Quote:
Originally Posted by catsec
It's a fine line. Sure, software making use of GPS services can help users find and/or retrieve lost mobile devices, but such applications have an incredibly deep access to mobile device operating systems and services and can pose a very legitimate security risk.
In my view, it all comes down to a balance, and the balance resides in personal responsibility. If you are susceptible to losing your mobile deice, you are susceptible to being owned, not just through malicious hackers, but also through mobile GPS tracking applications.
The old adage stands true; if attackers have physical access, there's nothing you can do. The point shouldn't be, "what can I do in case I lose physical access to my mobile device?" The point is, don't lose physical access to your mobile device, otherwise you're owned, no matter what.
That's almost certainly true, but here in the UK at least, most miscreants who get hold of your phone are not going to be remotely interested in your data. In terms of real-world risks finding your phone is going to be generally more advantageous than not being able to do so. I'm all for the tin foil hat (for example I stay resolutely logged out of my Google and Facebook accounts, depsite having Ghostery, Disconnect, and various other things installed in my browser) but I'm pretty sure the risk of losing your device AND it falling into the hands of someone who can and does exploit the location software you're running on it is minimal compared to the risk of just losing it.
Of course, the real solution here is to make sure you lock your device at all times, and that you protect it with as complex a passcode as it will allow. For example, iPhone fans, those four digits are nowhere near the full extent of what's possible: visit Settings to extend the length of your passcode. Similarly, set your device to wipe after x wrong attempts to log in.