mailto: blog -at- heyrick -dot- eu
Stolen phone (no, not mine!)
Sometime early Tuesday morning, a colleague had his phone stolen from his locker. It was a Samsung Galaxy S20. I've just checked Amazon, and they seem to be going for about €650ish for the normal type, or closer to €1,000 for the 5G version. I'd assume his was the normal type.
I remember asking him about it because my contract period finishes next February so I'd be on the lookout for a newer phone. Obviously neither of us are likely to justify laying down half a month's pay for some shiny, so it'll have been part of a 24 month contract. The display was a little larger than mine, and as is common with Samsung these days, some insanely high resolution. A tiny hole in the top of the display is for the front facing camera. I'm not sure if that'll be okay or if it would bug the hell out of me. In terms of processing power, it doesn't seem that different to my S9. I suspect that they might have pushed processor specs about as far as they're going to go with current technology, so instead are concentrating on other features. Like the... how many cameras does it have around the back? The resolution is something crazy like 40 megapixel (on a phone!), along with the ability to record 8K video (but at 24fps, because bandwidth). What concerns me a lot more, and may turn me to an older (and likely cheaper) phone such as the S10 is that there is no headphone jack.
This is very important for me, as a typical winter use case for me is sitting in bed (or lying, if later at night) watching videos. Because I'm myopic and the screen is high resolution, holding it about 40cm away means I have something not unlike my own private (small) cinema.
Or maybe simply listening to music with the lights off. Usually the phone is plugged into the charger so doing these things don't drain the battery. As for headphones? I have Bluetooth headphones. I use them while mowing as I move around a lot. But when I'm watching videos, if it's a cold rainy day I could watch several full length movies, or marathon an entire series (like The Expanse) and that's more than the battery capacity of the headphones.
Anyway, his phone was pretty impressive none the less. Clearly somebody felt that they wanted it for themselves.
On Tuesday, I suggested that he try using the phone tracing to see if it was possible to locate the phone. However as you can imagine, he wasn't interested in talking about stuff like that. I think "tranquil fury" would best describe his attitude. Hardly surprising. A notice went up by the clocking-in machine asking for the phone to be returned.
On Wednesday, I wrote down the URL of Samsung's tracing website on a mask and gave it to him.
On Thursday, three gendarmes turned up, talked to him and took photos of the locker. Given it's two days later, I wonder if this was more a formality for the insurance, or if work had hoped that somebody would return the phone (even if anonymously), and given that nothing happened, turned the whole thing over to law enforcement? He asked me if I still knew how to trace the phone, and if so, would I be willing to do it tomorrow? Of course I'd have a try. He left a rather depressing message on the door saying that if whoever took the phone had a heart and a concience, they would at least copy the photos of his grandchildren to a USB key and leave it anonymously. This, I know, won't be possible as his phone had a password.
On Friday, we tried. Work kindly allowed us to do this on work time, using one of the laptops. We were supervised by one of the management, but mostly left to get on with it. I wanted to use Google's location and Samsung's location in tandem, as well as checking both of the associated cloud services. We hit an immediate problem in that he didn't know his Samsung account details. As for his Google account details, what he thought was the password was the G-xxxxxx code that they text you to verify that you are you. He borrowed my phone to call his wife, who knew the password. Then followed a comic couple of minutes as they were like "p? oh, b, not not b, it's a d!". I don't remember his password, only that it had a number of letters that sounded alike.
I really doubted that the tracing would work, because one of the first things he did, probably on Tuesday, was to report it to Orange to get them to block it. It's a shame, because if he had been less emotional (not that anybody can blame him), that is when he should have tried to trace the phone's location. Once it's been blocked, it'll be cut off from it's data source and thus won't receive messages like "where are you?".
Sadly, it was a bust. Google's Find My Device app offered a guest login, so he signed in easily enough and it popped up with the details of his phone, but it wasn't able to communicate with the phone. This, I expected. With no data, and by this point probably no battery, it wouldn't have been capable of getting any messages.
Also, he turned off Google Photos' backup of photos, so we logged in. Photos usefully noticed that his phone wasn't responding and asked for an alternative number for a verification code, I gave my number, code received, we logged in to find the timeline empty.
It's always possible that the photos have been backed up to Samsung Cloud if he didn't realise he had to turn off both services, but without knowing his Samsung Account login details we couldn't check.
And there it rests. I think the main thing that is that there aren't that many men that work there, that would have been there in the early morning, so one can't help but look at them and wonder "are you the bastard that took his phone?". Additionally, I'm quite sure the rumour mill is working flat out with endless unfounded speculation. I've not paid any attention to it.
