50

My stock Android 9.0 gives me the option of showing some short text message on the lock screen. I want to add my email address here, so people know how to contact me if they find my phone.

Are there any downsides to this? The address is linked to the Google account that's used on this phone.

I know there are other options for getting my phone back, like find my phone, but I want a method that allows the finder to find me instead of the other way around.

schroeder
  • 123,438
  • 55
  • 284
  • 319
freekvd
  • 463
  • 4
  • 6
  • 10
    Mine shows my other half's cellphone number and my home phone number. Probably slightly more accessible to people - more people have access to a phone than have email. – Criggie Feb 13 '19 at 10:04
  • I also have the mobile number for my sibling (Including intl country code), as they are rarely with me but know how to contact my `other half` in case my other half and I are both unreachable. – Dean Meehan Feb 13 '19 at 10:40
  • 4
    Most new phones have an emergency call feature which gives any user access to some preset emergency contacts. If this fails the find my phone option is by far the easiest if you lose it as you can make it automatically lock and print a message of your choice on the screen. – Bex Feb 13 '19 at 14:33
  • @Criggie but the police definitely have access to email, so worst case (for someone willing to return it, of course), the police will do it for them. – user185163 Feb 15 '19 at 04:49

5 Answers5

81

Your email address is generally public knowledge, so disclosing it is often not a big security risk.

But it gets complicated when it's your phone. Because your email address is often used as your username to log into services, and you (should) use your phone as a second factor when logging in, tying those two pieces of data might have unintended consequences. Yes, you (should have already) encrypt your phone and you (should) have a strong password to log into your phone, but there are risks depending on how you implemented everything.

The better option to do what you want is to display a secondary address that you do not use as a username anywhere. This is easy to do and to simply forward all emails from there to your primary address.

schroeder
  • 123,438
  • 55
  • 284
  • 319
  • 30
    +1 for the suggestion of using a secondary address. In addition, the secondary address should not contain your real name as it would be fast to find the public address knowing your name and the location the phone was found/stolen. – Esa Jokinen Feb 13 '19 at 08:34
  • 6
    I'd also point out that _getting into_ your email account (to read the message about your phone being found) might be complicated by the loss of the phone (as the second factor). – Roger Lipscombe Feb 13 '19 at 09:21
  • 3
    @EsaJokinen I'm not sure about the value of that. The entire purpose of adding the email address is so that the person can physically interact with the phone owner. Either to hand the phone to the owner or to mail it. Secondarily, if you set up your phone to show notifications, the person with the phone will gather all kinds of personal information. To take advantage of what you suggest, you would *also* need to employ a few steps of opsec. – schroeder Feb 13 '19 at 09:21
  • This addresses my concerns perfectly, thanks for the answer! I do have some two-factor authentications in place (for private banking and for all work-related information; and of course for the google account). I also have a backup for the google two-factor auth on an old, powered down phone so I should be able to access the mail account even if I lose my phone. – freekvd Feb 13 '19 at 12:04
  • 34
    A friend of mine used to put their mobile phone number on the lock screen, so that anyone who found the phone could call them to let them know and arrange a return. ‍♂️ – Lightness Races in Orbit Feb 13 '19 at 13:07
  • 2
    @EsaJokinen I also agree with hiding your name to make it more difficult to find your public address. If you lost your phone (or got it stolen), it is very possible that the same happened to your home or car keys. Don't make it easy for a malicious person to use them. – Didier L Feb 13 '19 at 13:23
  • 5
    We also have to remember that a person returning the phone is probably a different person than the one we are trying to protect our information from. We must think these use cases separately. After the initial contact from someone who has found the phone we can decide what more information we are willing to give, while we can keep everything hidden from the perpetrator. – Esa Jokinen Feb 13 '19 at 13:26
  • 1
    On my lock screen I have a https://return.me/ ID and toll-free number. – Michael Hampton Feb 13 '19 at 15:04
  • @LightnessRacesinOrbit I put my phone number on my lock screen, too. I like doing that better than my email address. I can get texts from any computer and make/receive calls so long as the computer has a mic. – Brad Feb 13 '19 at 19:12
  • +1 This is what I do, and good detail that the secondary email should be non-identifying. – DoubleD Feb 13 '19 at 20:22
  • "Your email address is generally public knowledge, so disclosing it is often not a big security risk." Try telling that to all the folks who were raising a big stink about it in the recent GDPR thread on Meta.SO. To hear them talk, you'd think it was a bigger deal than your Social Security number getting out! o_0 – Mason Wheeler Feb 13 '19 at 23:47
  • At least in outlook you can create alias for your account, and then you can use it, and the mail will go as if it where for your main account. On gmail I'm not sure, the only one I know is to add a **+** followed by whatever you want, but that still gives away your main account. – auhmaan Feb 14 '19 at 14:37
  • Last time I tried to protect an Android phone with a strong password it was rejected because it was too long. – kasperd Feb 14 '19 at 21:02
12

If the goal is to allow a sincere finder to contact you but prevent leaking any information:

  1. Lock the phone properly (strong password, fingerprint etc.)
  2. Encrypt the contents.
  3. Hide details for notification from the lock screen.
  4. If possible, prevent answering to any phone calls without authentication. That's probably the hardest step to achieve, and anyone who calls you may accidentally reveal your identity, not to mention if a phone call is chosen for a 2FA method.
  5. Use a secondary email address that could not be linked to you.

