Thinking of selling your used smartphone? Think twice before doing so, and take steps to ensure that all your personal data has been erased. Having purchased 20 used smartphones – five each in Barcelona, Berlin, New York and Paris – Avast Software used free, widely available recovery software to access a variety of sensitive personal data, including more than 2,000 personal photos, emails, text messages, and invoices.
One video included an adult video the prior owner thought had been deleted. Two prior owners hadn’t logged out of their Gmail accounts, enabling the new owners to send and receive emails in their names, the security specialist highlights in a press release.
Used Smartphone Have Personal Data
Avast performed a similar exercise two years ago and found more than 40,000 personal photos, emails and text messages. This year’s results indicate smartphone users continue to pay too little attention to ensuring the online security of their personal data, the company states.
The owners of the pawn shops where Avast purchased the used smartphones assured them they had been factory reset and that all data from previous owners had been wiped clean. Of the 20 purchased, that wasn’t the case for 12.
Half contained personal data, the result of using an outdated version of Android whose factory reset function was defective. Rather than all being factory reset, some owners had only deleted their files. That means that only the reference to the file was deleted, not the file itself, Avast explains.
Others simply forgot or neglected to delete their data or do a factory reset. The results highlight the responsibility of both shop and smartphone owners to assure that all personal data is removed from used smartphones. Anti-theft software, such as a free Android Anti-Theft app from Avast, can be used to remotely wipe the data, Avast pointed out.
“New Android phones are pretty safe when it comes to the factory reset, but used phones with older Android versions that have a less thorough reset feature are still being sold,” Avast Software president Gagan Singh commented.
“Through our research, we noticed that some people simply forget to delete their personal data and perform the factory reset before selling the device. To ensure that all data is removed, a user needs to overwrite the phone’s files,¨ he continued.
¨Without this, a user’s personal data could easily end up in the hands of the next owner of the phone. In the end, users are responsible for cleaning all sensitive and personal data from their devices prior to sale, and they should never rely on a shop owner to remove remaining data prior to reselling the phones.”
Avast summarized the personal data it recovered from the 20 used smartphones:
- More than 1,200 photos
- More than 200 photos with adult content
- 149 photos of children
- More than 300 emails and text messages
- More than 260 Google searches, including 170 searches for adult content
- Two previous owners’ identities
- Three invoices
- One working contract
- One adult video
“If you sell your phone, make sure you don’t sell your identity and personal data in the same move,” Singh cautioned. “If your personal data gets into the wrong hands, it can be easily exploited for identity theft or blackmail, and explicit content could be uploaded to the Web. We know many of our users dislike the idea of strangers viewing their photos, so they should take the time to ensure their sensitive data is removed from their phones prior to selling them.”