Every once in a while you come across opportunities you can’t turn down. A couple of months ago I ended up being filmed for a TV show here in Norway called “FBI”. FBI in this case being an acronym for “ForBrukerInspektørene” which would translate to Consumer Reporters or something along those lines in English. The concept of the show is dealing with issues concerning consumers like shops and manufactures not treating customers properly; testing new computers, car seats for children, washing machines and whatnot. The show airs on the Norwegian public broadcasting channel NRK. Other Europeans will surely be familiar with the concept of TV owned by the government; think BBC if you don’t have something similar where you live
In addition to these things they will occasionally do segments where they do a deep dive into a chosen topic, and this time they did a story on mobile phones being lost and stolen
While the footage itself is a couple of months old, it didn’t air until a few days ago. The show can be viewed online, though it’s obviously not of much value if you don’t happen to understand Norwegian:
(I don’t know if there are any IP restrictions; I didn’t see any errors when accessing from a US IP address though it didn’t work either – which might be because I was surfing from a Windows Server box without the proper codecs.)
But as I said, the clip is probably of limited value to most of you, so my point was rather to summarize some findings from participating in this.
The backdrop is that we intentionally left a device in public where we expected someone would find it, and possibly run off with it earning themselves a new gadget. The device in question was a Galaxy Nexus so it should be of interest unless you’re a diehard iPhone fanboy. It also had a pre-paid SIM card so it would be possible to use it right off the bat. The device was pre-loaded with contact information, and a sticker with a phone number on the battery, so it would be possible to return it if you found it and had honest intentions of returning it.
Now, of course we didn’t just leave a device in the wild without preparing it. The device was configured with an MDM agent in advance so we would be able to track the device and monitor it
The first thing that really surprised us was that it was actually difficult to get rid of the device. The people that found it would inevitably either deliver it to the nearest shop or street vendor, probably in the hopes that the owner would have an idea where they lost it, return to the spot and ask around for it. It took us two hours before the device disappeared! Granted, this was in broad daylight – it might have been different if we left it out during the weekend right in front of a night club. So while we hear all these stories about devices being stolen right out of our pockets there are actually honest people out there as well. I don’t question the fact that there are people stealing devices, but leaving it on a bench seems to give you better odds than running into professional pickpockets.
In the past you might have been worried that GPRS settings would not work if the SIM card was replaced. That I am happy to say, is apparently not an issue any longer. The SIM card was swapped out a few hours after leaving our sight, and the device has since seen a number of different SIMs from different operators. The data connection would still live on and report back to the MDM server like clock work. I had configured the device to respond to push messages, (silent ones of course), and also connect on a schedule as a backup. Both mechanisms worked like advertised. The push notification through Google’s servers was sometimes delayed by up to thirty minutes so do account for that. Pushes are not queued, so if for some reason the push doesn’t work because the device is off or something is blocking data throughput you will have to trigger another push – it will not figure out by itself that the push was missed.
GPS coordinates were also faithfully reported, with varying precision. While you will of course have a good idea where it is, it’s difficult to know the precise location if you have a radius of a hundred meters and a bunch of buildings nearby. It was however very useful for tracking the patterns of where the device went.
The best indicator of location was probably Wi-Fi. The device would log whenever it had been used with a Wi-Fi hotspot, and report the SSID to the server. While I get the impression that IT people will be very creative when it comes to naming their access points most people are less fun in that respect. If you go into a café and log on to their Wi-Fi you can almost be sure they’ve named the wireless network the same as the café. This was able to give me a very good idea of the places the device had been one Saturday night.
I setup the device with a Google account in addition to installing MDM, and you know what? Mail isn’t the only thing syncing by default. Contacts? Yeah, they’re present in Gmail too. Snapping pictures with the camera? Picasa got you covered. Geotagging of the pics seems to be turned off however.
For a number of reasons we weren’t able to retrieve the device in the end. We were however more than happy to send out a remote wipe to it, and since that was the last time it connected to the server I would think that worked as intended
So are there any takeaways here or is it just anecdotal musings? Well, a major thing for me was that while you sometimes go a bit glassy-eyed when a customer asks what you’re able to do with devices that go missing in action, (not just the theoretical bits, but what actually happens), this gave me first-hand experience that MDM could be trusted to work as intended. We had no fall-back plan here even if it was TV; it was possible that we wouldn’t be able to track the device for some reason. It was one device, one chance, and we got lucky. (Leaving multiple devices out there to increase the chance of success felt a bit rich.)
I was a bit worried about data connections as well, but as already mentioned this also worked flawlessly. It doesn’t matter if the SIM is swapped as long as your MDM isn’t hardwired to use this means of communication. (Preferably your MDM solution should support both SMS and push based notifications.) And for the days when I couldn’t push initiate a connection the schedule worked over Wi-Fi as well, so even without a SIM you should be seeing some feedback from the device. Nice.
And who would have though SSIDs would come that handy? Wi-Fi is your friend when the device is not in your hands, think twice about what kind of tracks you’re leaving when it’s still in your possession
Not to mention – it was fun as well