Smartphones have become indispensable in our daily lives, revolutionizing how we communicate, work, and navigate the world. They allow us to stay connected with loved ones through calls, messages, and social media, access information instantly, from news to directions, manage our schedules and boost productivity, capture and share life’s moments through photos and videos, entertain ourselves with games, movies, and music and even monitor our health and fitness goals.   According to a survey from Reviews.org, Americans check their phones an average of 144 times a day and spend four hours and 25 minutes daily on their phones. It’s safe to say these devices are firmly entrenched in our lives. We don’t think much about what happens to the data on these phones when we upgrade. Does a factory reset do the job of erasing all of our data as we assume it will?  Read on to find out.

The Upgrade Cycle

Because mobile devices have become such an essential part of most people’s lives, they will likely upgrade frequently as technology advances and new features are added. What happens to the millions of phones that are no longer wanted?  Sometimes, they are traded for credit towards a new device, and then those devices are sold on the secondary market. Sometimes, they get passed on to friends or relatives.  We do this after performing a factory reset that we believe wipes all data from the phone, but those beliefs are not actually true, and a factory reset can still leave us vulnerable.  When it comes to organizations, failing to eliminate data from company mobile devices properly can result in severe financial and reputation consequences. 

The Limitations of Factory Reset

Many users believe performing a factory reset is sufficient to protect their data when disposing of an old smartphone. However, this common misconception can lead to significant privacy and security risks. Most people don’t know that factory reset only removes the pointers to data, not the data itself. The device may appear on the surface to be new and clean. However, skilled individuals can still recover “deleted” information remaining in the device’s internal storage and on external secure digital (SD) cards using specialized software. In a 2015 study, Blancco Technology Group and Kroll Ontrack purchased over 120 second-hand drives and mobile devices from Amazon, eBay, and Gazelle to determine if residual data could be recovered after they were resold. Of the mobile devices studied, 35% had residual data.  So, the sensitive and personal data you think you responsibly removed may remain accessible to future device owners.  This vulnerability highlights the need for more robust data protection measures when upgrading or disposing of your smartphone, especially when these devices contain private company information. 

“People think their data’s been destroyed, and really all you’re doing [with a factory reset] is removing the table of contents. The rest of the chapters of the book are sitting there waiting to be discovered.”   — Pat Clawson, CEO, Blancco Technology Group

Security Limitations by OS

Apple iOS: The safest option, Apple uses sophisticated encryption to render any data left on the device after a factory reset unreadable. 

Android:  Android continues to experience significant security limitations. Most recently, media reports indicate hackers have used brute force attacks to break into tens of millions of Android devices thanks to a series of security issues linked to Android kernel flaws and Qualcomm processors. Unlike iOS, Qualcomm-powered devices store the encryption key in software, which leaves them vulnerable. Once a hacker has the key, all data can be unlocked.

Windows Phone: When performing a factory reset on a Windows Phone, the pointers to the data are removed, but the data itself remains intact, making it easy for someone with easy-to-use data recovery software to recover the data.

Blackberry: The BlackBerry factory reset only eliminates the pointers to the phone’s data; it does not overwrite it. The company currently does not turn on encryption by default.

Mobile Data Erasure: A Secure Alternative

Mobile data erasure presents a superior solution for those seeking a more secure option to protect sensitive information. With Mobile Phone Data Erasure, all data – both personal and corporate – is overwritten, erased, overwritten again, and certified as unrecoverable to anyone else.

Benefits of Mobile Data Erasure:

• Overwrites all data on the device, making recovery virtually impossible
• Complies with various data protection regulations
• Provides certification of erasure for peace of mind
• It can be performed remotely or on-site 

Organizations can use mobile data erasure techniques to ensure that their employees’ personal information, financial data, and other sensitive content on their mobile phones are irrecoverable. Securis offers mobile data erasure services that can be performed onsite at your offices or our NAID AAA-rated facilities. 

In conclusion, as smartphones continue to play an increasingly vital role in our lives, it’s essential to consider the security implications of upgrading or disposing of these devices. While factory resets may seem sufficient, they leave users vulnerable to potential data breaches. By opting for more secure methods like mobile data erasure, we can enjoy the benefits of smartphone technology while protecting our privacy and security in the digital age.

Research for this article:
1) Privacy for Sale: A Study on Data Security in Used Mobile Devices & Hard Drives Blancco Technology Group and Kroll Ontrack, October 2015