Selling a smartphone may leak private information: what you need to do

If you are a regular here on Ghacks you know that one needs to be careful when it comes to giving away or selling old devices that were used for storage (read used hard drives still haven for identity theft from 2008 for example)

This can be an external hard drive, an old PC or laptop, or a smartphone. As long as there is permanent storage, there is the chance that data may be recovered even if you have deleted it or used a reset option to restore a factory state.

The reason why is simple: deleting files does not really remove the files from the storage device, it only deletes the pointer to it. The occupied storage space gets overwritten with use eventually which is the reason why the chance of data recovery drops with age.

Avast ran an experiment recently that came to alarming results. Well, if you are a reader here you know what is coming. The company bought 20 used Android smartphones on eBay and used file recovery software to restore deleted data on those phones.

The result? More than 40,000 photos of which 1500 were of families and children, 750 of woman undressing or naked, and 250 of men photographing their manhood.

In addition, Avast was able to recover 750 emails and text messages, 1000 Google searches, four identities, a completed loan application and more than 250 contact names and email addresses.


What you do about it

The best defense against the attack form is to keep your devices or destroy them properly instead of giving them away or selling them.

Read also:  Malwarebytes Anti-Exploit Standalone information

This may however not always be possible, and the next best option after that is to use secure deletion software or apps.

Android apps

  1. Avast Anti-Theft supports a wipe feature that can erase the phone's memory so that it cannot be recovered by data recovery software.
  2. Secure Deletion for Android (€2.20) makes sure that deleted data is erased in a way on the phone that it cannot be stored anymore.
  3. Secure Erase with iShredder 3 supports several file overwrite algorithms to delete files so that they cannot be recovered.
  4. Secure Wipe will overwrite free space to make any deleted data un-restorable.

iPhone apps

  1. iShredder is also available for iOS.
  2. According to some sources, selecting Settings > General > Reset > Erase all Content and Settings is enough on iOS to securely delete all data.

Closing Words

You may want to test how well the wiping went. This usually comes down to connecting the device to a computer, enabling USB debugging, and running data recovery on the computer on the connected storage cards of the mobile device.

Check out this guide for Android for example which walks you through the steps. You can also read Avast's guide on how the company investigated the Android devices that it purchased on eBay here.

Article Name
Selling smartphones may leak sensitive information: what you need to do
Read why it is important to delete the data on your mobile device securely before you give it away or sell it.

Please share this article


Responses to Selling a smartphone may leak private information: what you need to do

  1. Andrew July 10, 2014 at 12:06 am #

    For Android, instead of an App, I guess you could just encrypt your phone, then wipe it and sell it. Though, I am not sure if the encryption on android automatically encrypts "free" space.

    The rate is low that someone would try to recover data instead of just wanting to use your old phone, but it's better safe than sorry.

  2. Tim July 10, 2014 at 2:22 am #

    Don't smartphones use solid-state memory? If so, surely secure deletion software will be useless due to wear-levelling?

    The only real solution is full device encryption that encrypts the entire storage space, so that any recovered data will be useless without decryption key.

  3. ilev July 10, 2014 at 6:50 am #

    Selling an ANDROID smartphone..... iOS smartphones are encrypted and you can't restore data from wiped iPhone/iPad.

Leave a Reply