Selling a smartphone may leak private information: what you need to do - gHacks Tech News

Selling a smartphone may leak private information: what you need to do

If you are a regular here on Ghacks you know that one needs to be careful when it comes to giving away or selling old devices that were used for storage (read used hard drives still haven for identity theft from 2008 for example)

This can be an external hard drive, an old PC or laptop, or a smartphone or tablet. As long as there is permanent storage, there is the chance that data may be recovered even if you have deleted it or used a reset option to restore a factory state.

The reason why is simple: deleting files does not really remove the files from the storage device it only deletes the pointer to it. The occupied storage space gets overwritten with new data eventually which is the reason why the chance of data recovery drops with age.

Avast ran an experiment recently that came to alarming results. Well, if you are a reader here you know what is coming. The company bought 20 used Android smartphones on eBay and used file recovery software to restore deleted data on those phones.

The result? More than 40,000 photos of which 1500 were of families and children, 750 of woman undressing or naked, and 250 of men photographing their manhood.

In addition, Avast was able to recover 750 emails and text messages, 1000 Google searches, four identities, a completed loan application and more than 250 contact names and email addresses.

sell-smartphone

How did Avast recover the data?

Avast used the forensic tool FTK Imager by Access Data to mount an storage image to analyze it using the forensic tool.

Avast did use three main methods to recover user data:

  • Just mount the device if the owner did not delete any of the data or made no attempt to delete it.
  • Logical analysis to backup the entire data and go through it later on.
  • Low level analysis which looked at an exact, bit by bit, copy of the userdata partition.

Avast did not reveal on how many devices the data was not deleted at all by its pre

What you do about it

The best defense against the attack form is to keep your devices or destroy them properly instead of giving them away or selling them.

This may however not always be possible. If the device supports external storage, you may want to add extra storage to it and save all important databases, files, and other data to the extra storage and not the internal one.

Before you sell the device you'd simply remove the extra storage card from it and with it all the data that you stored on it.

Any data that you stored on internal storage can be deleted using secure deletion software or apps. The following is just a selection of applications that you may use for that purpose.

Android apps

  1. Secure Erase with iShredder supports several file overwrite algorithms to delete files so that they cannot be recovered.
  2. Secure Wipe will overwrite free space to make any deleted data un-restorable.
  3. Avast Anti-Theft supports a wipe feature that can erase the phone's memory so that it cannot be recovered by data recovery software.
  4. Secure Deletion for Android (€2.20) makes sure that deleted data is erased in a way on the phone that it cannot be stored anymore.

iPhone apps

  1. iShredder is also available for iOS.
  2. According to some sources, selecting Settings > General > Reset > Erase all Content and Settings is enough on iOS to securely delete all data.

Closing Words

You may want to test how well the wiping went. This usually comes down to connecting the device to a computer, enabling USB debugging, and running data recovery on the computer on the connected storage cards of the mobile device.

Check out this guide for Android for example which walks you through the steps. You can also read Avast's guide on how the company investigated the Android devices that it purchased on eBay here.

Summary
Article Name
Selling smartphones may leak sensitive information: what you need to do
Description
Read why it is important to delete the data on your mobile device securely before you give it away or sell it.
Author
Publisher
g
Logo
Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post: »

Comments

  1. Andrew said on July 10, 2014 at 12:06 am
    Reply

    For Android, instead of an App, I guess you could just encrypt your phone, then wipe it and sell it. Though, I am not sure if the encryption on android automatically encrypts “free” space.

    The rate is low that someone would try to recover data instead of just wanting to use your old phone, but it’s better safe than sorry.

  2. Tim said on July 10, 2014 at 2:22 am
    Reply

    Don’t smartphones use solid-state memory? If so, surely secure deletion software will be useless due to wear-levelling?

    The only real solution is full device encryption that encrypts the entire storage space, so that any recovered data will be useless without decryption key.

  3. ilev said on July 10, 2014 at 6:50 am
    Reply

    Selling an ANDROID smartphone….. iOS smartphones are encrypted and you can’t restore data from wiped iPhone/iPad.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.