Naked Selfies Found On Factory-Wiped Android Phones. Here's What To Do To Protect Yours

Selling your smartphone is an quick way to make some cash. But a study published earlier this week by the security firm Avast, in which the firm bought some used Android phones and recovered thousands of "erased" personal files, stands as a good reminder that you have to think carefully before you sell.

The firm, called Avast, used publicly available forensic security tools to extract the images from second-hand phones bought on eBay. Other data extracted included emails, text messages and Google searches.

bbc.com

According to Avast researchers reached Thursday, the phones ran several different versions of Android. Some, the company said, were running Android Gingerbread (version 2.3); most were at least up to Android Ice Cream Sandwich ( versions 4.0.3-4.0.4).

Most smartphones come with a "factory reset" option, which is designed to wipe and reset the device, returning it to its original system state. However, Avast has discovered that some older smartphones only erase the indexing of the data and not the data itself, which means pictures, emails and text messages can be recovered relatively easily by using standard forensic tools that anyone can buy and download.

theregister.co.uk

There was an additional 1,500 family photos of children, 1,000 Google searches, 750 emails and text messages and 250 contact names and email addresses.

bbc.com

The company said: "Deleting files from your Android phone before selling it or giving it away is not enough. You need to overwrite your files, making them irretrievable." It was not made clear by Avast whether they extracted data from all 20 phones.

time.com

Google responded that Avast used outdated smartphones and that their research did not "reflect the security protections in Android versions that are used by the vast majority of users".

According to the Android Developer's Web site, more than 74 percent of all Android users run some version of Android Jelly Bean (4.1- 4.3) or Android Kit Kat (4.4)

Once the phone has encrypted its storage, you can then reset it. This will destroy the encryption key, and will render the files left on the storage as totally unreadable. It’s always worth encrypting your phone anyway, as it will prevent people accessing your data if your handset is lost or stolen.

These may or may not work completely, so stick with products from names you trust, like anti-virus companies. The news of this security problem initially came from Avast, which bought several pre-owned phones from eBay and then recovered data. It has a tool it claims can wipe data securely, available free on Google Play.

This could be data that isn’t sensitive, like a movie, or other large file, and keep putting this sort of file on your device until the storage is full. This will overwrite the sensitive data, and then when you wipe the phone for a second time anyone trying to recover your data will simply get access to the junk data.

Regardless of your operating system, however, in addition to resetting it, there are some steps to take before selling or trashing your phone in order to keep your personal data protected.

Take out the SIM card. The SIM card in your phone is tied to your particular plan -- so there's no reason why the next owner should want it, and hanging on to it ensures that messages that messages sent to your old phone don't end up with someone else.

theconversation.com

Have removable memory? Remove it. Many Android phones offer users the option of using an SD card to augment the amount of storage on their phones. Before you sell or get rid of your phone, be sure to take back any memory card you've put in, to make sure that your files stay with you.