Before selling a used smartphone, most users take the time to erase personal data contained on the devices to prevent anything from falling into the hands of strangers. Most smartphones come with an option for doing this built right into the operating system, but a newly-discovered flaw in how Android handles the process could allow anyone to recover your personal information, including text messages, social media data, and a lot more.
How much more, exactly? According to researchers at security software maker Avast who purchased 20 smartphones from eBay, they were able to recover over 40,000 photos, 750 emails and text messages, and even a completed loan application. A few hundred contact entries were also pulled from the phones, and the original owners of four of the devices were found using the recovered information. That’s not even the worst part…
The researchers didn’t need professional-grade data forensics tools to pull all of this information from the phone. The data can be easily recovered from a wiped Android device by just about anyone using a few public data recovery tools. CNET specifically notes that FTK Imager is one of the apps capable of recovering the supposedly-deleted data. The only fix for this specific problem—for now, at least—is to use a third-party app to wipe your phone before sending it off to a new home.
CNET has posted a tutorial that covers a few steps you can take to better secure your personal info. The steps include encrypting the phone’s data, which requires a PIN code or password to unlock. Without that code, it would be difficult for malicious users to make sense of the recovered data.
The tutorial also encourages wiping the phone, loading fake data, and then erasing it again. While this won’t necessarily hide all of your own data, it could make it more difficult for anyone looking for your details to tell the real from the fake.