Buying a new phone? At any given moment, phone manufacturers try to introduce new things to woo consumers.
From better hardware to more powerful software. Better design, higher-quality material, and so forth. The market is too crowded with options, and selecting the best phone can be difficult because the "best" can be different from person to person.
In the modern age of internet and connectivity, as well as smartphones, people store just about anything on their phones.
From work-related data, to personal information, to even the most sensitive materials they never want the world to know.
But there are times that the old phone just has to go. For whatever reason, there is that particular moment that a new phone is needed.
The moment that shiny new phone is at hand, and have all the data from the old phone transferred to the new one, it's easy to forget that old phone.
This is why it's easy for anyone to neglect that phone.
This is also why some people choose to sell the phone, or pass it on.
Before doing this, phone owners must perform a factory reset, to automatically remove all of those late-night text or embarrassing photos and videos, or those apps with logged in accounts, and so forth.
It's generally acceptable perform a factory reset on the phone and continue with life.
But to those with a knowledge and experience, a factory reset is just a locked door.
All it takes is a bunch of tools and a little bit of patience before that door is opened, and have those "deleted files" recovered like nothing ever happened.
This happens because a factory reset only resets the phone to its original state. While it removes all customized settings and data, the deletion only marks the storage as empty, despite not empty.
The phone's operating system simply denies the existence of the data because the address has been removed.
Using data recovering software and forensic tools, it's quite easy to recover most if not all of the deleted data.
If not, physically tampering on the storage system can help recover a lot more.
Using the correct tools and knowledge, it's possible to recover data from even the most heavily-wiped devices.
In a research conducted back in 2014, the people at AVAST Software could easily retrieved personal data from used smartphones they team bought online.
Despite the 20 phones the team bought had their data deleted, and that their previous owners had wiped the phones storage clean by performing a factory reset or a “delete all” operation on their devices, the researchers at AVAST were able to recover lots of personal data, including more than 40,000 personal photos, emails, text messages, and – in some cases – the identities of the sellers.
"The amount of personal data we retrieved from the phones was astounding. We found everything from a filled-out loan form to more than 250 selfies of what appear to be the previous owner's manhood," said Jude McColgan, President of Mobile at AVAST, at the time.
“We purchased a variety of Android devices from sellers across the U.S. and used readily available recovery software to dig up personal information that was previously on the phones. The take-away is that even deleted data on your used phone can be recovered unless you completely overwrite it.”
" [...] Along with their phones, consumers may not realize they are selling their memories and their identities. Images, emails, and other documents deleted from phones can be exploited for identity theft, blackmail, or for even stalking purposes,” added McColgan.
"Selling your used phone is a good way to make a little extra money, but it’s potentially a bad way to protect your privacy."
The first way, is to properly utilize encryption.
The method is a process of encoding information by converting the original representation of the information, known as plaintext, into an alternative form known as ciphertext.
In this case, since a simple factory reset will not ensure that everything is wiped out from your phone, encrypting data before a factory reset means that even if the new owner of the device tries to restore all the data, they won’t be able to access it.
The second way, is to force the storage to occupy empty spaces and supposedly empty spaces with junk data.
To do this, users can upload dummy data before performing a factory reset. Fill up all of the phones storage with the junk files, and remove the junk files after that. Repeat the process for more than many times.
This method can make the sensitive data that are already encrypted virtually impossible to decrypt.
It's worth noting that the success of data recovery varies depending on several factors like the phone model, storage type, and how long it has been since the factory reset, and whether or not the data within has been rewritten. The longer the time, the less likely it is to recover anything.
But again, this may not be a 100% foolproof.
To those who really care about their privacy, the best way to ensure that no data can be leaked or stolen, physically destroying it is the most obvious thing to do.