I lost my Android phone on vacation that was in airplane mode (Moto G5, v7 updated). It was protected by fingerprint and swipe. I almost always use the fingerprint to unlock, but do very occasionally use the swipe.
I locked it online remotely and remotely logged out of it when I realized it was lost several hours later. The timeout interval should be only 1 or 2 minutes.
I was hoping to recover it in some fashion, so I didn't remotely wipe it, secure in the knowledge that it couldn't be unlocked.
So I was surprised to be contacted two days (!) after I lost it on my other devices and accounts via an instant messaging app on the phone by someone who claimed to have found the phone and was looking for the owner.
In shock I didn't reply and quickly used Device Manager to remotely wipe the phone immediately. I also changed all my Google passwords for the accounts on the phone. I checked the Gmail logins and noticed none outside of my possession. I also checked Google Maps timeline and didn't see anything outside of my possession. Oddly, though, in Device Manager I clearly did see the phone located in the city I lost it, but a distance away from where I was.
A few questions:
- How could a locked phone with a recent Android OS be unlocked, taken out of airplane mode, and home screen accessed?
- How could the remote lock not work, assuming somehow someone opened up the phone within the lockout interval?
- I saw the phone in the city I lost it on Device Manager (where I executed the remote wipe). How could it be there, but nowhere visible in my Google Maps timeline or Gmail login history?
- Is there something I might be forgetting to do security wise?
Thank you.