for your email account and removing the lost phone from your account, as attackers could use it by clicking on "Forgot Password" and requesting to receive a password reset email.
You should also closely monitor important accounts like online banking and accounts that have a copy of your payment information. If you receive a notification about a login that you do not recognize, go ahead and change your password for this account immediately and do the same for all accounts where you use a similar password.
Recommendation
To find the exact steps required, please search for "<service name> change password and log out device".
Good to know
Depending on your specific situation, please keep in mind that attackers that have access to your phone, might also be able to log into accounts where you use two-factor authentication (for example by requesting a code via SMS).
Android: Chrome Password Manager
iOS: Login Notification
iOS: iCloud Backup
Android: Google One Backup
Better Safe Than Sorry
Use the built-in backup function of your phone.
When losing their phone, people are most often concerned about losing their photos, messages, and important documents.
Good news is, preparing yourself for the worst case is easier than you might think. Both iPhone and Android have built-in backup features that will transfer an encrypted copy of all your important data to the cloud.
How?
iPhone
- Go to Settings, tap on your name, then tap on "iCloud."
- Select "iCloud Backup."
- Connect your phone to your Wi-Fi and plug in your charger to start the backup.
Android
- Go to Settings, then tap on "Google."
- Select "Backup."
- Connect your phone to your Wi-Fi and plug in your charger to start the backup.
The exact steps you need to take differ from one phone manufacturer to another. To find your exact steps search for "<your phone manufacturer> android backup data".
Recommendation
If you need more cloud space, paying for some extra storage (/) is usually worth the peace of mind (if you can afford it). As free alternative, you can regularly backup your phone to your computer (/), or make use of "free" solutions like Google Photos (select "Storage saver").
Back to TopLet your phone protect itself
Even if it was unlocked or someone knew your PIN!
Apple and Google both developed new advanced security features to protect your phone, even in the case someone got both your phone and passcode or snitched it while it was unlocked:
These features basically add another level of authentication that must be completed. Once enabled, if someone likes to ...
- change your device PIN/passcode
- change your Apple ID/Google account password
- disable the Find My/Find My Device tracking feature
- or access your saved passwords (/)
... your device will enforce a time delay and prompt for biometric authentication.
How?
iPhone
- Go to Face ID & Passcodes.
- Select Stolen Device Protection.
Android
- Go to Settings.
- Click on Google/your account name.
- Hit All services.
- Select Theft Protection.
iOS 17.3+: Stolen Device Protection (Since January 2024)
Android 10+: Theft Protection (Since October 2024)
iOS 18+: Lock/Hide App (September 2024)
Android 15+: Private Space (September 2024)
Lock Important Apps
Protect your most sensitive apps!
Both Google and Apple developed features that allow you to lock and hide apps with your biometric data or PIN/passcode.
How?
iPhone
Locking Apps is available since iOS 18. The passcode is unfortunately the same as the one you use to unlock your device. Still, the feature can be handy in certain cases, like when you hand over your phone to someone "trusted" and do not want them to open these apps or when your phone is snitched while it is unlocked.
- Press and hold the app you want to protect for a few seconds.
- Select "Require Face ID."
Android
Private Space is available since Android 15. This feature can protect your apps using an additional PIN that can be different to your screen lock.
- Go to Settings.
- Setup your Private Space under "Security and Privacy."
- Install apps via the new separate App Store directly into your Private Space.
Recommendation
For the best protection, make sure to use two separate PINs — one to unlock your phone, and the other to open your Private Space.
Back to TopAdditional Help
- Apple: If Your iPhone or iPad Is Lost or Stolen
- Google: Protect Your Data against Theft
- FCC: Protect Your Smart Device
- T-Mobile: Lost or Stolen Device Help
- Dropbox: What to Do If Your Phone Is Stolen: 9 Quick Steps
- Consumer Reports: 5 Steps to Protect Your Smartphone From Theft or Loss
- Aura Digital Security: Stolen Phone? Don't Panic! Follow These Steps
- NJ TRANSIT Police Department: Stay Aware of Your Surroundings
CONTACT
This website is operated by the CISPA Helmholtz Center for Information Security. It is part of a research project about device theft. If you have any questions or concerns feel free to contact the authors: Divyanshu Bhardwaj, Helene Nuettgens, and Maximilian Golla.