So, you've bought a new phone and you're planning on selling the old one. After removing the Micro-SD card (if applicable), usually the next step is to perform a factory reset via the settings in the belief that this deletes any and all data stored on the phone. Am I right? Well, it turns out that simply performing a factory reset isn't quite enough because the guys over at Avast have recovered over 40,000 files from 20 Android smart phones bought on eBay.
Jude McColgan, President of Mobile at Avast stated that "The amount of personal data we retrieved from the phones was astounding." And you can understand why he says that when you consider that the following personal information was found (infographic below):
- More than 40,000 stored photos
- More than 1,500 family photos of children
- More than 750 photos of women in various stages of undress
- More than 250 selfies of what appear to be the previous owners manhood
- More than 1,000 Google searches
- More than 750 emails and text messages
- More than 250 contact names and email addresses
- Four previous owners' identities
- One completed loan application
The personal data was discovered through the use of readily available recovery software. You might be asking just how the data was able to be retrieved despite the devices having been factory reset, and how it works is like this: When you delete data, be it off your phone or pc, the data still exists. And unless you overwrite the drive with other data, anyone with access to data recovery software will potentially be able to access your 'deleted' data. It makes for sober reading when I think back to the many Android devices I've sold on over the years. Over 80,000 phones are sold daily in the U.S. alone, that sure is a lot of data up for grabs when you consider that only 14% of Americans install Anti-Virus software on their phones, and only 8% using software to securely wipe their personal data from their device.
Naturally, after having found this security risk, Avast says that they have the solution, you just have to install their Free Avast! Anti-Theft app and make use of the thorough wipe feature to permanently delete and overwrite all files on the device. Of course, you could always perform the following steps to help ensure your data is secure:
1. Encrypt your data!
On your device, go into Settings/Security and click on Encrypt phone. Choose to Encrypt the phone. If your phone supports Micro-SD cards, there should also be an option to encrypt the data stored on the memory card if you don't choose to remove it beforehand. Encrypting your data can take a while, so ensure you either have enough charge left in your battery or that you have a charger handy. Once encrypted, the data can only be unscrambled with a special key.
2. Factory Reset
After encryption, remember to factory reset your device by going into Settings/ Backup & Reset and clicking on Factory Data Reset. When prompted, choose to 'Erase Everything' and let the process finish by booting the device.
3. Overwrite your data with harmless data
Once the device has booted, get hold of some harmless data and transfer it over to your phone or tablet. If you have 11.6GB of storage available, max it out. Remember that the data you are using to overwrite your personal data should be meaningless.
4. Perform another Factory Reset
By performing another Factory Reset, you are erasing the 'fake' content that you previously loaded, adding another layer of deleted data to your device. You can choose to follow steps 2-4 as many times as you like, depending how far down the rabbit hole you want to go.
It has to be noted that if someone really wants to get at the deleted data on your phone, if they have the correct software and enough computing power then they will be able to, ala NSA. All you can do is take reasonable precautions to protect your data, either by making use of the Avast app (or one like it) or wiping your phone manually. Let us know how you protect your data in the comments below or at our Google Plus page.