Word of warning: delete doesn’t mean what it used to. For example, you may think that after hitting factory reset your phone is wiped, and all your personal details and embarrassing holiday photos are out of reach from data thieves forever. You’d be wrong. A recent study found a) that the reset function on Android phones wasn’t actually clearing all the data, and b) enough naked selfies within that data to make you wonder if the internet population is actually ever clothed. So, if you’re getting rid of a phone, or just have things that you would rather be deleted permanently, make sure you’re not so much ‘giving the slate a bit of a wipe’, as ‘dousing it in bleach and setting fire to it’.
Security company Avast looked at 20 smartphone handsets and found that the factory reset – which you might think would wipe everything clean if you were selling the phone or recycling it – doesn’t actually totally wipe the device; what it actually deletes is the signpost that leads you to the area of storage where that data is. To be fair, this is usually enough to keep your data out of the grubby paws of your average snooper, but with special forensic tools there could still be people out there ogling your private details and personal moments.
Google has said that it’s mostly older versions of Android that are affected, which is only about 15% of the market; still, as around 80,000 used smartphones are available to buy online every day, it still makes for a fair few racy selfies floating around out there!
Embarrassment aside, the real worry is that it’s a massive security risk. If a bad egg with the right tools and a bit of time got hold of the things that we store on our phones, they could potentially steal our info and impersonate us. And it’s also just plain creepy.
So, what can you do? For Android versions 3.0 onwards there’s an encrypt function you can use in Settings; doing a factory reset after that will delete the decryption key, so the data can’t be snooped on. Google recommend doing this before selling a device. This works for Apple iPhones and iPads too, but instead of ‘factory reset’ use the ‘erase all content and settings’. The function is optional though, so lots of people might not bother; it’s just another one of those settings nestled away in your phone that you keep meaning to figure out but never quite get round to.
Avast recommends its own app (unsurprisingly) which allows you to completely remote wipe, although it acknowledges that this doesn’t solve the problem if the memory card is removed before you have a chance to do this (especially if the phone is stolen), so it suggests encrypting your data too.
When we delete data at UKFast we do it to government standards, writing over the disk completely several times; the disk is then physically destroyed. If you do need to part with your device, or for information on any current devices, protect yourself as best you can with full disk encryption.
Ultimately though, there’s no way of totally destroying your data, other than taking a sledgehammer to it; so if you have a device that has something private on it, the best bet is to forgo the quick cash you might make in a sale – it could end up costing you later – and physically destroy it. Think of it as a two-for-one – protecting yourself and free therapy!
What are your top tips for protecting yourself before ditching a device?
If you’ve got any questions about the security of your solution call us on 0208 045 4945 or contact your account manager.