How to delete data from a stolen Android. How to find a lost or stolen Android phone (and delete all data). Locking Android Phones

In this article we will look at how to find an Android phone or tablet if you have already lost it and how to pre-configure your Android device to increase your chances and simplify your search. in case of possible loss.

Instructions will be reviewed based on Avast antivirus, if you chose another one, it’s not scary, all stages are done almost exactly the same way. After installing the antivirus, you must go to the settings (click on functions, select Settings) and check the box for Pin code protection (enter your pin, which you must remember) and another checkbox for Protection against deletion - if an attacker sees the antivirus - without a pin code will not be able to delete it, so we will have more time to search.

After installing the antivirus, go to avast! Anti-Theft and you will be prompted to install the application we need from the Play Market.

In addition to installing the application itself, you need to spend a little time and configure the operation of this program according to the instructions below.
We will configure the Android so that an attacker or a person who finds the phone will not be able to carry out any actions with the phone or tablet (delete, reboot, etc.)

Now you need to create an avast account. To do this, go to the site through a browser id.avast.com and press Create an account now, enter your email and create a password.

Now launch the installed avast application! Anti-Theft:

1. Enter a name
2. PIN code for accessing functions (without knowing the PIN, an attacker will not be able to change the application settings).
3. Enter the phone number to which a message about changing the SIM card with a new number will be sent.
4. Click settings account, log into your account, enter your phone number and password

We have linked the account to our Android device

All actions that you can perform with your phone after it is stolen take place on the avast.com website in your account. More details about these actions will be written after setting up the application..

Setting up the avast! Anti-Theft in an android device

We go to the point Advanced settings and set up theft protection point by point:

1. Protective actions– what the phone will do if you put it into mode "Lost". You need to check the boxes next to the following items:

• block phone- in case of loss, the phone is blocked, further actions only after entering the PIN code;
• alarm – you may not want to enable this function, as this will greatly attract the attention of a thief, and he will want to remove the battery;
• without access to the phone settings - access to the phone settings and, accordingly, to deleting applications is blocked (but for now you can restart the phone and gain access to deletion, so read on);
• low battery notification.

2. Lock text, GPS, erase
Enter text, which will be displayed on the unlock screen if the device is entered into “Lost” mode, for example, “Return for a reward and phone number.”

Device Administrator

In the parameters, check the box next to avast! Anti-Theft - after that in Lost mode an attacker will not even be able to turn off the Android device without removing the battery.

Now your Android device is maximally protected!

How to find a lost Android phone or tablet

The Internet on your lost Android is turned on

You will find out after sending any request from the site. If they write to you that they cannot send a request to the device, it means the Internet is turned off, then read the next paragraph.

We log in from any device, including a PC, to the avast.com website and log into your account. Go to the My devices tab, click View data, in the Select a command column, do the following:

1. We need to find out where the phone is

To do this, select the “Find” item - a request is sent to search for the device. Click on the icon in the Actions column (screenshot) and in the window that opens, select Position on the map.

2. “Call”- we can make a hidden call from a lost device and hear what is happening around. The call only appears in the notification screen.

3. "Lost"- all the actions that we have configured on Android occur, namely:

Here are the most effective actions, you can run the rest according to your desire or situation by selecting the appropriate command in the tab (for example, look at recent calls or SMS, erase all data, etc.)

Internet on lost android is turned off

In this case, we use SMS requests.

After changing the SIM card to the numbers that you added to item Friends You will receive an SMS with the phone number of the new SIM card. You send special messages to this number SMS requests, after which the android will perform the appropriate actions.

SMS must be sent from the numbers that you added in the Friends section

All commands are in the form: PIN code space “command”. For example, let's take PIN code 12345:

12345 LOST - marks the phone as lost

12345 FOUND – marks the phone as found

12345 LOCK – locks the phone

12345 UNLOCK – unlocks the device

12345 SIREN ON – turns on the siren

12345 SIREN OFF – turns off the siren

12345 LOCATE – locates the device

12345 LOCATE 5 - detects the device every 5 minutes

12345 LOCATE STOP – stop tracking

The actions that will occur after requests are identical to those described in the previous paragraph.

These are the main requests we need. If you need additional information (latest SMS, calls, make a call, etc.), write in the comments.

