Why You Should Be Careful When Sending Your Pixel or IPhone for Repair
None of us would want to give our phones to anyone else if we thought they were going to steal and leak our personal data – but recent reports show that some Apple and Google repairmen are doing just that.
Game author and designer Jane McGonigal is the latest known victim of a phone sent in for repairs to be intercepted and used to find and leak personal data. According to McGonical on Twitter, the phone was apparently “lost” at a Google repair shop, so she bought a replacement. A few weeks later, the seemingly missing phone was used to access and steal photographs and other sensitive data. McGonigal says the thief “opened up a bunch of selfies in hopes of finding naked people” based on activity logs.
This has happened before, and not just with Pixel users. Several replies to McGonigal’s original tweet mention similar situations where photos, data, and even money were stolen via phones sent to Google for repair. And back in June, Apple paid $ 2 million in compensation to a woman whose nude photos were stolen by iPhone repair technicians working on her phone and leaked.
Hopefully Apple and Google will soon start allowing US users to do a wider range of home repairs without risking the functionality of their device , but for now, mailing a broken phone or handing it over to a repair technician are the only options. for the majority of people. So how do you keep your photos, files, and accounts safe from being tracked by repair technicians, thieves, or anyone else who gets to your phone?
Well, the obvious preventative measure is to always keep all sensitive data outside of your devices and accounts. Unfortunately, this is not always possible. We all have personal data on our devices that we don’t want people to see – I mean not only naked images or illegal texts, but also financial information, saved passwords, and much more.
This is why it is worth taking the time to prepare your device before sending it in for repair . The most important thing is to move sensitive data saved to a different location. You can move it to a separate cloud drive that’s not associated with your Google Drive or iCloud account, or save it to your local hard drive. Bonus points if encrypted. After that, log out of your accounts and, if possible, do a factory reset.
But that won’t help if your device is unusable or you’ve already shipped it. In this case, sign in to your account (s) from a different device, enable two-factor authentication and sign-in alerts where possible, and update your passwords. You can also keep track of which devices are actively signed in to your Google or iCloud accounts. If you receive an unexpected login alert or notice suspicious activity, you can use the Apple Find My app or Android’s Find My Phone feature to log out of devices remotely through a browser.
Unfortunately, these are not infallible decisions: as we saw in McGonigal’s case, the thief knew how to hide what they were doing and bypass McGonigal’s attempts to interfere with their activities. However, monitoring your accounts can prevent someone from accessing your data and applications if you catch any suspicious activity in time.
[ The Verge ]