Australian authorities are warning that up to 500 million Android smartphone users worldwide could have their personal data stolen, despite thinking they’ve deleted it using the factory reset.
Stay Smart Online says the flaw leaves people who trade in, sell or give away their old phones vulnerable to identity theft.
Factory reset is meant to wipe all data on the phone, however security researchers recently found they could recover details on supposedly wiped Android smartphones. They found details that allowed them to log in, sync user contacts, and read other data left on the devices by the previous owners.
The list of models affected is not yet finalised, but Android versions between 2.3 (Gingerbread) and 4.3 (Jelly Bean) were found to allow access to data after the device was supposedly wiped. It’s not yet known whether the latest versions of Android are affected.
Stay Smart Online says users should use encryption for additional security. Newer Android phones (4+ KitKat and Lollipop) have the option to perform hard drive encryption when first setting up the phone. Authorities say that if your data is highly sensitive, then old phones should be destroyed, including the hard drive, rather than being passed on.