Smartphone Safety: What You Need to Know and Do Before You Sell or Donate Your Old Phone

Contemplating donating or selling your old cell phone that’s languishing in a junk drawer or your closet?

Before you do so you should be sure and clear your phone’s data so that you don’t leave personal information behind that could put you at risk.

And you should know that even if you do “wipe it,” data could still remain.

Though clearing your old phone might seem like elementary advice, there are plenty of folks who haven’t been following it.

Just ask students in Dr. Anthony Serapiglia’s class.

Serapiglia is the Assistant Professor of Computing and Information Systems at St. Vincent College in La Trobe, Pennsylvania. As reported in this CBS story, the professor and his students purchased old cell phones from Goodwill and examined them to see what data they could extract.

The answer? Loads.

In fact, Serapiglia called old cell phones a “treasure trove for identity theft.” Using software that’s widely available to anyone, the students scanned the phones they’d purchased in bulk. More than half contained useful information; 47 of the 80 phones had text messages, conversations, personal info and photos.

A damaged iPhone even had evidence of illegal activity.

“It had text messages of drug deals, prostitution and gambling,” Serapiglia said, “It was as plain as day and clear as a bell, even including pictures.”

One of the phones included photos which Serapiglia then used along with Facebook and a Google search to figure out the previous owner’s name, birthday, address, and the man’s wife’s name.

There are plenty of examples of this. For this Wired.com story, the journalist rounded up old phones from people in the office and asked them to wipe them clean. They shipped the phones off to AccessData, a company that does mobile forensics using customized hardware and software. In short, Lee Reiber was able to scrounge up a lot of information. One phone still had the micro SD card in it, and thought the contents had been deleted, the card hadn’t been reformatted so some of the files were recoverable, including email data that positively identified the owner  via his email address.

“And while the documents were benign, if the phone’s owner had stored sensitive information on his phone — think a tax return with a Social Security number, or a .pdf bank statement — we would have had that, too,” according to the story.

One phone had hundreds of phone numbers from a database of contacts, and all the Wi-Fi and cellular access points, allowing someone to piece together where the phone had been turned on.

On the LG Dare, he was able to get text messages, emails, websites visited and more.

“There was enough personal information left behind to positively identify the owner’s first and last name, e-mail address and phone number. So not only was the data recoverable, it was connectable,” according to the story.

There are lots of stories and websites offering detailed advice for how to wipe your phone clean — including resetting the phone to factory settings (and then loading dummy data on it to overwrite any traces of the original data) and removing the SIM and/or SD card. You can find Lifehacker’s story How Do I Securely Erase My Phone Before I Sell It? Here, but the fact remains, the very best security strategy is to not sell it at all. Taking a hammer to it might be the safest tactic.

 


Are you covered for identity theft?
Get Covered

Image: Unsplash