The thing I don't get is why steal a smartphone? As it was one of the top-of-the-range devices, there's a pretty good chance it'll be like mine in that it'll ask for some sort of password or biometric when it is turned on (from sleep), and what with modern encrypted filesystems, if you restart the phone, you'd need the password so it can decrypt itself in order to be able to properly start up. Not only that, but when a phone is blocked, they not only cut off the SIM, they also blacklist the phone's IMEI (unique serial number). Some countries leave this up to the operators, who may or may not do it. In France, it's legally mandatory. Blocking is usually Europe-wide.
Of course, there are ways around these sorts of things, but an opportunist thief at work is unlikely to be familiar with such technicalities. Indeed, I think I was approached to try to help trace the phone as "I'm a bit of a nerd".
Phone tracing FAILS
On Thursday evening, I set my phone on the windowsill and tried the two tracing facilities on my own phone so I'd be familiar with how they work (so at work, I'd look like I had a clue!).
This service runs in a browser, and it is extremely intensive - my little tablet struggled with it. But it did, at least, manage to communicate with my phone.
I think the best thing I can say about Samsung's service is that it was smart enough to turn on GPS for itself.
As for fails - plenty:
- It pretty much spammed the device with prompts. Was it you that just logged in? We're looking for nearby WiFi networks. We're trying to use GPS to determine your location. So you'd better hope that who has taken your phone wasn't using it, and that you had it in silent mode so the notifications wouldn't alert them to your attempting to locate the device. Because it's easy to switch it off at that point.
- After a few minutes, it reported the WiFi AP ID ... mostly, as you can see it has truncated it meaning you can't even use a screenshot, as there's a possibility that if the AP has a standard name (like "Livebox-ABCD") then the operator might be able to provide law enforcement with an address that should correspond to that AP?
- It never reported the device's location. I tried numerous times and wasted nearly an hour and a half. At one point I poked Google Maps on my phone and it immediately localised me. But Samsung's tracing? Never gave a location. Just never.
- When you are 'connected' to the phone, you can perform various facilities like making it ring loudly, backing up the data on it, retrieving a list of calls/messages, wiping it, and so on.
The least destructive option was to retrieve the call/message list. At which point Samsung wanted me to verify that it was really me by entering a security code sent to the phone.
Yes, seriously, the phone finder service wanted to send a message to my phone to verify me. Well thought out there, guys. 🤦
- If you look at the "Was it you the connected?" prompt, you can say Yes or No. If you say No, then you have the opportunity to disconnect devices associated with the Samsung Account and change the account password. Yes, I understand that this is a security measure, but really there ought to be some sort of mechanism where the phone is to be considered "untrustworthy", rather than leaving an easy way for a thief to cut you off.
Google Find Device
This is an app. You can log in as one of your known Google accounts, or as a Guest, which is nice. My colleague used the guest option to try to find his phone.
There are no screenshots, as the app blocks attempts to take screenshots.
It is extremely quick. Like Samsung's effort, this app did pop up a notification that it was trying to locate the device, but unlike Samsung's effort, by the time anybody had read and clocked what it meant, the connected WiFi AP and location were already being shown remotely.
Fails? Four primary ones.
- The first is that if GPS is turned off (as I usually have it for battery reasons), the location service is not smart enough to think to turn it on.
- Worse than that, it will (after a delay), open the map with a location from Google Maps' timeline. Bizarrely, the location that it picked was a place just north of Châteaubriant that I'm recorded as having been on the 30th of September 2020. I haven't been there, and given that it would have been the Monday after mom died, it's very likely that I was actually up in Rennes. Yes, the timeline shows that I was, and then has this place with me being there from 6.34pm to 7.50pm. I suspect GPS was throwing a wobbly that day, as it has me as being at the supermarket just before 4pm, and then at the Mayor (having passed in a straight line through fields and a forest) for two and a half hours, before magically arriving at this place I've not been to.
I deleted it from my timeline. Now it shows a correct last-seen location.
- You have the ability to play a sound, secure the device, or to erase the device (this is greyed out, but may be because I am using the phone I'm trying to look for). It's a shame there's no provision to start dumping photos to Google Drive so one could try retrieving data from a stolen phone...
- Why the hell block taking screenshots? If nothing else, a screenshot with a localised phone is a useful thing to be able to print out and hand to the police. Here's my phone, it located itself at this place at this time. Because, you know, when the police do turn up, the phone might be off at that point? And if you had over a scribbled down location, they may well ask you where you got that information from. So the ability to screenshot the device's location could be useful.
Oh, very droll. I've switched on GPS manually and had it look for the phone. It came up with a location in seconds, and underneath the phone's identity name, it gives the location as "In your hand" because it's my home address...
So, it seems that "Find My Device" services are a good idea, but in practice they fall short of being really useful. That Samsung's one never seemed to receive a location is woeful, and that Google's one seemed incapable of turning on the GPS is equally woeful.
