What to Do If Your Phone Is Stolen: Step-by-Step Guide

By Ava McKinneyOnline Safety

What to Do If Your Phone Is Stolen: Step-by-Step Plan

Hi everyone, and good morning! This is Pavluu. These days, our phones are practically the center of our universe—they hold our 2FA codes, passwords (for some of us), crypto wallets, and more. That’s a risk, right? Today, let’s talk about what to do if your phone is lost or stolen.

Step 1: Lock, Locate, and Erase

Any security can be bypassed, so the first thing you should do after losing your smartphone is to lock it and try to track its last known location. If needed, erase all data from the device. You can do this using built-in OS features or third-party apps like Prey and other anti-theft tools. The built-in options are always available, even if you didn’t install anything beforehand, so let’s focus on those.

Android

  1. Open Device Manager in your browser.
  2. Select your device from the list. Click the small location icon. If your phone is online, its location will appear on the map.
  3. Use the “Lock” command to set a PIN and display a message for the thief. You can also provide a phone number for them to call you back (wishful thinking!).
  4. With the “Erase” command, you can wipe all data from your phone. If the phone is offline, the operation will be performed as soon as it connects to the internet. Note: the memory card will remain untouched, but usually only photos and game caches are stored there.
  • You can perform all these actions from another smartphone or tablet using the Device Manager app.
  • Google recently launched the Timeline service, which shows all the places your devices have been, including travel routes.

iOS

  1. Open the Find My iPhone page or launch the “Find My iPhone” app on another iOS device.
  2. Select your device to see its location on the map.
  3. Enable “Lost Mode.” This lets you remotely lock your device with a four-digit code and display a custom message with your phone number, giving the thief a chance to return it. You can also erase all data this way. Note: after erasing, you won’t be able to locate the device using Find My iPhone.

However, the Activation Lock feature will remain enabled, meaning no one can use your iPhone until it’s activated with your Apple ID. Activation Lock is automatically disabled when you remove the device from your Apple ID.

Windows Phone

  1. Go to the Microsoft Devices page.
  2. Select your phone and click “Find my phone” to see its location on the map.
  3. Click “Lock” and follow the instructions. If you haven’t set a password yet, you’ll need to create one, which will be required to unlock the phone.

Tip: Enable the “Find my phone” service in advance. It will save your phone’s location every few hours, making it easier to find. To activate, check the “Find my phone” option in your settings.

SIM Card

Call your mobile carrier and ask them to block your SIM card. Carriers usually don’t block the SIM immediately; they may first send messages to the number asking for the phone to be returned.

Step 2: Disconnect from Cloud Services

Modern smartphones are deeply integrated with cloud services like Google, iCloud, Dropbox, Facebook, VKontakte, Twitter, and more. If your phone falls into someone else’s hands, they could gain access to almost your entire digital life. Fortunately, in most cases, you can remotely disconnect your phone from these services without even changing your passwords.

For Android, the first cloud to disconnect is Google. Go to the apps connected to your account, click on the lost/stolen device, and select “Remove.” This will disconnect the device from Google services like the Play Store, Gmail, Calendar, and more. Cached data (like emails) may remain on the device, but Device Manager will still be able to locate it. Here are instructions for other services:

  • Dropbox: Go to the security page. Under “Devices” and “Connected apps,” disconnect the lost device and any apps installed on it.
  • VKontakte: Go to app settings, find the relevant app, and click “Remove.”
  • Twitter: Go to the connected apps list and click “Revoke access” next to the relevant apps.
  • Facebook: Open the apps list and click “Remove” where needed.
  • Skype: Change your password; there’s no other way.
  • Instagram: Change your password as well.
  • Odnoklassniki: Disconnect all devices at once.
  • Viber: There’s no quick or easy way to remotely block or erase messages. You’ll need to contact Viber support and wait for a response (and the block), which can take a while.
  • Telegram: If the web client was activated using the lost phone’s number and you haven’t cleared your cookies, you’re in luck. You can block the stolen device from your computer browser: go to the Telegram website, then “Settings → Active Sessions → Terminate Session” next to the relevant device.
  • WhatsApp: It will automatically disconnect after you change or block your SIM card.

