Mobile Device Security | Buying used devices

Used Tech ipad

Should you buy used technology?

One of the most frequent question I get from the new owners of used mobile devices is one that only the previous owner can answer:

“What is the username and password for the iCloud/Google/Microsoft account to unlock an activation locked device?”

Legislative drivers

Federal, State and local governments have been passing legislation requiring technology OEM’s (Apple, Google, Microsoft etc) to create and deploy a mechanism that makes the device useless if it gets stolen. Some legislators have called for the requirement for a lost or stolen handset or tablet to relay its current location. Others have expressed that the ability for a cellphone to record and report real-time GPS data is a threat to privacy and enables stalkers. The lack of a unified message from government means that Big Tech has to figure out how to create a solution that will placate everyone when it comes to mobile device:

  1. Security
  2. Privacy
  3. Theft deterrence
  4. Hardware recovery
  5. Data integrity

Each of these issues must be addressed. Of course, if any of these categories isn’t  addressed with enough built-in anti-stupid, no one will want to go through the process and therefore no one will understand how it can save your skin in a pinch. There are no guarantees, but registering your device with its respective OEM authentication, remote lock/wipe, activation lock and device tracking service in one of the first things you should do. To get you to do it at system set up the process needs to be:

  1. Easy to set up
  2. Proactive registration
  3. Free basic service
  4. Easy to use.
  5. Shows/adds value to the mobile user experience


Of course there are going to be unintended consequences. The push for activation locks based on secure, encrypted and private accounts might make stolen handsets useless, but they still get sold to the unsuspecting on-line buyer. They also get disassembled and their displays, batteries, logic boards, cameras, rear plates and charger ports get sold to repair shops on the black market.


Best Practice

The best thing you can do, is to complete the set up process in its entirety when it comes to data services registration. Not only will this digitally link your handset or tablet to an authenticated owner by way of a verified user account, these services begin to force multiply when there is more than one mobile or a portable in tandem within your personal technology ecosystem. Here is a checklist of the things you should do to make sure you have the best chance of recovering a lost cellphone, keeping your data from being compromised, getting a replacement that has all of your data in it and make sure the person who stole it can’t sell it to anyone with a little common sense.



These are the things you will want to do for an iPhone or an iPad:

AppleID: Using an AppleID, sign into the integrated iCloud service in iOS. You can do this at set up or ex post facto in the Settings App in the iCloud section. Use your current AppleID or create a new one. If you have any other Apple technology that uses AppleID, make sure you use the same iCloud account on every device.

iCloud: At the very least, configure the handset with Find My iPhone. It is a requirement for remote locks/wipes and Tracking the device with lost mode.

Keychain: Setting up keychain access across your devices will do something cool: Every password you save on the web or any wi-fi network you log into will be available to all devices with the same iCloud account, irrespective of the fact that the device has never even been in that location. Keychain also makes it easy to create and save those 16 and 24 character passwords that satisfy any requirement for a strong password requirement, no one will guess and no one can remember.

TouchID: Biometric security is an additional layer of unique data points that can be stored and used for instant authentication. TouchID is fast, reliable and chock full of anti-stupid. You can’t get it wrong unless you forget where your finger is.

Trusted Devices and 2-Step Verification: If you ever find yourself in a bind where you don’t have your phone because it was lost or stolen, and you want to authorize a new device into your tech-ecosystem, you can set phone numbers (with iMessage capability) and other iDevices or Macs that are registered to you with the common AppleID based iCloud Account and 2-Step verification ensures that no one can make changes to your web-based data services accounts unless they know the password to the service and also have your cellphone. Every time you log into iCloud from a browser, device or location it doesn’t recognize and requires you to verify the log-in with an SMS based code.

Log into there it will show you all of your devices, give you the option to remote access and lock, wipe, enable lost mode (for tracking) and send lock screen messages alerting whine ever may find it that it is lost.



Google Account: Link your device to your Google Account. This will allow you to back up, sync and transfer data between your Android device and Google Cloud services.

Factory Reset Protection: If you don’t set up FRP, anyone can do a local restore-to-factory condition reset. Once that wipe is complete, they can put their Google Account on your handset. If you have FRP set up, it will require your Google account user same and password to finalize the wipe, mitigating a transfer of ownership scenario. Note: FRP can be bypassed on just about all Android devices.

2-Step Authentication: Make sure you have it enabled for accessing your Google Account

Android Lost: This is a 3rd party application that you can read about here.


Windows 10 Mobile

No one really knows. It is delayed until Feb2016…which is now.

%d bloggers like this: