When you factory reset your Android device, you expect all your personal data to be deleted. Unfortunately, security firm Avast Software discovered that doing so doesn’t necessarily delete everything from the device.
Avast turned to eBay to purchase 20 Android smartphones that, according to the previous owners, were factory reset. According to the company, by using commercially-available recovery software, it was able to restore 40,000 pictures, which included pictures of children, women in “various stages of undress,” and male nude selfies. Avast also recovered 1,000 Google searches, 750 emails and text messages, and 250 contact names and email addresses.
Even with all the recovered information, Avast was only able to identify four of the previous 20 owners. Even so, in the wrong hands, personal information can still be used for nefarious purposes.
“Along with their phones, consumers may not realize they are selling their memories and their identities,” said Avast’s Jude McColgan. “Images, emails, and other documents deleted from phones can be exploited for identity theft, blackmail, or even stalking purposes. Selling your used phone is a good way to make a little extra money, but it’s potentially a bad way to protect your privacy.”
According to Avast, to truly delete all your personal data, you must overwrite it, something that Avast’s app, coincidentally, can do. We would take all of this with a grain of salt, since it would be in Avast’s interest to have you use its service. The company also didn’t reveal what specific Android smartphones it purchased, nor did it reveal what software it used to recover the thought-to-be-deleted personal data.
Regardless, it pays to be aware when selling devices.
Editor’s note by Jeffrey Van Camp: This is not a new problem. There have been reports since 2012 about Android devices not completely wiping data. We recommend you use caution when selling or giving away old devices.