Beware, Android owners: Deleted data may not be gone

If you are selling or giving away an Android phone, beware — your personal data may still be on the device, even if you tried to delete it.

From devices purchased on eBay, researchers from security company Avast were able to recover thousands of photographs, hundreds of email and text messages and even a completed loan application. The researchers were able to restore those files despite the fact that the previous owners of the devices had used the factory reset or “delete all” feature that’s built into most Android phones.

“The amount of personal data we retrieved from the phones was astounding,” said Jude McColgan, Avast’s president of mobile software, in a statement.

As part of their report, Avast researchers purchased 20 phones off eBay. Using what the company said was “readily available recovery software,” the researchers were able to recover some 40,000 photos, including about 250 selfies of nude men; some 1,500 family photos that including children; more than 750 email and text messages; and 250 address book entries. They were also able to uncover the identities of four of the previous owners.

In its press release, Avast noted that on any given day, some 80,000 used smartphones are for sale on eBay.

“Along with their phones, consumers may not realize they are selling their memories and their identities,” said McColgan. “Selling your used phone is a good way to make a little extra money, but it’s potentially a bad way to protect your privacy.”

While alarming, the report wasn’t entirely altruistic. Avast is touting its own Android security software as a way of protecting owners’ privacy when they get rid of their phones. The company’s free Anti-Theft app completely overwrites delete files on the device, making them much more difficult to recover.

Android users can also better protect themselves by turning on the encryption feature that’s built into Android. That feature, which is turned off by default, will encode all the data on the device and protect it with a passcode.

H/T to Cnet.

Photo of Samsung’s Galaxy S 5 phone, courtesy of Samsung.

Troy Wolverton Troy Wolverton (248 Posts)

Troy writes the Tech Files column as the Personal Technology Columnist at the San Jose Mercury News. He also covers the digital media, mobile and video game industries and writes occasionally about Apple, chips, social networking and other aspects of technology. Previously, Troy covered Apple and the consumer electronics industry. Prior to joining the Mercury News, Troy reported on technology, business and financial issues for TheStreet.com and CNET News.com.