Over the years, I’ve tested so many smartphones running Google Inc.’s Android operating system that I can’t recall them all. But it’s possible they all remember me.
I test smartphones by loading them with my e-mails, photos, music — the same stuff I’d put on my personal phone. It’s more realistic that way. And since I always run “factory data reset” to wipe the phones before returning them, I figured there was no harm done.
I should have known better. Eleven years ago, former Globe writer and computer scientist Simson Garfinkel discovered thousands of sensitive files on the hard drives of used personal computers he had purchased on eBay. Now, the Czech data security company Avast Software has run the same experiment with used Androids, and gotten equally scary results.
From 20 old Android phones, Avast recovered 40,000 “deleted” photographs, 750 e-mails and text messages, one completed loan application crammed with sensitive financial data, and the names of four previous phone owners. So a few of my secrets may still lurk inside that Samsung Galaxy S5 I reviewed and returned earlier this year. No peeking, you guys.
“Deleting” digital information just tells the operating system that a particular chunk of storage can now be used for new data. If that piece of hard drive or flash memory isn’t overwritten by fresh material, the old stuff remains.
The surest solution sells for $20 at the Home Depot. A few whacks with a sledgehammer, and your old phone or hard drive will develop permanent amnesia. But forget about reselling them, or passing them down to your kids.
For that you need a gentler approach — software that writes multiple layers of random data over the old files. Avast’s got a free Android antitheft app that promises to do this, and contains lots of other useful security features, like a lost phone locator and the ability to lock the phone remotely.
Of course, Android could just include a built-in “secure wipe” program. Good old BlackBerry phones have had this for years. But Google offers another alternative. Newer Android software includes a command that encrypts every bit of data on the phone, so it can only be read by typing in a password. If you do a factory data reset on an encrypted Android, it doesn’t matter if any of your data is undeleted; it’s all gibberish.
Remember, Android encryption is irreversible. If you do it, and forget the password, you’ve got big problems. If that worries you, just encrypt the phone right before you resell it or give it away. Then run the standard factory reset and relax.
Avast did not troll for old data on used Apple Inc.’s iPhones, because the company’s iOS mobile operating system encrypts everything by default. A spokesman for Google told me that a similar feature will be built into “Android L,” a new version of the software due out later this year.
Meanwhile, old computers also need a good scrubbing. If you’re planning to discard an ancient machine running Microsoft Corp.’s Windows XP, just pull the hard drive and smash it. But if you plan to pass the computer to others, you should proceed in stages. First, make sure you’ve made backups of all your files. Next, get the machine’s recovery disk, containing the Windows or Mac operating system that it came with. This you must reinstall after you’ve done a total wipe of the hard drive.
For years, I’ve used a free program called Darik’s Boot and Nuke or DBAN. You download it from the Internet and burn it onto a CD, then use this CD to boot up the computer. On most machines you hit the F12 key at start-up to boot from the CD.
DBAN is easy to use, but it takes all day for it to totally wipe a hard drive, so fire it up before you leave for work. It leaves your computer spotless but useless, until you install a new version of Windows.
I’m no fan of Windows 8, but its “reset” feature makes this process almost painless. You don’t need DBAN. Instead, Windows itself will securely wipe the entire drive, then reinstall the operating system from the recovery disk. It just takes a couple of mouse clicks. Windows is just playing catch-up here; Apple’s Mac OS X has included a secure wipe feature for quite awhile.
Did I stash any sensitive files on those long-gone Androids? Beats me; like all humans, I’ve got a rather spotty memory. But computers hardly ever forget — unless you force them to.Hiawatha Bray can be reached at firstname.lastname@example.org. Follow him on Twitter @GlobeTechLab.