Anyone who has sold a smartphone has (hopefully) used the Factory Reset feature to wipe all personal data before handing their old device to a complete stranger. Security firm Avast has found that this may not enough when it comes to Android devices.
The firm bought 20 Android devices from eBay and used “simple and easily available recovery software” in a bid to restore as much data as it could. Their analysts were able to restore more than 40,000 photos including more than 1,500 of children and more than 250 selfies of “what appear to be the previous owner’s manhood,” 750 emails and text messages, four previous owners’ identities and even a completed loan application.
As the old saying goes, a picture is worth a thousand words. Now add private Facebook messages that include geo-location, Google searches for open job positions in a specific field, media files, and phone contacts. Put all of these pieces together to complete the puzzle and you have a clear picture of who the former smartphone owner was. Stalkers, enemies, and thieves can abuse personal data to stalk, blackmail and steal people’s identities. They can use this information to watch people’s every move, exploit their strange fetishes, open credit cards in their name, or even continue what they started by further selling their personal information online.
According to Avast mobile division president Jude McColgan, an Android factory reset only applies “at the application layer.” While the data appears to have been deleted at first glance, anyone with a bit more knowledge and the right off-the-shelf digital forensics software can recover data that should have been wiped out. According to Avast, the only way to truly remove the data is to overwrite it.
Needless to say, Avast recommends that it’s not enough to use the factory reset feature. It so happens that Avast overs an app called avast! Anti-Theft. The app is free but also offers a number of premium services that must be purchased. A look on Google Play reveals that it’s not the only app purporting to offer such protection.
More than 80,000 smartphones are put up for sale in the U.S. alone on any given day. That could translate to a lot of personal data easily available to hackers.