Note: These steps only prevent account access from the lost device. Most services use tokens for mobile app logins, not passwords, so your password remains safe. Still, it’s a good idea to change your password or even your bank card, just in case.

Step 3: File a Police Report and Check Marketplaces

If you can’t find your phone or discover it’s in the hands of thieves, contact the police and be prepared for a long wait and lots of paperwork. This method isn’t very effective, but it’s worth a try. You’ll need:

  • Your passport (ID)
  • The original packaging with the IMEI number (they won’t accept just a piece of paper with the number)
  • The purchase receipt

Tip 1: If you write “lost” instead of “stolen” in your report, the paperwork may be processed and sent to the carrier’s security department a bit faster.

Tip 2: Call and check on your case regularly, or it may be ignored.

It’s also a good idea to visit used phone shops and check online marketplaces like Avito, as well as local classified ads. Leave your device’s details on websites that let buyers check IMEI numbers for stolen phones. Here’s a popular IMEI blacklist for stolen phones.

Do Security Features Actually Work?

Okay, let’s say you couldn’t recover your phone. But you set a lock screen PIN, your phone has a fingerprint scanner, and the manufacturer claims your data is safe. Let’s see how effective these measures really are.

PIN Code

In most cases, a PIN or pattern lock will protect your data 99% of the time—if you’re using iOS, Windows Phone, or an Android device with a locked bootloader and no known bypass. If someone tries to unlock your Android phone by unlocking the bootloader, the device will automatically reset to factory settings. However, if the bootloader was already unlocked, no security system will help. Removing a PIN via custom recovery takes just a couple of minutes.

Third-Party Anti-Theft Apps

The problem with most third-party anti-theft apps is that they’re vulnerable to hardware resets or reflashing. The exception is a special version of Avast Anti-Theft for rooted phones. It installs itself in the system partition under an innocuous name (to survive factory resets) and places a script in /etc/addon.d, which custom recoveries run before/after flashing. This means that even if someone installs a new firmware via custom recovery, the anti-theft app will remain.

Fingerprint Scanners

Fingerprint-based security may seem perfect for lost or stolen phones. A thief probably doesn’t know you and can’t access your fingers. However, there’s a downside. At the Black Hat conference in Las Vegas, Tao Wei and Yulong Zhang from FireEye showed that fingerprint scanners on Android devices can be vulnerable to fingerprint data dumps. This means someone who hacks your lost phone could steal your fingerprints, which, unlike passwords, you can’t change. This issue affects the HTC One Max and Samsung Galaxy S5, but not the iPhone, which stores fingerprint data in encrypted form.

Sony My Xperia Theft Protection (MXTP)

Recent Sony Xperia models (starting with Xperia Z3+, M4 Aqua, C4, Z4 Tablet) have built-in My Xperia Theft Protection. It’s integrated into the bootloader and, when activated, permanently locks the phone. Even if you reflash the phone using PC Companion or FlashTool, it will still ask for your Google account password on startup. You can activate it in security settings under “Protection with my Xperia.” Don’t try to enable it after unlocking the bootloader, or you’ll brick your phone.

Activation Lock (Apple), Reactivation Lock (Samsung), and Reset Protection (Windows Phone)

  • Activation Lock is an extra feature of Find My iPhone, introduced in iOS 7. Even after a factory reset, the iPhone can’t be activated without the previous owner’s Apple ID and password.
  • Reactivation Lock is a similar feature from Samsung, available on all flagship models since the Galaxy Note 3 and Galaxy S5. Once enabled, the device will require a password for reactivation after a factory reset or even to start the reset process (depending on settings). Samsung devices have a special memory area protected from hardware resets for this feature.
  • Reset Protection is Microsoft’s version, available from Windows Phone 8.1 GDR2 (Update 2) and up. It prevents thieves from bypassing your password via hard reset or by installing a new custom firmware or downgrading Windows Phone. Find it in “Settings → Find my phone.”
  • Qualcomm SafeSwitch is a hardware-level kill switch activated during device boot. According to Qualcomm, it makes the phone highly resistant to hacking. Available starting with Snapdragon 810.

Leave a Reply