If you think that using the factory reset function on your smartphone will clear your data, you're in for a pleasant surprise! Czech-based security company Avast purchased several phones via eBay to evaluate if they can extract data from it, especially the ones that had a factory reset done by the previous owner.
The factory reset is supposed to be a one-touch feature which should secure erase all the data, settings and other user-related details from the photo and return it to a 'rolled out of the factory' state. But the experiment by Avast proved that this is not entirely true.
The company conducted this experiment by purchasing 20 smartphones from eBay. The experts at Avast were able to extract data from these smartphones, though the company didn't disclose if that was the case with all the smartphones. The experts were able to extract 40,000 photos, out of which 1,500 of those were family photos and others included selfies with their manhood.Other data included emails, text messages, Google search history and even browser history. Avast also added that the factory reset feature does not wipe out the data from the phone. Rather, it only erases the index information.
According to what was found, the data can be easily extracted even after using the factory reset option using forensic tools that can be easily purchased online. The only way you can ensure that these private and even embarrassing data are properly erased is by over-writing the phone with new data.
Avast specifically pointed out Android smartphones, to which Google went on a defensive. The search giant said that this experiment did not reflect the security protections in Android operating systems that are used by majority of the users. Google also recommended enabling encryption on Android-powered smartphones before hitting the factory reset to make sure these files cannot be accessed. Unlike Apple phones since iPhone 3GS, encryption on Android phones are not enabled by default. Other security experts said that destroying the phone is the best course of action if the user doesn't want any data to be recovered.