The mystery of Google's app for wiping and locating phones

Late last week the media predicted the imminent launch of a new Google application for Android phones that would allow users to locate or wipe their devices.

The Register wrote, "Google has announced that it will begin offering a free device location and security service for Android phones and tablets for the first time later this month, addressing a longstanding (sic) omission in Mountain View's mobile OS."

Such security features are often included with anti-malware applications, while there are also dedicated apps that provide only the location and memory-wiping abilities.

The news that Google was going to launch its new Android Device Manager security service and application made me a little confused. I thought it already had put out something similar ages ago. In fact I remember seeing an app called Google Apps Device Policy on pretty much every device that I've used.

Here is Google's description of Google Apps Device Policy:

***THIS APP IS FOR GOOGLE APPS FOR BUSINESS, EDUCATION, AND GOVERNMENT USERS ONLY***

Google Apps Device Policy makes your Android device more secure

* Ring or locate a lost device via My Devices (https://www.google.com/apps/mydevices)

* Remotely lock device or change pin

* Administrators can enforce security policies and remotely wipe devices

The app is clearly only available to use for those who pay for Google Apps. Indeed, if you visit the URL above you'll see a message verifying that fact.

My confusion was compounded, however, when I came to verify the name of the app before writing this article. My current phone and tablet, a Nexus 4 and Nexus 7, are running the latest version of Android (4.3) and now no longer show Google Apps Device Policy as being available.

As the first screenshots above show, though, the program was certainly installed at some point. In fact it has been installed not only on the devices I use day to day but also on the first Android phone I ever bought and all devices bought since.

It's great news that ordinary users will have access to these features. It's just a little surprising that a similar, installed product seems to have become invisible or been removed.

Choosing a secure PIN

Credit, debit and ATM cards are usually protected by a four-digit number.

This Personal Identification Number (PIN) is supposed to prevent an unauthorised person from using the card.

Choosing a good PIN makes a great deal of sense. Here's how to pick a good one, or at least how to avoid a bad one.

It seems that good sense is lacking with many people, who use predictable PINs such as 1234, 1111 and 0000.

How do we know this? Nick Berry, from DataGenetics, analysed passwords that had been leaked onto the internet. He concentrated on the four-digit passwords, working on the fair assumption that if people are using four-digit passwords for internet services then there will be some correlation between their choices and the numbers people choose for bank cards and other systems that use four-digit PINs.

He discovered that, out of 3.4 million records, the three sequences above were by far the most common. They were almost certainly chosen with intent, rather than being generated randomly.

The top 20 PINs accounted for 26.83 per cent of all passwords in the database, which means that a bad guy would only need to try 20 codes to achieve success in one quarter of sessions.

Within the top 20 you will find all repeated sequences of a single number: 0000, 1111, 2222, 3333, 4444, 5555, 6666, 7777, 8888, 9999.

So in other words, if you want to guess someone's PIN try each of the above sequences in turn and you stand a very good chance of success.

The least popular choice was 8068. So we should all start using that one, right? Definitely not. As Nick writes:

Warning - Now that we’ve learned that, historically, 8068 is (was?) the least commonly used password 4-digit PIN, please don’t go out and change yours to this! Hackers can read too! They will also be promoting 8068 up their attempt trees in order to catch people who read this (or similar) articles.

The key to a secure PIN is to choose one that is not predictable. So maybe looking at the most- and least-used ones published in such articles is a good idea so that they can be avoided. You want your PIN to be lost in the middle ground.

One quite amusing part of Nick's research is that the number 2580 crops up fairly high on the list, at #22 Look at your telephone key pad to discover why this is a popular choice.

I know of at least one PIN-protected door to which no-one who uses it can tell you the PIN. They have all memorised the combination using a visual pattern (e.g. top left, bottom-right, middle-right, middle-left) rather than by the numbers (1964).