App review: Prey – open source anti-theft solution for PCs, Macs, and phones
Prey lets you keep track of your phone or laptop at all times, and will help you find it if it ever gets lost or stolen. It’s lightweight, open source software, and free for anyone to use. And it just works.
We have all been there, or know someone who has. Having your laptop or smartphone misplaced (or even worse, stolen) can be a very traumatic experience… not only for the value of the hardware itself, but sometimes mainly for all the (sensible) information they usually store. Unfortunately, most users have to go through such experiences before looking for solutions to avoid future similar scenarios.
What if you could not only locate your missing device, but remotely block access to it?
Prey is one of many tracking apps available on mobile application markets, but it differentiates itself for being a free, open source alternative.
How it works
A small client is installed, either on smartphones, or computers (support to PCs, Macs, and Linux). When activated, through Prey’s console (accessible through their website), it launches a series of user configurable actions, to start tracking and/or locking down the missing device.
The report system can use the device’s GPS, wifi, and the mac / IP adresses of the networks it automatically connects to to try and triangulate the device position. Furthermore, it can also periodically snap pictures through the webcam, and grab screenshots of the destkop to facilitate the “investigation”.
Regarding actions, it can sound off a loud alarm for 30 seconds (also useful for misplaced devices), display a text message on the screen (maybe to persuade or threaten the thief), and lock the device down, requiring a deactivation code.
The prey project relies on a “freemium” business model: the basic app is free with a 3 device per account limit. However, they recently rolled out more robust solutions, “pro accounts”, ranging from a personal US$5/month plan to a corporate US$399/month.
Privacy / security issues
A red flag must be raised. By giving such a powerful control over personal devices to a third party software developer, users must know they are fully dependent on the administrators behind the Prey Project. A leak of passwords (as recently witnessed with sony’s very own PSN) could potentially be disastrous for privacy issues. Users can be monitored without their consent, and without a single warning, if some vulnerability is exploited to give unauthorized access to the accounts.
Hands on experience
I logged in prey’s website, and marked my phone as missing. Nothing happened immediately, so I was a bit skeptical about the app’s claims. As I did not have another cell phone, I could not use the SMS activation system. Checking my configurations, it seemed that there was a pre-set 20 minutes interval needed for the app to “phone home” to prey’s servers (paying customers can have this feature “on demand”).
So, I manually checked on my phone that it was missing (why that option is even there is another mystery.) And then, it started working its magic. As configured, the screen locked and asked for my deactivation code. The android taskbar also locks down (although it is still possible to make emergency phone calls.) And changed the report interval to 10 minutes and waited. Strangely, I kept receiving sound alerts for text messages. 10, 15, 20 minutes passed and I still hadn’t recieved a single report. The status on the console warned me that I should “Remember to send the activation signal!” (through SMS), so I was confused as to why my phone was locked, marked as missing, but not sending any reports. Slightly disappointed, I entered the password and called off Prey’s “agents”.
Strangely, there were some problems with my former touch pattern unlock after Prey was disabled. I had to manually reset it.
- easy to setup/use
- user friendly console
- potential security / privacy vulnerabilities
- app kept crashing at the login screen on the Samsung Galaxy SII
- no remote wipe features
Prey Project video introduction: