The average user’s upgrade cycle for smartphones and tablets is around two years. If the old device is still in good shape once the user upgrades, individual users and small businesses usually sell it or pass it along to someone else. Big companies send obsolete devices to companies that specialize in recycling end-of-life electronics. Most users just perform a factory reset before sending the device on its way, but a recent finding by security software company Avast illustrates that this assumption is false.
Avast employees purchased 20 used smartphones from eBay and used readily-available data recovery software to browse through the wiped devices using a PC. They were able to recover over 40,000 photos, 750 messages and 250 contacts. They also managed to identify four previous users and found a completed loan application with enough information to perpetrate identity theft.
Why wiping your device doesn’t delete your data
The factory reset or wipe feature on an Android device doesn’t actually remove the data from the device’s storage. When it comes to deleting files, the system Android uses is very similar to the hard drive on a computer. It uses an index of pointers to keep track of the location of different files. When you wipe your device, the operating system only resets the pointers and marks the space open for overwriting. The actual information is still present until the device overwrites the space. Until then, anyone with access to the device, a computer, a data cable and the right software can find and open the deleted files.
How to make sure your information is gone for good
1. Enable Encryption on Your Device
Google included a standard encryption feature starting with Android 3.0. When you encrypt the data before wiping the device, the device prompts you to enter an encryption key. Without the key the information is unreadable. The default location for this setting in stock Android is Settings>Security>Encryption. Device manufacturers and developers can customize Android to their own specifications, so check the manual or contact support if you can’t find it.
2. Save personal files on a removable memory card
If your device has a memory card slot, use a microSD card to store your photos, videos and other personal files. When you remove the memory card, the data goes with it.
3. Load junk data
After wiping your device, use a computer to transfer files into the memory and fill up the available storage space. Any large file without sensitive information will work. After the transfer is complete, wipe the device again. Doing this will overwrite your personal files, so anyone trying to browse through them will only find the junk files.
4. Install adequate security software
Avast’s has a vested interest in pointing out the problem because they provide a free Android app that allows you to secure your device and permanently delete the data. For an added fee there are other useful services such as remotely wiping the data in case you lose the device. They aren’t the only game in town, so browse through the Google play™ store and choose an app that fits your needs.
When you decide it’s time for an upgrade and want to dispose of your old Android device, don’t just wipe it and consider the job done. Take a few minutes to clear the data the right way and you won’t have to worry about the new owner getting your personal information.