Buyers of second-hand Android phones may tell you that they will wipe your phone before they sell it. It’s best to treat this claim with a little narrow-eyed suspicion as the evidence suggest it’s often not true. Why not learn how to wipe your phone yourself so no trace of your personal life remains on it, before you pass it on?
If you’re planning on selling or trading in your Android phone you should think about wiping all the data on it, so whoever inherits the phone also doesn’t have access to your data.
You should never under estimate how much data you have on your phone, it can contain information like business plans, details of customer relationships, information on the structure of company, details of bank accounts and details about children and other personal relationships.
To make the point, an investigation into the sale of second-hand phones by the UK’s Channel 4 revealed a wealth of data on these devices all of which could lead to identity theft, which in itself is a burgeoning industry among villains.
Led by security firm SensePost, the investigation into the sale of second hand phones by Cash Convertors, one of the largest chains of second-hand pawn shops in the UK revealed that a mass of data was still on the phone even though Cash Convertors assured customers that phones were wiped clean before sale.
SensePost said it was a ‘trivial’ task to recover large amounts of data from mobile phones and said that unencrypted handsets were ‘easy game’.
iPhone devices encrypt their data by default, which makes it almost impossible to recover data after performing a factory reset. However, Android devices by default have no encryption, which means that somebody can easily recover large amounts of supposedly deleted data.
Both Windows phone 8 and BlackBerry allow optional encryption to be configured, but this is not enabled by default. Windows phone 7 does not support encryption of the core file system.
So how do you wipe all the data off your Android phone before you pass it on?
Factory reset in theory enables you create a blank slate by reverting your phone to the condition it was in when you scooped it out of the box. You might correctly assume that all your data is deleted when you carry out a factory reset, but this is not true.
Some of the data, including emails, texts, photos and contacts is still present in the memory after a factory reset and can be easily recovered using data-recovery tools some of which are free. And there are a lot of these tools out there.
The reason why data still remains in the memory after you’ve wiped the phone with a factory reset is a little technical. Basically, the data remains in the memory but when you start using the phone again the data is overwritten. Which means that those with the intent can recover the data before the phone is used again.
The reason is historical; operating system developers assumed that new content would be written over the deleted data, which made it unnecessary to actually delete the content. It also avoids the wear of flash memory which has a limited number of writes. What the developers didn’t quite predict was the enormous popularity of phones and the fact that models would change hands rapidly.
SensePost the company that carried out the investigation on behalf of Channel 4 says that if you want to completely wipe your Android phone then the answer to this problem is actually simple: all you need to do is encrypt your phone data before factory resetting it.
Encrypt your phone
When you encrypt all your phone data before factory resetting your phone, all your data is scrambled. If someone wants to recover data using data recovery tools they will need a specific key to unscramble the data first – making their job difficult.
Encrypting data on your Android
The following guidelines are general and will apply to most Android phone models, though you may find you have to tinker around on some phones to find the correct tabs.
Firstly, go into Settings and tap on Security.
In Security, you will see the option of Encrypt,
That’s pretty much it. However, when you tap on Encrypt you will also have the option in the following page to set the screen lock.
It’s a simple process but it could be a lengthy one if you’ve got lots of data on your phone – so be patient and make sure your phone is fully charged before you start.
You can then do a factory reset on your phone. The factory reset option usually requires you to click through a number of tabs before you reach it. And you start with the backup and reset menu.
If you’re having trouble this Wikihow article provides an easy-to-follow guide on how to factory reset your Android.
It could take up to five minutes to reset your phone.
Word of warning
If you plan on taking these steps, don’t forget to back up your data before you encrypt and hit the factory reset tab – if you don’t your data will be well and truly lost.
Perhaps you’ve got a top secret blueprint on your phone or the DNA sequencing structure for cloning human beings, and you’re desperate not to let anybody else get their hands on it. Or maybe you’re just ultra-cautious. The above methods will certainly wipe your data but if you are a tad paranoid you can take one further step.
This involves loading fake data onto your phone. For instance, plug your phone into your PC and begin loading it with memory intensive random files so all the memory becomes full or near enough full. Then you do another factory reset.
When you do this and delete the data with a factory reset all your personal encrypted data is buried beneath it making it even harder to reach – and keeping you safe.
And when you get another Android device make sure it’s well protected. A recent report by G Data, a German security firm, says malware aimed at Android devices is growing at an exponential rate and estimates that there will be two million instances of Android specific malware by the end of 2015.
Only recently, ransomware targeted at Android devices was discovered. It could be the beginning of an Android ransomware trend – and you need to stay safe.