According to Google... Nothing. Unfortunately most Android devices have a feature where you can place a device in Airplane mode by simply pressing the power button until a menu pops up (allowing you to shut off the device, reboot, airplane mode, etc.) To me... this is a simple error that can be corrected. If a thief were to steal your phone from a bus stop, they could easily take your device and pace it into airplane mode. Forget about how easy it is to wipe a device from recovery mode (in case they want to steal it later), let's assume they want to recover the information from your device using one of the many attack methods to do so.
But you're smart, you have Cerberus, or Lookout, or one of the many other Device Protection apps installed. Unfortunately, very few of them prevent against Brute Force Pin/Password entry attempts and if your device is in Airplane more, you're screwed. That means you can't remote lock/wipe your device and that your device and all it's data is in the hands of an attacker... even if it's encrypted. So what are you to do if an attacker Brute Forces your PIN using inexpensive software/hardware, like I did with the Arduino-based DigiSpark?
The answer is not much... Google/Android need to allow users to prevent attackers from gaining entrance to their systems after a number of attempts, similar to iOS.
iOS allows users to have their data wiped after 10 failed attempts. This should be more than enough for a user to remember their password and less than enough for a Brute Force Attack on a 4-Digit PIN (4 digits = 10,000 combinations). This is one simple solution to resolve this issue. But preventing more than 10 PIN/password entries would only prevent some attacks-- it still wouldn't give an end user confidence thar their device is wiped of their personal data on their terms.
The other issue with the bus stop theft problem is if an attacker were to simply put your device in airplane mode.... even if it were locked. It's so simple, AOSP/Android needs to require Pattern/PIN/Password entry before changing the state of the Wifi/Bluetooth/Cellular radios. It's not often that a user would find themselves unable to place their own device in airplane mode and forget their own unlock code. If a bus stop attacker wanted to prevent you from locking/locating/wiping your device remotely, all they would need to do is simply place your phone in "airplane mode."
Google/Android Team... I urge you. Fix these two issues.
Allow users to wipe their devices after a number of failed attempts. Don't rely on Third Party MDMs (mobile Device Managers), such as Citrix Xenprise to handle this.
require Pattern/PIN/Password entry if the device is locked and attempting to enter airplane mode.
It's really that simple.
There are many other deeper/complex issues to resolve, but these two: dealing with Android's Airplane mode and Passcode Unlock Attempts are by far the easiest and most impacting of issues to resolve.