1. Always leave Internet included to access these features if your phone is stolen
2. Put
3. Do

So, we have sorted it out for you how to find a lost android phone or tablet with presetting software and without her. By the way, you can also take out theft insurance along with the purchase of a new device.

It took 3 days to check all the actions and write the article, and as a rule, even people who pay $200 for setting it up in a store (as well as those who do it :)) do not have such information, so we will be very grateful if you tell us about this article to your friends. This can be done using the buttons social networks under the article. Rest assured, they will only thank you for this information.

To find stolen or lost phone(under Android control) or use other functions remote control, go to the official portal https://www.google.com/android/devicemanager(you need to log in with your Google account). The first time you visit the site, you will need to agree to the terms and conditions that allow Device Manager to use location data.

Next, you can select your Android device (phone, tablet, etc.) in the menu list and perform one of three tasks (for the first two, changing the settings is not required and they work even if you did not enable the device manager, as was the case described above):

1. Find your phone on the map(can be read in the article “”).

2. Make him serve sound signal , so that you can find it under the sofa, or play on the kidnapper’s nerves. Even if your phone is muted, it will still ring at full volume.

3. And finally, the last option allows you remotely erase all data from the device. This function resets your phone or tablet to factory settings. However, to take advantage of this feature, you must set up your phone in advance. You can find out how to do this by following the link in the notification ().

So, now, if you lose your beloved smartphone, you don’t have to worry about the data becoming known to third parties.

(Visited 22,896 times, 3 visits today)

Google has finally developed special tool, allowing owners to find their lost Android smartphones. The “search” function is available even to those who have not updated the software, and, therefore, have not installed special applications or changed settings. You can not only find a lost smartphone on the map, but also use the function of deleting user information remotely. Also, a tool from Google allows you to remote call, when the smartphone was stolen or found and the SIM card was replaced by the new owner.

What you need to find an Android phone

But all user information from a lost mobile device can only be deleted if there is certain settings. This is done simply and free of charge: in Device Administrators, you need to check the corresponding box and agree to the changed parameters. Just two clicks open up new opportunities for you. You will not need to download any utilities to find your lost phone or perform some actions remotely from a PC or any device where you have access to your account. Google posts.

And even if you are pedantic, attentive and absolutely sure that you will never lose your mobile device, we recommend that you do not neglect the opportunity to get new features. You never know...

To take advantage of new features from the developer operating system, you need to have any Android mobile device that is linked to a Google account.

On a note! Until three years ago, only Google business account users had access to Device Administrator. Now remote control of Android is available on standard accounts. And the option appeared on the mobile device by default, without updating the software and configuring certain parameters. The option is available to all users without exception, since it is not tied to the operating system, but to the account.

Enabling Android Remote Control

On a note! If your smartphone has more than old version software, look for and check the boxes that allow you to find your phone remotely and reset the settings to factory settings.

That's how easy, quick and simple you enabled the remote control function. There is no need to take any further action: use your mobile device as usual.

Remote control Android

New functionality operating system Google Android will allow you to find lost devices, delete user information and settings remotely and not lose sight of your children.

Let's imagine the following situation. We find a smartphone running Android 4.1–4.4 (or CyanogenMod 10–11) and instead of returning it to the owner, we decide to keep it and extract all the confidential information we can from it. We will try to do all this without specialized tools like various systems to directly take a dump from NAND memory or hardware devices to remove S-ON and so that the owner does not know what we are doing and cannot remotely find or block the device. Let me make a reservation right away that this is not a guide to action at all, but a way to explore the security of smartphones and provide information to those who want to protect their data.

WARNING!

All information is provided for informational purposes only. Neither the author nor the editors are responsible for any possible harm caused by the materials of this article.

Priority actions

So, we got our hands on someone else’s smartphone. It doesn’t matter how, it’s important that we already have it. The first thing we must do is to disconnect it from the cellular network as quickly as possible, that is, following the commandment of the Gopniks, remove and throw away the SIM card. However, I would recommend doing this only if the SIM card can be removed without turning off the smartphone, that is, either by carefully lifting the battery, or through the side slot if it is a smartphone with a non-removable battery (Nexus 4/5, for example). In all other cases, it is better to limit yourself to turning on airplane mode, since it is quite possible that the encryption mode for user data is activated in Android and, after turning it off, the smartphone will be locked until the encryption key is entered.

