When Avast for security bought 20 smartphones from Ebay website, it was able to retrieve the images on those phones, along with Google searches, text messages, email and details of all phone calls.
What’s the solution then when changing the old phone is necessary? What steps should be taken to prevent your data from being retrieved?
In order for your secrets not to become common, here are four steps to protect your past.
Factory reset is not effective
A study conducted by researchers at Cambridge University, revealed that the status of “factory reset” does not delete all data, accounts and passwords from the Android device.
The researchers tested a variety of used Android devices, running by Android 2.3 to version 4.3, they found that in all cases were able to restore the security code, which is sent to authenticate when entering the password for the first time for services such as WhatsApp, Facebook and Google and were able to restore the main code for 80% of those phones.
The main symbol of the phone is the front door key of your home, through which the user’s credentials can be retrieved (user name / password), so it is easy to re-sync all your data to the device; which means retrieving emails and photos stored on cloud services, along with contacts.
Why is this happening?
There are many reasons, and some of the blame is on the manufacturers of those phones; because they do not provide the program required to get rid of memory, “flash – storage”, which is a repository that stores data for long periods of time; therefore, we find it difficult to delete the cache data .
Another part of the blame lies with Google; it does not provide a preventive response option for users, which prevents or punish anyone from recovering your data, or even alerting you at least to what is happening.
According to the British study, devices that use encryption techniques are not completely secure; because the decryption key can be reached once the factory setting is set.
Although the key itself is encrypted, hackers can access it after a while.
How do I reset the factory correctly and remove all my data?
Devices running Android 4.4 and above are not tested in the study we mentioned; therefore, they can’t be resolved, although researchers believe they may include the same vulnerability.
Each user must encrypt their phone with a complex, random password consisting of a combination of letters, numbers and symbols of at least 11 characters, which will prevent any attempt to access the main phone code.
A quick solution to protect your data is to encrypt it on your phone before you get rid of it by accessing Settings > Security > Encrypt Phone
“If you’re planning to sell your phone, you have to encrypt it first, then set up the factory setting,” says Adrian Ludwig, security engineer for Android systems.
Ludwig responded to the Cambridge study that memory encryption on the Android phone makes any non-deleteable data useless.
Another way to get rid of stored data is to turn on factory mode, and then try to fill the phone’s memory with insignificant files of videos and songs.
The phone camera can be turned on for long periods of time until the memory is fully consumed. When others try to retrieve your phone files, they get fake data that is worthless.
4 steps to follow before selling the phone
- Remove the SIM
The first thing you have to do is eject the SIM from the phone even if you will get a new one; because the old SIM contains lots of phone numbers and knowledge, of course you do not want to leave it in the old phone.
- Take off the memory card
Do not forget to look at the memory card opening, because you do not want to sell your phone with a memory card that contains your important files.
- Clear data
You can delete your data on your phone in two ways:
Either through Settings> backup / restore, then choose Factory Reset. But before this step, be sure to protect your data and prevent it from being restored again by encrypting your phone from Settings> Security> Encrypt Phone.
Or scan manually by accessing each file and applying and choosing the delete command, but this method will not completely secure your data from the risk of restoration.
- Clean the phone
Once the phone is cleaned internally from your data, we come to the next step, cleaning it from the outside and removing the fingerprints, and possibly providing it with a protection to protect the screen.
But the most safe and ideal solution the researchers have reached is either to destroy the device or to keep it and not sell it until manufacturers repair that problem.