Maybe, just maybe, if you have a Samsung phone you can use Samsung's finder to turn GPS on, and then Google's finder to actually locate it. Assuming, of course, that the thief hasn't worked out what you're doing and sunk a large rock into the device. After all, it isn't their phone.....
Just made it. It's a weird process. Two discs. One with a milk mousse, and the other with Oreo gunk. Counter-intuitively it seems as if you're supposed to put the milk one in first. It doses out a small amount, like a lattè espresso, and then in goes the Oreo stuff. It too is liquid, but unlike the Suchard one, it is actually liquid and not a semi-solid gunk.
It only 2/3rds filled my cup, which was a little disappointing given that the pack says it's a "large" cup size. But in taste, it's nice and strong and even almost biscuity (I'm not sure I'd identify it blindfolded, it's chocolate plus something definitely, but I'm not sure I'd have guessed biscuit).
Verdict: Not bad.
Nice morning, blue skies, a little chilly but plenty of sun.
Wait, hang on... Mowing the grass? Superfluous words. It's not like one mows a car park, or the wall... I'll just hop up and stick a line through the unnecessary words.
Took forever to get Marte started. I'm starting to think that the carburettor, on choke position, mightn't just be chucking spoonfuls of petrol into the engine and flooding it?
Anyway, I got it going, fired up PPN Radio on my phone and headed out to cut the East (Picnic) Lawn and around front. As it went well, I decided to do the Western Wilderness, but had to do it on speed #3 (of 4) because the sky had turned rather ominously dark.
I went and finished the rest (the unnamed area), the potager, and the Northern Passage at about 6pm, so all of the mowing is done. For this week... ☺
Well, Oreo drink finished, 11.7°C outside, sun having just set (went out to watch it) so it'll be dark in a little over half an hour, and not hungry as I ate six large doughnuts earlier (I was writing the bit about the phone being stolen and wasn't paying attention - I only meant to eat three and had to stop when I, uh, ran out... oops!). So I guess time to upload this, and then go sit on my bed, kick back, and enjoy School Nurse Files.
Please note that while I check this page every so often, I am not able to control what users write; therefore I disclaim all liability for unpleasant and/or infringing and/or defamatory material. Undesired content will be removed as soon as it is noticed. By leaving a comment, you agree not to post material that is illegal or in bad taste, and you should be aware that the time and your IP address are both recorded, should it be necessary to find out who you are. Oh, and don't bother trying to inline HTML. I'm not that stupid! ☺ ADDING COMMENTS DOES NOT WORK IF READING TRANSLATED VERSIONS.
You can now follow comment additions with the comment RSS feed. This is distinct from the b.log RSS feed, so you can subscribe to one or both as you wish.
|David Pilling, 26th September 2020, 22:37|
Someone might steal a phone out of jealousy, or to punish someone, just take it and throw it away. I wonder if with cars there is a market for expensive phones in other countries, your buddies phone may now be in Afghanistan or somewhere else with less rigorous law enforcement. Was the locker locked - with a lock appropriate for the value contained in it.
I would not have a phone I could not afford to lose, sub 100 quid. Doesn't matter if I drop it, put it down and forget, and since it is not desirable it won't be stolen. But I am not a big phone user.
|David Pilling, 26th September 2020, 23:13|
Is there a sequel where you set up a spy camera in your locker - would not be a bad app. for a phone take photo of user and send it somewhere.
|Rob, 27th September 2020, 01:29|
I had occasion to use the Find My Phone in earnest a few weeks ago, when my (elderly Sony) got lost/stolen ... It didn't pick up anything. It seems the person who took it had immediately turned it off to prevent such things working. In the end, they obviously had second thoughts about the value of a fairly old, cheap and somewhat tatty phone and contacted me (phone number on lock screen, with "Reward for return") and pretended they had found it .. yeah right. At least I got it back, but I'd already given up and told google to wipe the phone when it next came online. Obviously it didn't, so I was able to cancel that and not lose anything. But yes, Find My Phone turns out to be pretty useless. Especially if you cancel the SIM, which you basically need to do when reporting it missing.
|Mick, 27th September 2020, 01:35|
Agree that 'find my phone' application should be able to turn location on. No more of a risk than allowing someone logged in to your Google account ability to erase the phones content if location is turned on. Agree with David's other reasons why someone may take phone, though can't rule out that thief might just be a bit stupid.
(Felicity? Marte? Find out!)
List all b.log entries
Return to the site index
PS: Don't try to be clever.
It's a simple substring match.
Last read at 23:25 on 2021/08/03.
© 2020 Rick Murray
This web page is licenced for your personal, private, non-commercial use only. No automated processing by advertising systems is permitted.
RIPA notice: No consent is given for interception of page transmission.