One of the most important things your cell carrier tells you to do before you sell or trade your phone is to wipe your information. That prevents the next owner, whether they’re a criminal or just a snoop, from seeing your sensitive information like bank accounts, contacts, emails, texts, photos, location or getting access to your online accounts.
The University of Cambridge has wrapped up a study that looks at how much information is left on Android gadgets after a factory reset. It found that a hacker could recover Google account information, Wi-Fi credentials, browsing history, email, texts, photos, third-party app information and more.
Researchers estimate that 500 million phones are affected, and that number could grow to 630 million.
Newer gadgets run 4.4 to 5.1+, and the researcher didn’t test those.
With Android, wiping your gadget means using the simple Factory Reset option. Unfortunately, it now appears that a reset doesn’t do quite as much as you would hope.
So, what can you do? Unfortunately, the answer is “not much.” The researchers give a few solutions, but they’re highly technical.
If you have Android 4 or higher, you can turn on full disk encryption, which makes data harder to read. However, the researchers found that a skilled hacker might be able to rebuild the deleted encryption key and still access the information. If you do turn on encryption before you wipe the gadget, you can make it harder for a hacker to break by changing your gadget’s password from a PIN to a really long, complicated password.
The researchers suggest overwriting the wiped area with random data to try and overwrite anything important, however that requires rooting your phone and adding data manually, which isn’t an easy process. There’s also a quirk of flash memory, which these gadgets use for storage, to consider; you can never completely wipe it. There’s always going to be a fragments of data left behind.
The researchers say that the best solution is to destroy your old gadgets instead of selling or giving them away. It’s up to Google and gadget manufacturers to work out a more secure way to permanently wipe data, and those ways will only arrive in newer gadgets.