Naked Selfies Found On Factory-Wiped Android Phones. Here's What To Do To Protect Yours

If you’re planning to sell or give away your old Android phone, be aware that a factory reset isn't enough to safely wipe your data. A security firm dug through some old Android phones, and came up with plenty of unmentionables.

Cover image via fastcompany.net

Alarming news about the security of Android phones which are sold on sites like eBay but contain personal information of the previous owner(s) has surfaced this week in several news stories

Selling your smartphone is an quick way to make some cash. But a study published earlier this week by the security firm Avast, in which the firm bought some used Android phones and recovered thousands of "erased" personal files, stands as a good reminder that you have to think carefully before you sell.


Thousands of photos including naked selfies have been extracted from factory-wiped phones by security firm Avast. The study looked at 20 phones made by HTC, Motorola, Samsung and LG.

Older, second-hand smartphones are at greater risk of their "wiped" data extracted

Image via bbcimg.co.uk

The firm, called Avast, used publicly available forensic security tools to extract the images from second-hand phones bought on eBay. Other data extracted included emails, text messages and Google searches.


According to Avast researchers reached Thursday, the phones ran several different versions of Android. Some, the company said, were running Android Gingerbread (version 2.3); most were at least up to Android Ice Cream Sandwich ( versions 4.0.3-4.0.4).


Most smartphones come with a "factory reset" option, which is designed to wipe and reset the device, returning it to its original system state. However, Avast has discovered that some older smartphones only erase the indexing of the data and not the data itself, which means pictures, emails and text messages can be recovered relatively easily by using standard forensic tools that anyone can buy and download.


Of 40,000 stored photos extracted from 20 phones, more than 750 were of women in various stages of undress, along with 250 selfies of "what appears to be the previous owner's manhood"

Image via craveonline.com

There was an additional 1,500 family photos of children, 1,000 Google searches, 750 emails and text messages and 250 contact names and email addresses.


The company said: "Deleting files from your Android phone before selling it or giving it away is not enough. You need to overwrite your files, making them irretrievable." It was not made clear by Avast whether they extracted data from all 20 phones.


Google said in a statement that it doesn't believe that the study reflects the "security protections in Android versions that are used by the vast majority of users," given the older operating systems

Google responded that Avast used outdated smartphones and that their research did not "reflect the security protections in Android versions that are used by the vast majority of users".


According to the Android Developer's Web site, more than 74 percent of all Android users run some version of Android Jelly Bean (4.1- 4.3) or Android Kit Kat (4.4)


The solution to stop this problem is actually simple. On a modern Android phone, all you need to do before you sell it on eBay is enable encryption on the device.

Image via wordpress.com

Once the phone has encrypted its storage, you can then reset it. This will destroy the encryption key, and will render the files left on the storage as totally unreadable. It’s always worth encrypting your phone anyway, as it will prevent people accessing your data if your handset is lost or stolen.


If your phone or tablet doesn't support encryption, then you can download apps that promise to securely wipe your storage

Image via dailymail.co.uk

These may or may not work completely, so stick with products from names you trust, like anti-virus companies. The news of this security problem initially came from Avast, which bought several pre-owned phones from eBay and then recovered data. It has a tool it claims can wipe data securely, available free on Google Play.


The other, fairly tedious, option is to wipe your phone, then when that’s done use a PC to fill the internal storage with junk

This could be data that isn’t sensitive, like a movie, or other large file, and keep putting this sort of file on your device until the storage is full. This will overwrite the sensitive data, and then when you wipe the phone for a second time anyone trying to recover your data will simply get access to the junk data.


It's easy to worry about this sort of thing, but it's also better to know about it. Here's couple of more advice you shouldn't ignore.

Image via dailymail.co.uk

Regardless of your operating system, however, in addition to resetting it, there are some steps to take before selling or trashing your phone in order to keep your personal data protected.


Take out the SIM card. The SIM card in your phone is tied to your particular plan -- so there's no reason why the next owner should want it, and hanging on to it ensures that messages that messages sent to your old phone don't end up with someone else.


Have removable memory? Remove it. Many Android phones offer users the option of using an SD card to augment the amount of storage on their phones. Before you sell or get rid of your phone, be sure to take back any memory card you've put in, to make sure that your files stay with you.


Some other privacy-related stories on SAYS you shouldn't miss out on reading: