It looks like it sniffs the phone for unencrypted data stored locally.

A lot of defences assume that the attacker doesn't have the unlocked device. It may be using weaknesses in the OS authentication mechanism.

Wiping your phone would be a pain but I'd do it in a heartbeat if I was picked up.