Over the last 12 months, the four largest mobile carriers in the U.S.—Verizon, AT&T, T-Mobile, and Sprint—have all introduced slick new campaigns allowing users to affordably upgrade their cell phones far more often than the old industry standard of every two years.
The biggest takeaway from this trend? More new phones = more old phones. In 2010, the EPA estimated that 152 million mobile phones were discarded, while just 17.4 million were recycled. Since then, the secondary market for used cell phones has boomed, with big-box stores offering buy-back programs and a multitude of online options luring those looking to cash in.
Whether an old phone is sold, donated, or recycled, one crucial step of the process is often overlooked: securely “wiping,” or deleting, the personal data contained on the old device. Most phones have such a reinstall option that allows them to be reset to their original factory settings—but, as a recent experiment by security software company Avast demonstrated, that doesn’t always do the trick.
Avast purchased 20 different phones on eBay and put some of their off-the-shelf data recovery and forensics tools to work to see what they could dig up. From those 20 phones, Avast recovered 40,000 photos—including 1,500 family photos with children and hundreds of embarrassing pornographic images—750 emails, 250 contacts with names and addresses, SMS and chat messages, and even private financial and legal documents.
How is this possible? Wiping a device often means only cleaning a device at the application layer, or rearranging where the data is stored, not necessarily deleting it. Apple was quick to point out that all of the phones in the Avast study were Android devices (iPhones overwrite encryption keys, not just data, when wiped and reset), and BlackBerry has relied on its own trusty secure wipe tool for years. But many of the secure-wipe apps offered through Google Play for the Android platform come with “we cannot guarantee that all free space will be sanitized” disclaimers.
So How Can You More Vigilantly Delete Data on an Old Device?
1) Pursue all channels of smartphone security while you’re using it so they will be in place when you decide to get rid of it. In May, a Consumer Reports study revealed that 36% of users set a screen lock with a four-digit PIN; 29% backed up their data; 22% installed phone-location software; 14% installed a mobile security or antivirus app; 8% installed software that could erase their phone’s content; 7% used security features other than screen lock—and 34% took none of those security measures. Almost all of these options are free and easy to implement, but if you need help, call in a trusted IT service provider.
2) Once you’re ready to sell, recycle, or donate, remove your SIM card (and micro SD card, if your phone has one). Most data is kept in internal storage, but some contacts or call logs can end up on these cards. It’s common practice for anyone buying or refurbishing a used cell phone to supply their own new SIM or micro SD cards before using them, so there’s no need to risk the security of your data by leaving the old one in.
3) On iPhones, use the Default Erase Setting—on Androids, encrypt your phone manually, and then erase. Apple’s Default Erase setting uses hardware encryption to scramble your phone’s specific key, while on the Android platform, this step must be done manually. This Lifehacker story from October 2013 explains both processes in great detail.
4) Rely on a trusted IT service provider to keep up with evolving best practices and tools for mobile security. The landscape surrounding the privacy of cell phone data keeps shifting; in June, the U.S. Supreme Court ruled that police must get a search warrant before delving into the contents of a person’s phone, so, for all intents and purposes, that data is now considered sacrosanct.
The technology surrounding data encryption will surely continue to evolve—wouldn’t you like to leave your worries about it to someone invested in the industry? Smart business owners concentrate on building their companies and caring for clients—and leaving IT worries to a partner they can trust.
If you have mobile security concerns, contact us today so that you can leverage CMIT Solutions’ nationwide system to secure your data, defend your network, and empower your business to operate more productively and efficiently.