Have you ever sold an old mobile phone to make a quick buck?
Over 80,000 people list their phones every day on eBay and Kijiji, but with what consequences? An experiment was recently performed by the security firm Avast that brought to light some very interesting questions about how secure our identity actually is…
The experiment was simple; the results were astonishing. Avast purchased 20 used Android phones on eBay to see if they could recover any data files. These phones had been completely wiped via the OS, so they should have been clean. Not only was Avast able to extract deleted files, they recovered some pretty personal stuff.
Everything from images to contact information to personal identification was found on the 20 phones. In fact, over 40,000 photos were recovered and 1,500 of them were of children… There was even a fully completed loan application revealed through the process! You can see the full list of what was recovered in this infographic.
Where else can our privacy un-knowingly be compromised? There are over 30,000 used laptops and over 400 used portable hard drives currently available for sale on eBay alone. Are they as ‘erased’ as we think our mobile phones were?
So, what happens when a file is ‘deleted’, or a phone is ‘reset’? The easiest way to explain this is when a file is deleted, it is not the file itself but the pointers to get to the file. The file is still present but has been given permission to be erased. Think of it like a map…if you erase the roads there is no longer an easy way to get to places, but the places still exist. Now, the original data will eventually be overwritten with new data but in the meantime the file is still very much present and accessible. This is a serious problem as people rely more and more on their mobile devices and, in turn, use those devices to save, store, and carry out activities containing sensitive information.
This is obviously in some way a small scare tactic from Avast, and of course they offer a product to combat this potential security issue. Also, the data suggests that this is in fact more prone to older versions of Android handsets, but it still sparks the question, ‘Are we too liberal with our personal data’?
What you want to do is perform a ‘secure erase’, which usually involves more than one method to remove data to past the point of any form of recovery. This can take a few different forms including continually overwriting data multiple times or encrypting the data and then resetting the device so the encryption key is deleted and never recoverable.
As an online marketing firm, we definitely have a lot of love for selling items over the internet and this study doesn’t mean that you have to stop selling your old devices online. It just means you need to make sure you take the necessary precautions before sending any device that may contain sensitive information off to auction. For what it is worth, I have sold a few of my old mobile phones in the past without thinking much about the potential repercussions. I will definitely have a more conscious mind going forward. You should too!