A new study conducted by data recovery experts has found that many problems related to data storage on cell phones – and PCs – are still the same as they were 15 years ago. Despite a person’s efforts to delete data on his or her cell phone prior to selling it on eBay, that data can be recovered if someone has the right software.
This problem was reported in detail in 2013 when researchers at the University of Cambridge demonstrated that the “factory reset” – at least on Android phones – does not actually erase everything.
The used smartphone industry is huge and ever growing as new models seem to come out every year. Hundreds of millions of phones sold in the secondary market are susceptible to the “failure to erase data” problem, however.
Text messages, Google account information, emails, pictures and videos were all able to be recovered on on Android devices – back in 2013 as well as today.
Researchers determine that the blame lies with Google as well as the phone makers. Bad design, very slow upgrades and software updates do not help. Also, manually deleting every photo, app and message does not work either. This is because “flash memory” is extremely difficult to erase.
Ross Anderson, a Cambridge engineering professor who worked on the study in 2013 stated that, “This can be desperately complicated.” Cybersecurity expert, Per Thorsheim, went even further and stated, “Don’t hand off your old phone. Smash it.”
The new study, conducted by Blancco Technology Group and Kroll Ontrack, showed that failure to erase data from used mobile devices continues to exist. In 35% of the devices analyzed, residual data was recovered, including thousands of texts and emails. Returning the phones to factory settings simply did not erase the data.
Some devices contained enough information that the original owner was easily identified.
Paul Henry, IT Security Consultant for the Blancco Technology Group, noted that Apple’s technology seemed to prevent the problem while Android devices did not. “Apple devices use encrypted storage so deletion of the encryption key makes recovery impossible. But Android devices, on the other hand, do not use this method and rely upon a user overwriting data to erase it and prevent it from being recoverable.”
In the new study, a total of 122 devices were analyzed, including 20 mobile devices and 102 hard drives.
After conducting the research, Henry stated that, “Whether you’re an individual, a business or a government/state agency, failing to wipe information properly can have serious consequences.”
He further concluded that, “One of the more glaring discoveries from our study is that most people attempt in some way or another to delete their data from electronic equipment. But while those deletion methods are common and seem reliable, they aren’t always effective at removing data permanently and they don’t comply with regulatory standards.”