Our mobile phones are more than just gadgets. They’re our constant companions, things that keep us in touch with the world and sometimes our safety valves. For most of us, mobile phones also offer a peek into our personal lives. There’s a lot of data on our phones that’s worth a lifetime. Personal emails, important contacts, private text messages and personal photos – all of these are extremely valuable data that no one would want to let fall into the wrong hands. So before selling off your Android phone or exchanging it for a newer one, do you make sure you’ve deleted everything on it?
If you’re thinking yes, how did you do it? Transferred all data and then deleted everything? That’s not enough! Formatted the phone’s memory card? Not enough! Factory reset? Well, still not enough!
Why completely wiping your Android phone is necessary
While you might be under the impression that performing a factory reset is the ultimate step to erase Android, it is in fact, not such a success. What actually happens when you apply a factory reset to your Android phone is that all the data on the phone is “marked” as deleted. That in technical terms means that the memory addresses of all data bytes are deleted so the phone no longer knows what is stored where. That’s why you cannot see any of your data at a glance.
The truth however is that everything, the messages, photos and emails are very much present on the phone and all a malicious stranger needs is a data recovery tool to get a hold of your precious data. The data can be recovered until it is not overwritten with new data. This is a fundamental design flaw with Android phones that was meant to avoid the wear of Flash Memory due to excessive writes and also to keep up the speed of the phone (permanently deleting content takes more time). This flaw however is oblivious to most people using these devices who can easily fall prey to things like identity theft or personal data leaks.
If you don’t believe us, read about the extensive research carried out by anti-virus software vendor Avast. They apparently successfully recovered more than 40,000 photos and many emails and contacts from used Android phones put up for sale on eBay. Such data is enough to strike a major blow at previous users’ privacy. So if you want to be absolutely sure that you’ve wiped your Android phone clean of every single bit of data on it, the subsequent sections describe the steps to do it.
Protecting your data before getting rid of your Android phone
If you’re thinking that you probably need a lot of technical knowledge to protect your data before moving on to a new phone, well you can relax. All it needs is 5 simple steps.
Step 1: Backup your phone
You can backup your phone using Android’s in-built Backup and Restore feature. However this feature does not work with SMS, MMS and Contacts. So it would be better to make your own complete backup using a third-party tool.
Step 2: Encrypt the data on your phone
Encryption works! Yes, this relatively old concept of protecting sensitive data can actually wrap a tight layer of security on your data. On encrypting your phone, you’ll need to punch in a password every time you wish to use it. All data on your phone will them be scrambled to make incomprehensible. The password will be used as a key to decrypt the data every time you turn the phone on. So anyone who doesn’t have the password or key won’t be able to get their hands on your data. To do this:
- Go to Settings -> Security -> Encrypt Phone / Encrypt Device -> Encrypt Now / Set screen lock type
This process can take up to an hour so charge your battery enough to last throughout the process. Interruption could lead to data loss.
Step 3: Factory Reset
Once you’ve encrypted the phone, factory reset it. This will delete (mark as delete) all the data on the phone and you won’t be able to directly access it. To do this:
- Go to Settings -> Backup & Reset -> Factory data reset -> Reset phone
This should take a maximum of 5 minutes.
Step 4: Fill the phone with dummy data
Although the first 3 steps are enough to let you move on to a new device in peace, steps 4 and 5 are just fail-safes. To be 110% sure, load dummy or fake data on the phone after step 3. Random wallpaper pictures or songs or a few large videos should be enough to fill up the entire space on the phone.
Step 5: Factory Reset again
Finally, repeat step 3. This way you can make absolutely sure that no tool can locate your original data since it will be overwritten with the dummy data that also has been marked fir for overwriting.
Note: If you’re also selling off your SD card, make sure you follow the same process on it too. Selling the SD card might however be unnecessary. Its storage that can be used elsewhere too.
So for guaranteed peace of mind, follow these steps before you sell off your Android phone. Don’t let your personal data be subjected to the threat of going public.