Your iPhone or Android device might be a goldmine of exploitable personal data
Every couple of years, consumers get an itch that can be scratched only by the latest and greatest technology. Manufacturers are happy to oblige, pumping out a parade of gadgets, each one better and faster than the last.
What happens to the smartphones of yesteryear? Many go back on the market. In 2016, for example, Deloitte predicted that 10% of higher-end phones would go on to have as many as three owners over their lifespans, contributing to a resale market worth $17 billion.
What can also be passed on in those transactions, however, is access to personal data, or even the data itself. How do we upgrade to the next best thing without suffering the setback of losing valuable information?
“We have to make sure that we are disposing of everything properly,” says Daniel Juan Toral (Bachelor of Technology Management ’16). Simply hitting reset won’t do.
Here, the NAIT network security analyst explains how not to get stuck on the losing end of a deal.
Back up everything
Our mobile devices are like jumbled archives of our lives, loaded with everything from personal photos to contacts to work files. Does it go without saying that we should make copies before we erase all of that? Given sentimental and practical value of the information, probably not.
“It’s best to use a physical device and then secondary cloud storage,” says Toral. An external hard drive will do, especially for photos. Sensitive documents can be encrypted on your PC or Mac before being stored online.
Log out of everything
Your device has to make a clean break with the internet, and with the Internet of Things. “If you are going to sell it, make sure that all your different accounts and devices don’t pair with this device anymore,” says Toral. “There is no easy way to do this.”
You’ll have to disconnect from each, he says, one by one.
In some cases, you just need to log out of an account. In other cases, you need need to dig into settings. Manually unpair Bluetooth, for example, from the smart devices it has connected your phone to.
Don’t forget to delete your browsing history, says Toral, and any saved passwords, which can also be managed in the device settings.
Doing nothing more than returning a machine to its factory settings before selling it, Toral warns, “[may] not really wipe the memory.”
Many experts say it’s not possible to completely remove data from a device. To at least render it unusable by others, start by encrypting it. On an Android device, this function can be found in the settings, and will only require your lock screen PIN. On an iPhone, turning on Passcode encrypts your data. Find this feature in settings as well, under Touch ID and Passcode.
Destroy those coded files.
Then destroy those coded files. There are numerous programs to do this on both Android and iPhone. Whatever software option you choose, says Toral, “They are usually pretty straightforward, but make sure that you are using them the right way.” Follow the instructions carefully.
As for any bits and pieces that might be left over, encryption has turned them into gibberish.
Stash it or shred it
It’s always best to simply keep control over your data, rather than risk losing it in a sale. “Don’t give it away,” says Toral.
File away an old phone in a safe place or, if you really don’t want to keep it, destroy it. Don’t attempt to do so on your own, says Toral. “If you have important information on it, hire professionals.” Good shredding companies will issue certificates of destruction once they’ve rendered data storage units suitable for a trip to the dump.
Decommissioning an old phone will mean paying more out of pocket for a new one, but Toral worries that the price of sensitive information falling into the wrong hands could ultimately prove more costly.
“There are not too many people with the expertise to recover information [from your device], but you never know,” he says. “So you take the risk, or you don’t.”