Skip to main content

A new report from a software security firm has highlighted an uncomfortable truth for smartphone users: Deleting personal information from an Android device doesn't mean it's gone forever.

Security researchers purchased several used phones on eBay and were able to recover thousands of photos (including a disturbing number of nudes) that belonged to the previous owners, not to mention e-mails, personal contacts and in one case a completed loan application.

The chief culprit appears the "factory reset" features on the world's most popular mobile operating system, which according to an interview in CNET only remove files at the "application layer." That suggests many people have inadvertently left behind a host of easily recoverable personal files and information you might hope to erase before selling or giving away your phone.

Story continues below advertisement

What do you mean "erase" doesn't delete "forever?"

So, you've taken a nude selfie and are feeling a little ashamed. Time to delete it, let's say from a popular Android-based device (maybe from Samsung, the largest maker of Android smartphones). You go to the camera roll, select DELETE, confirm and bang, done. Right? Sorry, that's not the end of the story.

As Globe and Mail technology reporter Omar El Akkad explained in his exhaustive guide to safer computing, deleting isn't a magic wand:

"Most of the time, when you delete a file (and even empty the recycle bin), it doesn't actually go away. Instead, the computer puts a "For Sale" sign on the part of the hard drive where the file is located. Over time, other files and programs may override the space, but they also may not. This means that, even after you delete a file, it can often be partially or fully retrieved by anyone who knows what they're doing."

To truly delete a file off local storage (a disc drive, sim card, thumb drive, SSD, whatever) you need to overwrite that old file info with something new (preferably a bunch of unimportant junk). On your PC there are programs like Eraser, for Android there are apps like SHREDroid that can help you do this. Barring that, you could always chuck your old phone in a wood chipper or melt your it down into slag (don't actually do either of those things, old gear should go to electronic waste management; these things are full of heavy metals and other chemicals that need safe disposal).

Who discovered this and what else did they find?

A Czech Republic-based security software company called Avast reported the problem, which they felt was somewhat urgent given the tens of thousands of older Android devices for sale on eBay and other reselling sites. But Avast didn't do this just for kicks, they make and sell software that is supposed to help you avoid these situations.

Story continues below advertisement

In addition to a lot of photographs, they found things like Facebook chats, records of Google searches, e-mails with password data and much more. This infographic is a peek into what they found, the full report for the technically inclined is here: Android Forensics, Part 1: How we recovered (supposedly) erased data. Perhaps the most disturbing part of the study is that most of the software tools Avast researchers used to crack open these old phones can be downloaded for free, by anyone, and are relatively easy to use.

And if you still aren't sure how big a deal this is, Android, made by Google, is everywhere and used by almost everyone: from Amazon to Samsung, LG to Xaomi (and maybe even Microsoft some day). Unless you have an iPhone or a BlackBerry smartphone, odds are quite good that your device runs on Android.

Report an error Editorial code of conduct
Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

Comments that violate our community guidelines will be removed.

Read our community guidelines here

Discussion loading ...

To view this site properly, enable cookies in your browser. Read our privacy policy to learn more.
How to enable cookies