A number of measures have been defined to diminish the risks relating to this type of problem. If a device is not returned, it is recommended to perform the following steps:
If the owner can retrieve their device, they should treat it as untrustworthy and even compromised, as they cannot know who has had access to it. If you suspect any kind of malicious installation, it is important to reinstall the software or even migrate all the data to a new device. The First Aid kit describes several measures that should be taken if the device is returned after a certain amount of time: http://www.circl.lu/pub/dfak/DevicesSeized/.
Prevention remains key to lessen the risks when a device is lost, stolen or seized. Simple actions are recommended to protect data, such as encryption, passwords, locking with a PIN code for telephone, tools that enable data to be deleted remotely, the installation of theft alarm software.