Androids Factory Reset Doesnt Delete Personal Data

logo-horiz-gray-CMYK-30mmSecurity software provider Avast has used forensic data tools to show that sensitive information sellers believe they deleted is still easily accessible.

The company bought 20 used smartphones whose previous owners had performed a factory reset or delete all operation on. While the sensitive data that was contained on the phones appeared to be removed, using forensic data tools that are easily downloaded for free via the internet, the company was able to recover a wealth of information.

Among the data Avast recovered was more than 40,000 stored photos, including 750 explicit images of women and 250 of men, over 1,000 Google searches, and more than 750 emails and text messages, with over 250 associated contact names and email addresses. Avast was able to piece together four of the previous owners identities using the information, and even recovered a completed loan application filled out by one user.

“The amount of personal data we retrieved from the phones was astounding. We found everything from a filled-out loan form to more than 250 selfies of what appear to be the previous owners manhood,” said Jude McColgan, president of mobile at Avast. “We purchased a variety of Android devices from sellers across the US and used readily available recovery software to dig up personal information that was previously on the phones.

“The take-away is that even deleted data on your used phone can be recovered unless you completely overwrite it. More than 80,000 used smartphones are for sale daily on eBay in the US. Along with their phones, consumers may not realise they are selling their memories and their identities

“Images, email, and other documents deleted from phones can be exploited for identity theft, blackmail, or for even stalking purposes. Selling your used phone is a good way to make a little extra money, but its potentially a bad way to protect your privacy.”

Android versions 3.0 and upwards offer a setting that can encrypt a phone with a password meaning that anyone purchasing it would require the code to access the information. Avast did not make it clear what make of handsets they purchased during their tests.