Some people change their smartphone or tablet almost as casually as they change their clothes. They buy and later sell mobile devices without the slightest concern about the information that, one device after another, they keep putting in the hands of total strangers. This article is aimed at all those people, and in it you will be able to learn what measures you can take to protect your privacy.
Unfortunately, no. With most IT equipment, deleting a file means telling the system that the next time it needs to write data, it can overwrite the space used by the file in question.
However, until the new write operation takes place, the information remains physically stored in the form of bits on the corresponding storage drive and can be recovered. This kind of deletion is known as logical deletion and is the procedure that almost all operating systems use.
In contrast, there is another kind of deletion called physical deletion which modifies the data bit by bit, by creating junk content on the storage medium. This procedure ensures that the data cannot be recovered, but it takes much longer and therefore usually is considered undesirable for tasks where the user experience is central.
What happens if you restore to factory settings?
That depends on the platform. Research carried out in early 2015 showed that on Apple and BlackBerry devices, when you perform a factory reset, the deletion of data is physical, thus preventing the information from being recovered later. However, not all Android devices were as lucky and it was possible to recover a lot of the data that had been stored on them.
According to the researchers, the reason for this could be that Apple and BlackBerry have better control over their hardware and so can wipe the data on the device more effectively. Given that operating systems like iOS use encryption built into the hardware by default, factory reset only actually needs to delete the encryption keys physically.
In contrast, encryption is not included by default on Android and, according to the researchers’ findings, information can be recovered even after running several factory resets.
What are the dangers of logical deletion?
Cell phones are very personal devices. Using them involves the use of totally private data, like credit card details, purchase records, contact details of friends and family, videos, photos (possibly including nude images of the user), schedules, geolocation, files and their associated metadata, web browser history, Wi-Fi connection history, logins and passwords for email and other cloud-based services, text messages, chats logs on social media, and a great deal of other information.
All this smartphone data could potentially provide material enabling a cybercriminal to orchestrate a social engineering attack against the handset’s owner. Unfortunately, as some people have experienced first-hand, if this information falls into the wrong hands it can even lead to extortion and fraud in which the criminal blackmails the user by threatening to distribute the data.
Another great worry is that strangers might gain access to user accounts for apps installed on the device, like online shopping, banking, and social network apps. For this reason, taking preventive measures will enable us to feel more at ease and be better protected against such risks.
How can another person recover our personal information?
There are numerous tools designed to recover data stored physically on a mobile device. These utilities are known as forensic analysis tools and normally are used to break down the sequence of actions that led to an IT incident or to find evidence that could lead to a verdict in a court case.
However, some of these tools are free and can be accessed by people with malicious intentions to gain information they should not have access to.
So, how can you protect yourself?
As we already mentioned, for iOS users, a factory reset is sufficient. But what should Android users do? The simplest option for making it difficult to recover data is to encrypt the device before restoring the factory settings. That way, although someone could make a physical copy of the device, the bits of data stored on it will not make any sense to them.
Given that the decryption keys are, in turn, protected by the password set by the user, and even in the event of an unsuccessful reset, the attacker would have to carry out a brute force attack against the keys in order to gain access to them. And let’s not forget that the more complex the password, the more difficult it will be to crack. This means that although encryption is not an infallible form of protection, it’s enough to discourage most cybercriminals.
You can encrypt your Android system by going to Settings > Security > Encrypt device, and the reset options are located in Settings > Backup & reset > Factory data reset. Another way to format the memory is by accessing the device’s recovery mode, however, the results of this method are the same.
It is also possible to find apps on Google Play Store that promise to overwrite the parts of the memory that have been marked as free by the operating system, but that might still contain the original data. The user will need to carry out a factory reset both before and after running the app. In addition, they will need to avoid using Google Play Store to install the app on the cell phone, so as to avoid entering their Google account data into the phone again.
Finally, don’t forget to remove the SIM card and also the micro SD card. Now that you know how to wipe your data, be sure to protect your privacy before getting rid of a device.
Image credits: ©Daniel Novta/Flickr
Author Denise Giusto Bilić, ESET