I don't get the snatched phone problem in London. Whether it's device or data and the reporting of financial losses. The footage I've seen is the phone is snatched while open.
The hierarchy of data theft value is:
1. Unlocked phone + plaintext passwords in apple notes (what idiot would do that... Oh wait...) = complete compromise
2. Unlocked phone + weak app-level 2FA (SMS to same device) = partial compromise
3. Unlocked phone + proper 2FA = minimal window before timeout/remote lock
4. Maaaaybe OS-level pin code change but at least Android always asks for "current pin" before starting the process. I'd assume that Apple would be the same.
5. Buy giftcards from always unlocked apps like Amazon. = fungible cash
6. Super unlikely that a bank app has not timelocked = fungible cash.
7. Lightning wallets like coinos that let you just send stuff 🙊
The "data vs device" question answer: It's mainly about data, but only when users store credentials insecurely. Then you may get a hackpot, a numbers game. The device itself provides the baseline monetization.
Did I miss anything? I suspect media reports are conflating and clickbaiting.
https://www.theguardian.com/uk-news/2025/oct/11/is-london-in-the-grip-of-a-wave-its-not-so-simple?CMP=Share_AndroidApp_Other