As in Schroeder's excellent answer, the email address is not the most crucial information a phone could leak. The #5 is only truly useful if you have achieved everything in #1-4, as any of #1-4 can make it trivial to find the information hidden in #5.

Esa Jokinen
  • 16,100
  • 5
  • 50
  • 55
  • 1
    Is fingerprint really that good when it's relatively trivial to lift fingerprints, sometimes off the phone itself and create moulds to access the device – Expired Data Feb 14 '19 at 10:50
  • 2
    Depending on the fingerprint sensor it seems hard to get it to work even with the actual finger. ;) One added layer of security is to use a password for unlocking the phone and the fingerprint sensor for other authentication once the phone is unlocked. – Esa Jokinen Feb 14 '19 at 10:59
3

There is a better solution.. Display instead the phone number of the person you want contacted in case of emergency, labeling it clearly 'ICE' (which means 'in case of emergency' to all emergency workers). Then if you get in an accident and are unconscious your person will be contacted a lot faster. And as a side effect if you lose your phone a friend will get quickly notified too

George M Reinstate Monica
  • 452
  • 2
  • 6
2

I would consider that the main risk of placing the email address there is that in case it is lost, it would be a phishing target for unlocking the device.

This is quite common with Apple devices: iPhone is lost/stolen, and thus the owner locks access to the phone, so it's no longer possible to use this device (unless accessing the Apple account of the owner). However, the message shown for those that find it often includes the email address associated to the account. Thus, what attackers do (actually there are people selling this 'service') is to send a phishing email there claiming to come from Apple and stating that the iPhone has been found, that actually leads to a phishing page from which the credentials of such accounts are harvested for freeing the device.

I find that the same approach would equally work with an Android phone. If the email address shown is the Google account linked to the device (as it'd be usual to be), phishing the account credentials would allow unlocking the device.

Using a secondary email address exclusively for that (which should then receive 0 mails, and you may not even look at until you lose your phone), and not linked to the phone, should help.† Although you should be very wary that anything received there should be presumed to be a phishing attempt (note that any notification regarding the lost phone would not be sent there, only a human that had read the message would direct phone-related mails there!).

† Of course, store the name and password for that email safely, as well as of the primary account where the device backups everything.

Ángel
  • 17,578
  • 3
  • 25
  • 60
  • Some assume every lost phone is stolen. I once found one and was trying to figure out how to contact the owner when she tried to video call me to get the face of "the stealer". – Esa Jokinen Feb 15 '19 at 16:52
0

Including your email there is a pretty risky move. Imagine you lose the phone and a bad guy finds it:

  • he sees the email and goes to example.com and tries to log in
  • since he doesn't know the password, he chooses to recover the account by sending a token to your (now his) phone
  • the text notification on the phone displays the token since it isn't very long (and you have it configured to show that preview)
  • now he can change the password of example.com and that account is gone

He can repeat that for other services and cause a lot of damage, so don't include your email. Look at the other answers that provide good advice (in this answer I just wanted to point out how easily things could go wrong).

schroeder
  • 123,438
  • 55
  • 284
  • 319
Felipe Pereira
  • 747
  • 4
  • 10
  • 1
    This is basically my answer, but your take on it requires a very specific set up for lock screen notifications, how 2FA is used, and how the password reset process works on the site's side.... – schroeder Feb 14 '19 at 13:26
  • @schroeder, exactly, that's why I added the bits related to _specific set up for lock screen notifications, how 2FA is used, and how the password reset process works on the site's side_, mentioned to look the other answers (including yours) and also told why my answer was estructured that way – Felipe Pereira Feb 14 '19 at 13:30
  • 2
    In any event, my comment still stands. I'm not sure that this adds anything and it requires a very specific set things to be true to be relevant. – schroeder Feb 14 '19 at 14:27
  • @schroeder well, you didn't suggested that I reacted to your comment, you just went ahead and stated it by saying _Those additions came after my comment._, and that isn't true at all, again, the answer wasn't edited after I posted it, there is no way you can have read two versions of it, unless you as a mod can see the draft while I'm writing it. In case you are not sure if this answer adds anything, I elaborated on what you mentioned in _might have unintended consequences_, it adds a clear example of an exploit against having the email there. – Felipe Pereira Feb 14 '19 at 14:37
  • 1
    Also not an answer if you refer to another answer which could be modified or deleted in the future. – pipe Feb 14 '19 at 16:02
  • @pipe I've seen countless examples of answers citing other's answers, here on infosec and also in the rest of the SE network. If you believe that an answer provided by a mod, highly upvoted and accepted by the OP is likely to be deleted I can't prevent you from thinking otherwise. – Felipe Pereira Feb 14 '19 at 16:09
  • @pipe you can also flag as NAA in this case – Felipe Pereira Feb 14 '19 at 16:12
  • @FelipePereira I've seen a lot of people park on a street near my house where it's illegal to park. Doesn't mean it's right. If you just want to add something to an answer you can suggest an edit. I'm not flagging this, just downvoting, since it tries to answer the question but is not very useful as-is. – pipe Feb 14 '19 at 16:12
  • @pete, if you think my answer is a clear infrigment of the site policies (as in your parking example) go ahead and flag it (if you haven't done it yet) – Felipe Pereira Feb 14 '19 at 16:24
  • @pipe btw, I provided a clear example of the downsides the OP asked for, if that isn't very useful I just don't know what would be (yes, the general motives of why having the email there is covered in other answer, but a concrete example isn't bad/useless either IMO) – Felipe Pereira Feb 14 '19 at 19:56