Yottabytes: Storage and Disaster Recovery

Jul 11 2014   6:21PM GMT

Let’s Blow &(*&(*& Up, the Sequel: Your Smartphone

Sharon Fisher Sharon Fisher Profile: Sharon Fisher

Tags:
privacy
Security

We’ve written before that if you’re going to depurpose a laptop, or a hard drive, or a printer, that you really need to blow that sucker up, using at least two methods, to ensure that the data is really, truly, gone.

Turns out the same is true of your smartphone.

Mobile security vendor Avast reportedly bought smartphones on eBay (much like researchers have done with hard disk drives and printers) and discovered that, even though they’d been wiped and returned to factory settings, personal data on them was still visible.

Some very personal data.

We purchased 20 used Android phones off eBay and used simple and easily available recovery software to restore deleted files,” the company writes in its blog. “The amount of data we were able to retrieve was astonishing and proves that simply deleting is not enough.” It consisted of more than 40,000 photos, including more than 1,500 children, more than 1,000 Google searches, more than 750 email and text messages, more than 250 contact names and email addresses, four previous owners’ identities, and one entire completed loan application.

Oops.

This was true across a wide variety of smartphones and operating systems, and even when Avast did the factory reset itself, noted the Houston Chronicle.

What’s grabbed people’s attention the most about this isn’t the passwords, banking information, or phone numbers, but some of the photos — “more than 750 photos of women in various stages of undress” and “more than 250 selfies of what appear to be the previous owner’s manhood.”

Ew.

(And just so “naked selfies” doesn’t set off the NSFW filter at work, we’ll call them “data” from here on out, ‘k?)

By the way, according to Avast, there’s 80,000 used smartphones on eBay every day. (And then there’s handing it down to your kid. Can you imagine what would happen if they found your “data”? Think of the tears. Think of the trauma. Think of the emotional scars. Not to mention the effect on the kid.)

Consumer Reports also performed a study recently noting that 34% of smartphone owners did nothing to protect their phones, while 8% installed remote wipe software and 7% installed other protection such as encryption.

Admittedly, Avast has its own ax to grind here — turns out they have software that just so happens to take care of the problem, though to give them credit it’s free — but we will assume for the moment that they legitimately bought used smartphones on eBay and still found “data” on them without a whole lot of effort (though they did say they needed to root most of the phones to do so).

That stipulated, just what is it we’re supposed to do with the old smartphone when we buy a new one, to ensure that any “data” you have can’t be seen by a new purchaser? Or do you really have to destroy your old smartphone rather than getting a few bucks out of it, as though you were going for a OnePlus One?

  • You can encrypt the phone and then reset it, which will make the data unreadable. Google noted that encryption has been available for at least three years, though it is optional.
  • You can delete the files and then fill up the memory videoing the ceiling or something, and then delete the files or wipe the phone again.
  • There are apps besides Avast’s that will do the job.

Incidentally, iPhone owners smugly noted that all the phones in question were Androids. “In contrast, iPhones use a hardware encryption, so when the encryption key is destroyed on a reset, the data is very hard to recover,” writes John Martellaro in MacObserver. “Not so for Android phones apparently.” Older devices, which don’t support encryption by default, overwrite the data, according to Apple.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: