Before You Sell Your Old Smartphone, Consider This: Even If You Wipe It Clean, Your Sexts May Still Be On It

A security firm purchased 20 used smartphones, wiped them—and found plenty of naked selfies, emails, and even a loan application.

A startling discovery from security firm Avast Software will make you reconsider selling your old smartphone: Even after performing a factory reset, your browsing history, photos, and text messages can still live on the device.

In a qualitative study released Tuesday, Avast detailed how it purchased 20 used smartphones, including iPhone and Android models, from eBay about a month ago, wiping them using the default settings provided by the manufacturer, operating system, or carrier. Even after taking these measures, Avast recovered photos, past search queries, social media information, contact information, and much more. In four of those instances, the firm could trace the identity of the phones' previous owners. In other situations, it was able to stitch together profiles based on the data left behind (an actual example: a model talking about her body issues relating to weight gain on Facebook).

"A factory reset or clean wipe isn't getting rid of all the information," president of mobile Jude McColgan told Fast Company. Depending on the type of wipe, the process could overwrite references to the data, so that it isn't be readily accessible, but the files can still reside on the device.

Some of the examples of data left behind include nude selfies, lingerie shots, anime porn, searches about psychotic medication, and even a completed loan application. In total, Avast said it uncovered more than:

  • 40,000 photos
  • 1,500 family photos of children
  • 750 photos of women in various stages of undress
  • 250 photos of male nude selfies
  • 1,000 Google searches
  • 750 emails and text messages
  • 250 contact names and email addresses

Of the 20 smartphones, one had installed a competitor's security software. That device, McColgan pointed out, had the most personal information intact. (Of course, the point of the study is to highlight the effectiveness of Avast's software, which the firm says overwrites all files permanently.)

"Just be careful," he cautioned smartphone owners. "Understand what you're carrying on your phone, and use good tools."

[Image: Flickr user Joseph Morris]

Add New Comment

10 Comments

  • Tom Mengel

    Even way back when in my DoD systems test days it was recognized that the ONLY way to insure a complete wipe of memory data was to overwrite the unformulated disk image areas at least three times with random "1's" and "0's" and then do a new format and write random gits again. And even with those safeguards there were possible possible latent "magnetic biases" (often used by advanced sophisticated disk recovery services even after the magnetic sub strait was actually burned off the disk platter) that could still recover parts of the former data. To this end most SCIF used disk drives were physically ground into small chunks to make sure no data was recoverable.

    The point is even if cell phones don't have physical disk drives their memory might very well still harbor data remnants, and few if any tools allow very low level data over write and destruction. For this reason I do not turn in any of my old phones or donate any computers with any kind of hard drive left in them.

  • zafester

    Just read the Avast blog entry. They either changed it after this article was written or the fast Company writer is being lazy. Blog entry specifically states all 20 devices were Android phones and hoes on to highlight how they pull data from Android. Makes no mention of iOS devices. Whether it's a change in the blog entry or a poorly researched article, this Fast Company entry is currently inaccurate.

  • Sebastian Quevedo-Busch

    This isn't really anything new and has been known for some time now, after all a smartphone is not much more then a mini computer and data recovery has been around for quiet some time!

    The only way to really erase all that information permanently is to over wright it with new information.

  • Simon Cundall

    Its crazy how they can find all that stuff, but when I wiped my camera no one could help me get the stuff back! lol. Interesting read though :)

  • Steve Kravitz

    What about photo EXIF data? That would seem obvious as the most alarming and potentially dangerous data found, and yet there is zero mention of it.

    Bottom line? Avast is no more trustworthy than any other InfoSec company out there.