A study by security company Avast shows that after wiping your Android device’s memory through the factory reset function, much of your personal data could still remain.

o-SURVEILLANCE-APPS-facebook

Our phones have become an integral part of our lives, and we carry a great deal of personal information in them that we’d rather keep private. It’s only natural that you factory reset your phone and delete all of that personal data before you sell it (especially those naked selfies you took last year at Christmas). Prague based security company Avast however, has just conducted a study that found Android’s factory reset function quite ineffective at wiping the phone’s memory.

Avast, which is known for it’s Windows, Mac and Android security software,  purchased 20 smartphones on eBay that had supposedly been wiped using Android’s factory reset, but they found that with digital forensics tools and a little effort, they could restore a lot of the previous owner’s data. In fact, not one of the phones were entirely clean.

“Although at first glance the phones appeared thoroughly erased, we quickly retrieved a lot of private data. In most cases, we got to the low-level analysis, which helped us recover SMS and chat messages,” Avast researchers Jaromir Horejsi and David Fiser wrote in the report.

From the smartphones, Avast extracted 40,000 images, including more than 750 partial or full nude images of women, and 250 nudes of men. They also found 750 emails and texts, 250 contacts, the identity of four previous owners, as well as one completed loan application. “This guy was really into anime porn,” says Caroline James, PR manager for Avast, while looking over pictures from one of the phones. In addition to the images, Avast was able to log into an owner’s Facebook, and track his previous whereabouts using GPS coordinates.

Avast used FTK imager, a digital forensics tool which can be downloaded free online, to extract the data. They also used the resources of the XDA developer forum, in which experts and programmers share their knowledge on mobile platforms. They also used Android’s own Android Debug Bridge as well as Android Backup Extractor, to make a backup all of a phone’s data to a computer without needing to unlock it, and then accessing the data.

2000px-avast-2010-logo

Avast is an internet security company that makes anti-virus solutions for Windows, Mac and Android

Avast says that a problem among mobile user is that they’re not fully aware of how exposed their data is.  Only 14% of Americans use antivirus software on their phones (only one of the phones in the study had antivirus software) and just 8% use software intended to completely wipe a phone’s memory.

So what should you actually do then, to delete your data? Factory reset only wipes your phone on the application level. There’s no feature to completely wipe the memory. However, you can make your data unreadable. Encrypt your files before performing the factory reset. The reset will delete the encryption key, thus making any retained information inaccessible.

Source: Tom’s Guide