Not long ago, after a tiring business trip, I left my knitting bag with my Nexus 7″ tablet on the plane. I realised it was gone before my connecting flight left, and thanks to some helpful United Airlines people, got it back in time to make that flight home. I did have a few panicked minutes though, wondering where it was, whether someone had it, and what to do about the data on it. Since then I’ve implemented more security measures, especially when travelling.
Of course, the first thing to do is make sure there’s a PIN or pattern or other lock on the screen. I don’t usually bother with this at home, but when I travel I do.
Top of my list for the secondary layer, after the password for the entire device, are passcodes for both Dropbox and Evernote; I keep personal information in one and client information in the other. You can unlink a given device from Dropbox and revoke access to Evernote from another machine, but that won’t necessarily stop someone reading the information already on the device. Security or passcodes solve the idle curiosity problem, at least to some extent (this is a premium, i.e. pay-for feature on Evernote). Dropbox also gives you the option of two-factor authentication, and of course you can encrypt the files that you store.
For actual passwords and smaller items of information, I use LinkeSoft Secret!, although I may move away from it since it doesn’t sync the Android password store to the Mac. I’m paranoid enough that I don’t do online banking on my phone or tablet; I have my bank’s app on my phone but only to find the nearest location of a cash machine or branch.
I already have a PIN required for anyone to buy an app on the device; this also stops my daughter buying games or in-app purchases. (In the Google PlayStore, under Settings, it’s the ‘Use password to restrict purchases’ setting.)
I have Lookout installed, which has options to find your phone, then lock it, and even remotely wipe your phone’s data; fortunately I didn’t need to try it out but there is a certain peace of mind in knowing that nuclear option is available.
What all of these apps have in common is the assumption that you may have more than one device running Android, which is more than I can say for Google accounts. If you go into your account settings, security, manage access, you are confronted with something that looks like this:
Google access to sites and apps
which doesn’t give me any clues as to which of the many ‘revoke access’ buttons I should push to revoke access to a specific device. Surely Google could have figured out that some people might have more than one Android device, or more than one application or web site wanting access?