Beware! Your Personal Information Can Still Be Retrieved From Factory Reset Android Devices

Thinking of selling your old flagship Android smartphone to get the newer flagship model? Before you advertise your model at eBay and sell it you may want to read this article first. When selling a used smartphone you would usually perform a factory reset which will supposedly delete all data stored and return the device to its original state. Well, this isn’t the case as Avast bought a couple of Android smartphones at eBay which had already undergone a factory reset but the personal information of the previous owners were still extracted from the device.

Pile of smartphones

Security software vendor Avast is now questioning the effectiveness Android’s factory reset as they were able to mine data from used smartphones they bought from eBay. Some of the data that they were able to access were photos, emails, text messages, addresses, Facebook accounts, and more. One smartphone had a security software installed but that wasn’t enough to protect its data.

According to Avast mobile division president Jude McColgan “Users thought they were doing a clean wipe and factory reinstall.” This however only clears the data at the application layer. The scary art is that no special tools were used in extracting the information. What the team over at Avast used were off the shelf software that are available to the public.

McColgan added that “More than 80,000 used smartphones are for sale daily on eBay in the U.S. Along with their phones, consumers may not realize they are selling their memories and their identities. Images, emails, and other documents deleted from phones can be exploited for identity theft, blackmail, or for even stalking purposes. Selling your used phone is a good way to make a little extra money, but it’s potentially a bad way to protect your privacy.”

Avast researchers Jaromir Horejsi and David Fiser wrote in their report that “Although at first glance the phones appeared thoroughly erased, we quickly retrieved a lot of private data. In most cases, we got to the low-level analysis, which helped us recover SMS and chat messages.”

The information gathered from the 20 used smartphones bought by the company are as follows

  • More than 40,000 stored photos
  • More than 1,500 family photos of children
  • More than 750 photos of women in various stages of undress
  • More than 250 selfies of what appear to be the previous owner’s manhood
  • More than 1,000 Google searches
  • More than 750 emails and text messages
  • More than 250 contact names and email addresses
  • Four previous owners’ identities
  • One completed loan application

Before selling your used Android smartphone make sure to weigh in the risks involved.

via zdnet