Also, under no circumstances should you connect your smartphone to any Wi-Fi networks, since, perhaps, the tracking software installed on it (and it is already built into Android 4.4.1) will immediately begin its work and you can run into a “chance” meeting with the owner and his friends (you don’t have to worry about the police, they’re such a victim will send). Front camera I would tape it with something just in case, perhaps she is taking pictures now and they will be sent at the first opportunity.

Lock screen

Now that we have secured our person, we can begin the excavations. The first obstacle we'll have to get around is the lock screen. In 95% of cases it will not have protection, but we cannot forget about the remaining five percent.

There are three main types of secure lock screen in Android. This is a four-digit PIN code, a pattern or a face photo. To unlock the first two, a total of twenty attempts are given, divided into five pieces with a “minute of rest” between them. There are several attempts to unlock using a face photo, after which the smartphone switches to a PIN code. In all three cases, after all attempts fail, the smartphone is blocked and asks Google password.

Our task is to try to bypass the lock screen so as not to fall back on the Google password, which we definitely won’t be able to guess. The easiest way to do this is using a USB and ADB connection:

$ adb shell rm /data/system/gesture.key

Or like this:

$ adb shell $ cd /data/data/com.android.providers.settings/databases $ sqlite3 settings.db > update system set value=0 where name="lock_pattern_autolock"; > update system set value=0 where name="lockscreen.lockedoutpermanently"; >.quit

However, this method has two problems. It requires root rights and will not work in Android 4.3 and higher, since access to ADB requires confirmation from the device, which is impossible to do when the screen is locked. Moreover, ADB access can be disabled in the settings.

We can go down a level and use the recovery console to delete the lock key file. To do this, just reboot into the recovery console (switch off + power on while holding down the volume up key) and flash the following file. It contains a script that will delete /data/system/gesture.key and remove the lock without disrupting the current firmware.

The problem with this approach is the dependence on a custom recovery console. The stock console simply will not accept the file as signed incorrectly digital signature. In addition, if data encryption is activated, during the next boot the phone will be locked and only complete removal all data that runs counter to our task.

An even lower level is fastboot, that is, manipulation of the device at the bootloader level. The beauty of this method is that the unlocked bootloader allows you to do anything with the device, including downloading and installing a custom recovery console. To do this, just turn off your smartphone (again, we make allowances for data encryption) and turn it on in bootloader mode using the power button + “volume down”. After this, you can connect to the device using the fastboot client:

$fastboot devices

Now we download the “raw” image of the custom recovery console (with the img extension) for “our” device and try to download it without installation:

$ fastboot boot cwm-recovery.img

If the bootloader of the device is unlocked, the smartphone will reboot into the console, through which you can activate the ADB mode, use it to download the “update”, the link to which is given above, and flash it. Next, it will be enough to reboot to get full access to a smartphone. By the way, if you become the owner of one of the Nexus devices, you can easily unlock its bootloader like this:

$ fastboot oem unlock

But this is just food for thought, since the unlocking operation automatically resets the device to factory settings.

Now let’s talk about what to do if all these methods don’t work. In this case, you can try to find a bug in the lock screen itself. Surprisingly, despite the absence of such in pure Android, they are quite often found in the lock screens of proprietary firmware from the manufacturer. For example, in Galaxy Note 2 and Galaxy S 3 on Android based 4.1.2 a funny bug was once found that allowed you to briefly access the desktop by simply pressing the Emergency button, then the ICE button (bottom left in the dialer), and finally the Home button. After this, the desktop appeared for literally half a second, which was quite enough to remove the lock.

An even dumber bug was found in the Xperia Z: you could dial a code on the emergency dialer to enter the engineering menu ( # #7378423## ), use it to get to the NFC Diag Test menu and then exit to the desktop by the same press of the “Home” button. It’s very difficult for me to imagine how such wild bugs could appear, but they exist.

Regarding the bypass graphic key, everything is quite simple here. It can be disabled in the same way as the pin code, but there are two more additional features. Firstly, even despite the impressive number possible options keys, people, due to their psychology, most often choose a key that is similar to one of the letters of the Latin alphabet, that is, the same Z, U, G, number 7, and so on, which reduces the number of possibilities to a couple of dozens. Secondly, when entering a key, your finger leaves a not at all illusory mark on the screen, which, even blurred, is quite easy to guess. However, the last minus can be easily offset by a protective matte film, on which marks simply do not remain.

Well, the last thing I would like to talk about is the so-called face control. This is the most clumsy blocking option, which, on the one hand, is very easy to bypass by simply showing the smartphone a photo of the owner, but on the other hand, it is quite difficult, since without even knowing the owner’s name, it is not possible to get his photo. Although it's certainly worth trying to take a photo of yourself, it's quite possible that you look like the previous owner.

Inside

Let's say we bypassed the lock screen. Now our actions will be aimed at getting as much information as possible from the smartphone. Let me make a reservation right away that the password for Google, services like Facebook, Twitter and the number credit cards we won't get it. Neither one nor the other is simply available on a smartphone; instead of passwords, authentication tokens are used, which provide access to the service only with of this smartphone, and the latter are stored on the servers of the corresponding services ( Google Play, PayPal), and the same tokens are used instead.

Moreover, you won’t even be able to buy something on Google Play, since it latest versions force you to ask for your Google password every time you make a purchase. This function, by the way, can be disabled, but even in this case the meaning of purchases will be lost, since all the content will be tied to someone else’s account.

On the other hand, we may well, if not hijack accounts completely, then at least read the user’s mail, Facebook and other personal information, and there may already be something interesting there. In this case, Gmail will give a special profit, which can be used to restore your account to other services. And if the user has not yet had time to go to the communication store to block the SIM card, then it will be possible to confirm his identity using the phone number. But you should only do this after disabling all security mechanisms (we don’t want to be tracked using anti-theft).

Removing anti-theft

All applications for tracking smartphones running Android can be divided into three groups: “trash”, “toys” and “pull”. The first ones are distinguished by the fact that they were written by technical school students in three hours and, in fact, represent the most regular applications, who can take data from a position sensor and send it to an unknown location. The special beauty of such software is that they are very easy to detect and remove. In fact, just go through the list installed software, enter incomprehensible names into the search, identify anti-theft programs and remove them. This is exactly what needs to be done at the first stage.

The second type of application is something that claims to be a serious tool, but in reality it is not one. Typically, such software can not only send coordinates to a remote server, but also hide itself and protect itself from deletion. The second function is usually implemented by creating the application as a service without GUI. In this case, its icon will not be visible in the list of applications, but the application itself, of course, will hang in the background, which is easy to determine using any process manager.

Protection against deletion in such “software” is usually implemented by registering yourself as a device administrator, so the second action you need to take is to go to “Settings -> Security -> Device Administrators” and simply uncheck all the applications listed there. The system should request a PIN code or password, but if it is not already on the lock screen, then access will be granted immediately. It's funny, but Google's anti-theft, which is actually built into the OS, is disabled in exactly the same way.

Finally, the third type of application is anti-theft, which was programmed by people. The main difference between such applications is that in addition to camouflage, they can also register themselves in the /system partition (if there is root), which is why you should delete them standard means becomes impossible. The only trouble is that they will still be visible in the list of processes, and to disable them, just go to “Settings -> Applications -> All”, then click on the desired application and click the “Disconnect” button.

That's all the protection is. This list should also include normal applications, implemented as a kernel module or at least a native Linux application, which no standard process manager will show, but for some reason I haven’t seen them yet. On the other hand, the ps and lsmod commands would still expose them (unless it was a proper backdoor), so the level of stealth would not increase much.

Root and memory dump

The next step is taking a dump internal memory. We cannot be sure that there are no bookmarks left in the phone, especially if it is proprietary firmware from HTC and Samsung, so before turning on the network it is better to save all its data on our hard drive. Otherwise, they may be deleted as a result of a remote dump.

For this, it is imperative that root rights(unless, of course, the phone is not rooted yet). How to get them is the topic of a separate article, especially since each smartphone has its own instructions. The easiest way to find them is at thematic forum and execute by connecting your smartphone to your computer via USB. In some cases, rooting will require a reboot, so it is better to immediately make sure that the smartphone data is not encrypted (Settings -> Security -> Encryption), otherwise after the reboot we will lose access to it.

When root is obtained, simply copy the files to HDD using ADB. We are only interested in the /data and /sdcard partitions, so we do this (instructions for Linux):

$ adb root $ adb pull /data $ mkdir sdcard && cd sdcard $ adb pull /sdcard

All files will be received in the current directory. It should be noted that if the smartphone does not have a slot for an SD card, then the contents of the virtual memory card will be located in the /data section and the second command will simply not be needed.

What to do next with these files, only your imagination will show. First of all, you should pay attention to the contents of /data/data, all the private settings of everyone are stored there installed applications(including system ones). The formats for storing this data can be completely different, but the general practice is to store it in traditional Android SQLite3 databases. They are usually located along approximately the following paths:

/data/data/com.examble.bla-bla/setting.db

You can find them all using find commands on Linux running in the original directory:

$find. -name\*.db

They may contain not only personal data, but also passwords (the built-in browser stores them exactly this way, and in open form). You just need to download any graphic manager SQLite3 databases and enter the password string in its search field.

Application Research

Now we can finally turn off airplane mode so that the smartphone can communicate with Google services and other sites. There should no longer be a SIM card in it, and location determination (including by IP) can be disabled in “Settings -> Location”. After this, it will no longer be possible to track us.

What to do next? Go through correspondence in Gmail, find passwords. Particularly scrupulous people even create a special folder for letters with passwords and confidential information. You can also try to request a password change on services with confirmation via email, but in the case of Google, Facebook, PayPal and other normal services this will only work if you have a phone number, for which you will have to return the SIM card to its place.

In general, everything is standard here. We have an email, perhaps a phone number, but no passwords for services. All this should be enough to hijack many accounts, but whether it is necessary or not is a more serious question. The same PayPal or WebMoney account is extremely difficult to restore even for the owner himself, and the information received here will clearly not be enough. The point of hijacking accounts from Odnoklassniki and other similar sites is very questionable.

You can clear the /system partition of possible bookmarks by simply reinstalling the firmware. Moreover, it is better to use an unofficial one and flash it through the standard recovery console. In this case, the anti-thief will not be able to backup itself using the functions of the custom console.

conclusions

In no way do I advocate doing what is described in this article. The information it contains, on the contrary, is intended for people who want to protect their data. And here they can draw several obvious conclusions for themselves.

• First: to protect information on a smartphone, only three simple mechanisms already built into the smartphone are enough: a password on the lock screen, data encryption and disabled ADB. Activated together, they will completely cut off all access paths to the device.
• Second: having anti-theft on your smartphone is a very good idea, but you should not rely on it 100%. The best it can provide is the ability to delete data if it gets caught by a less than smart thief.
• And thirdly, the most obvious: immediately after losing your smartphone, you need to revoke your Google password, change passwords on all services and block your SIM card.

If you are working with outdated free version G Suite and want to use this feature, upgrade to G Suite Basic.

A mobile device allows an employee to work with important information and corporate account. If a user leaves the organization or loses their phone, you can remotely remove corporate applications and data, corporate account, work profile, and erase information from their device. At the same time, corporate data will continue to be available through the browser and from other authorized mobile devices.

Preparation

You can delete all applications and data or just the corporate account.

• Delete all data, if personal or enterprise device lost or stolen.
• Delete your corporate account from an employee’s personal device if he leaves the company.

Exactly what data is deleted depends on the type of device. detailed information is given in the table below.

Note. In basic control mode mobile devices You cannot delete all applications and data. This feature is only available if you have advanced management options applied and your device has Google app Apps Device Policy (Android), Device Policy profile is configured ( Apple iOS) or used Google Sync(G Suite only).

*Removal performs a quick wipe rather than a complete wipe of the SD card. Data is only deleted from the primary connected SD cards, but remains on read-only cards.

If your device is not lost or stolen and you have access to it, follow the instructions below.

• Make sure the user can sign in to the corporate account.
  • If the user doesn't know the password, reset it before deleting data from the device. Otherwise, he will be able to log into the device only after 24 hours.
  • If your account is blocked, restore it.
• If for Android devices Factory reset protection is enabled, make sure you can access it using other admin accounts. These accounts must be active, otherwise the device will be unavailable after restoring factory settings.
• Before erase all data or account, log out of the corporate account and delete it.

How to delete data or corporate account from a device

The next time you sync, the information will be deleted and your device settings will be reset (if applicable). Typically, data is deleted from the device within a few minutes, but sometimes this operation can take up to three hours. After this, in the administrator console the device will be assigned the status Data deleted or Account deleted. If the device is offline, the operation will be completed once it returns online. Before this, its status in the admin console will be shown as Deleting data.