About 3.1 million American consumers were victims of smart phone theft in 2013, Consumer Reports projects, based on our latest nationally representative survey of adult Internet users. That’s nearly double the number we previously projected had been stolen during 2012. The survey also projects that 1.4 million smart phones were lost and never recovered last year.
Given how much personal information these devices contain—from photos, contacts, and e-mail accounts to social-networks, shopping, and banking apps—it's understandable that you'd freak out if either misfortune happened to you. Still, there are steps you can take on any phone to guard against thieves.
But many users are still not protecting themselves sufficiently, our survey found. As the infographic below shows, about one-third of the smart phone owners we surveyed recently said that they weren’t taking even the simplest measures to protect their phone and the data on it. (Download the infographic and share it via Facebook, Reddit, Tumblr, Twitter, and other social media.)
The news from our survey wasn’t all bad. The proportion of those who used the simplest protection, setting a 4-digit PIN code to lock their phone’s screen, increased by about 50 percent compared with the year before. And while a 4-digit PIN code is better than nothing, a longer passcode will buy you lots more protection because it takes much longer to crack. Unfortunately, the vast majority of smart-phone owners neglected to take more aggressive measures, such as creating longer passcodes and installing software that could locate their phone or remotely erase its contents.
The cost of such neglect can be huge. According to a study recently released by William Duckworth, Ph.D., an associate professor at Creighton University's Heider College of Business, consumers lose about $2.5 billion per year through the combined cost of replacing stolen phones and taking out premium insurance on their phones. Duckworth says of those he surveyed, the response was 99 to one in favor of carriers providing an option to disable a cell phone if it’s stolen. “With such a strong positive response, I think the interpretation that consumers ‘expect’ a feature like this is warranted,” he told us in an e-mail.
Stolen phones are a popular target for thieves because they represent big money: They’re often sent overseas, where there’s a ready market for them, according to District Attorney George Gascon of San Francisco. Just this week, a BBC investigation exposed a black market for stolen smart phones in London.
The CTIA, an association that represents the wireless industry, just announced that, starting in July 2015, smart phones sold in the United States will include the ability to remotely wipe data from a lost or stolen phone when the phone's owner authorizes it. But it will be more than a year before anyone knows how well this solution works.
In the meantime, efforts by the telecom industry to reduce thefts don’t seem to be helping matters. For example, the CTIA all but admitted to us recently that the database it created and has touted as the best way to curb thefts isn’t working as expected.
Started in November, the database contains a list of the phones that consumers report as stolen. Once a phone is added to the list, wireless providers participating in the program (including the domestic providers Verizon Wireless, AT&T, T-Mobile, Sprint, Cellcom, and Nex-Tech) have said they will refuse to reactivate it, rendering it useless.
The criticism, from the outset, has been that this program can’t address the issue of stolen phones that leave the U.S. and are reactivated abroad by carriers not participating. And that indeed seems to be a problem. When we asked the CTIA how the database was doing, we received the same statement by e-mail that was sent to other media:
“These 3G and 4G/LTE databases, which blacklist stolen phones and prevent them from being reactivated, are part of the solution,” it read. “Yet we need more international carriers and countries to participate to help remove the aftermarket abroad for these trafficked devices.” Follow-up questions we sent to the CTIA went unanswered.
Meanwhile, Congress and the state legislature of California have tried to address the problem legislatively. The federal Smartphone Theft Prevention Act, introduced in the House by Rep. Jose Serrano (D-N.Y.) and in the Senate by Sen. Amy Klobuchar (D-Minn.) in February, would require that all mobile phones sold in the U.S. include a “kill switch,” which is a way to remotely erase data as well as render the phone inoperable if it’s stolen.
The bill is much tougher than the CTIA database, because it requires that phones be made inoperable globally by using technology that renders them useless on domestic and international networks.
“It is not done by telling international carriers not to turn the phone back on,” Serrano said, comparing the bill to the approach used by the CTIA database. “Under the requirements of the bill, if the kill switch is activated, there is nothing for international carriers to do because they won’t be able to turn the device back on.” The bill leaves it to manufacturers and carriers to figure out how to do that. It also requires that the phones must be capable of being restored and reactivated if the phone is eventually recovered.
The California law goes even further. If passed, SB 962 would require a similar measure be taken by 2015. But it also mandates that the kill-switch features be enabled when the phone is sold, which means users won’t have to worry about turning it on.
It might be difficult for the federal bill to pass, given the current climate in Congress. But it’s attracting lots of attention because of the numbers of phones stolen, and is at least raising awareness of the issues. Gascon’s office says it is optimistic about the California bill’s chances.
The closest thing to a kill switch already in the market is Apple’s Activation Lock feature. Available with iOS 7, it requires the user’s Apple ID and password before Find My iPhone can be turned off or the device can be erased and reactivated. Law-enforcement officials are generally happy with it, with one exception. “The only problem with Activation Lock is it’s not pre-enabled,” Gascon said. It also requires that location services be turned on, and many users don’t want their location tracked, so they leave those services disabled.
Samsung’s latest flagship phone, the Galaxy S 5, has a capability that promises to offer features similar to Apple’s Activation Lock. Currently, it’s available only on Verizon and U.S. Cellular, but more are expected to support it.
Check our buying guides and Ratings for smart phones and carriers.
Phone makers and carriers still say they think they can put the brakes on smart phone theft without so-called kill-switch laws. Samsung, for example, says that while it supports the efforts of Gascon and other lawmakers, “We don’t think legislation is necessary.”
“Most manufacturers think it’s an overblown problem,” Roger Entert, analyst for a market-research firm, Recon Analytics, Boston, said.
Legislators disagree. “Phone manufacturers and carriers have, to date, been unwilling to protect consumers in this comprehensive manner,” Serrano said. Meanwhile, as industry and government debate the issues, smart phone thefts continue unabated.
—Donna Tapellini
Consumer Reports has no relationship with any advertisers or sponsors on this website. Copyright © 2006-2014 Consumers Union of U.S.