Used Android phones give up a lot of information about their previous owners

Shawn Knight

Posts: 15,240   +192
Staff member

android ebay smartphone avast security factory reset used smartphone

Selling used hardware with a storage aspect is always a risky proposition. Sure, you formatted that hard drive, securely erased the SSD or factory reset your Android device before parting with it on eBay or Craigslist but did the process actually work?

A recent study from security software vendor Avast may make you think twice, especially if you're dealing with an Android smartphone. As part of the study, the firm purchased 20 used Android handsets on eBay with the intent of seeing what sort of data they could scrape from previously owned devices.

The results are a bit alarming.

Among the recovered data included some 40,000 photos (yes, some were nudes), 750 e-mail and text messages, 250 names and addresses and even a completed loan application. As VentureBeat points out, one of the phones had some sort of security software installed but it was this handset that gave up some of the most valuable information of the lot.

Avast was not only able to identify the previous owner, they gained access to his Facebook account, gathered where he had been using GPS data and found contact information from more than a dozen of his closest friends and family. The guy also apparently had an appetite for kinky adult material.

Keep in mind that all of this was gathered from phones that had been wiped / factory reset. Ouch.

The problem is that when you delete a file, it's not really gone. All you're doing is erasing the data that points to the file and marking the space as available. Until that space has been overwritten, the information stored there can be recovered.

Permalink to story.

 
So would it be secure to, after flashing or wipping the device copy a large encrypted file to use all the remaining free space in order to overwrite it and then deleting it again?

Could the material from the first wipe be recoverable if I already overwrote the "free space" that had the information?
 
This isn't surprising. I recover partitions that have been formatted and removed all the time using Test disk. It's rare for somebody to completely remove data from a hard drive.
 
Every single smartphone feeds ALL of your data to Uncle Sam. Every text, every picture, everything you do, from the hobbies you like to the things you search, even your location 24/7. Nothing and I mean NOTHING is secure or private. Blackberry, iPhone, Droid, etc etc, it don't matter what you have or what you have done to your phone.
Enjoy your new shiny smartphone! :)
 
This is probably the case for every smartphone though. Isn't deleted data not completely gone until something is rewritten over it? That is probably the case with all forms of storage, no matter the OS.
 
Why would Avast do this? I mean it's ok they found out what they can do but why would they get all his data, pictures and his Facebook account and personal information? Did they take some cash from the credit card information aswell?
 
Why would Avast do this? I mean it's ok they found out what they can do but why would they get all his data, pictures and his Facebook account and personal information? Did they take some cash from the credit card information aswell?

For security research purposes.
 
Why would Avast do this? I mean it's ok they found out what they can do but why would they get all his data, pictures and his Facebook account and personal information? Did they take some cash from the credit card information aswell?
Most likely o be able to sell a new software that garanties a wiped phone.

btw its kinda ironic that the topic says Android but the article pic is clearly an iphone....
 
This information also applies to computer hard drives. I have software that will recover deleted files, even from a formatted drive. There is software for the PC where you can safely erase files that will actually fill the data area of the drive so that it is gone. I don't know if it exists for cell phones though. I imagine it wouldn't be too difficult to create software like this though.
 
Why would Avast do this? I mean it's ok they found out what they can do but why would they get all his data, pictures and his Facebook account and personal information? Did they take some cash from the credit card information aswell?
Most likely o be able to sell a new software that garanties a wiped phone.

btw its kinda ironic that the topic says Android but the article pic is clearly an iphone....

I doubt very much it makes a difference as this pretty much applies to most file systems on most devices, including computers, it just so happens that they tested Androids in this one. The way most file systems work is all your stored files are listed in a directory on your drive, each file has a pointer which points to the first block of drive space the file uses (they can be scattered all over the drive), and those blocks point to the next etc. When you delete a file(s) it merely erases the information in that directory which points to the file and marks those blocks as free to be used again, but it doesn't erase them. You can get software to actually erase them. This is mainly for speed, and under normal operation, those blocks will get used again and the data gone, but it can be recovered. On the PC there is software called "Recover MyFiles" which will even recover data from a formatted drive. This isn't an Android specific problem, it has been around since PCs (and cell phones) were first made.
 
The absolute best way to wipe a smartphone:

1. Place phone on flat surface.
2. Take a sledgehammer and give the phone between 2 and 25 wacks.
3. Sweep pieces of phone into garbage bag.
4. Set garbage bag in fire, thoroughly melting phone.
5. After phone cools, repeat step 2
6. Take phone to nearest water source that is at least 20 feet deep.
7. Drop phone into water.
8. Go and have your favorite adult beverage.
 
This is probably the case for every smartphone though. Isn't deleted data not completely gone until something is rewritten over it? That is probably the case with all forms of storage, no matter the OS.
btw its kinda ironic that the topic says Android but the article pic is clearly an iphone....
Doesn't even apply to any iPhones, the secure wipe either deletes the encryption keys for hardware encrypted phones (anything from the 3GS on) or it actually overwrites all the data.

Source: http://support.apple.com/kb/ht2110
 
Doesn't even apply to any iPhones, the secure wipe either deletes the encryption keys for hardware encrypted phones (anything from the 3GS on) or it actually overwrites all the data.
It's always a pleasure to see the Apple-hating public of this website being told their asses off.
Maybe, with a great deal of luck, this time they will learn that their constantly negative attitude about one company is just as senseless and annoying as the ferverous devotion others have for that same brand.
 
Amen! I'm a nerd, I like all tech; but especially Apple stuff. It does just work! The whole feud annoys me. I like what I like for my reasons, you like what you like for your reasons. You can try and change my mind, but you won't. End of story.
 
Why is there a picture of a iPhone but the article is about Android, really? Might help if there was a pic of a Android phone so people wont get confused. Apparently Apple does not have the issue as one posted has pointed out.
 
This is cool and all, but how many people are buying used phones just to get data off them? I say none. Hacking iCloud seems more productive though...

As you were...
 
Offering some advice on the best way to wipe a phone would have been a nice addition to this article.
Take it down the corner auto shop and hose it down with an acetylene torch.

With that being said, wiping the phone is almost exactly like locking the barn after the horse has been stolen. Your little data bits, along with the pictures of miss triple XXX's naughty bits, have all flown away, to the NSA, long before you try and sell it.

Why is there a picture of a iPhone but the article is about Android, really? Might help if there was a pic of a Android phone so people wont get confused. Apparently Apple does not have the issue as one posted has pointed out.
Every phone has the capability of retaining your data, with possibly a bit of help from user, (pilot) error.

But, man oh man, you can't put one over on you. You know your cell phone pictures.

It's always a pleasure to see the Apple-hating public of this website being told their asses off.
Maybe, with a great deal of luck, this time they will learn that their constantly negative attitude about one company is just as senseless and annoying as the ferverous devotion others have for that same brand.
Not true, I hate all mobile phones, regardless of race, creed, or national origin, and most guests as well.
 
Last edited:
Back