While most phones, in general, are pretty good at securely removing
your data when you're done with the device. There are still some
measures you need to take to protect yourself before you pass the
handset off, though.
What everyone should do
No matter what type of smartphone you use, there are a few basic things you should check outside of wiping your phone:
*
Remove your sim card: While most of the data that you store is kept on
your internal storage or microSD card, it's still possible for contacts
or call logs to be kept on your sim card. The person you're selling it
to has no need for this, so always be sure to remove it.
*
Remove your microSD card: Similarly, if your phone has a microSD card,
chances are you don't really want or need to give it away. To truly
ensure that the data on your micro SD card is secure, keep it to
yourself.
* Erase and format your SD card: If
you absolutely have to include your microSD card with your phone, then
you'll at least want to erase and format it. You can usually do this via
the Settings app. You can also do it by connecting it to a PC, but if
you format it with the wrong file system for your phone, it might not
recognize the card. Again, though, the best way to secure your data is
to keep your card.
Assuming you've taken care
of all this, the only thing that's left should be your device's internal
storage. iOS and Android have slightly different ways of handling this,
but both are mostly straightforward.
How to securely wipe your phone
For
the rest of this, we're going to talk about how to secure your internal
storage, but first it's worth explaining a bit about how flash memory
works. As you're probably aware with normal platter hard drives, data
isn't really erased when you delete something. The internal flash memory
in your smartphone isn't quite the same. Because it's not a magnetic
storage medium, the methods used to recover data on an old hard drive
won't be the same as tools to pull from your phone. Among other things,
this means that while rewriting data seven times is a standard method
for erasing magnetic media, it won't do much to make your data more
secure.
That being said, for most of the
average user's needs, your phone already has the tools built in to
securely erase your phone's data. If you carry military secrets around
on your unprotected Galaxy S4, well.. for starters, you probably
shouldn't. But if you do, you should probably consult someone with a PhD
in something before you lose your phone in a bar. Everyone else may
continue.
iOS: Use the default erase setting
For
iOS users, your job is pretty simple. The iPhone has built-in options
that securely erase your phone. On old phones, it goes through a long
secure erase process, but on the iPhone 3GS and iOS 3.0, Apple moved to
hardware encryption on its phones. From that point on, all data you
store on the internal storage (which, aside from anything on the sim
card, is everything) is automatically encrypted. Your phone uses a
device-specific key that's never stored anywhere but your handset.
When
supported iOS devices wipe your phone, what's really happening is that
the hardware-specific encryption key is securely wiped. Everything else
on your phone is left an unintelligible mess, even if someone were to
use a fancy forensics lab to physically examine the memory chips which
99% of you will probably never have to deal with.
So
what do you need to do to securely erase your phone? Just head to
Settings > General > Reset > Erase all Content and Settings.
That's
it. On any iPhone including or following the iPhone 3GS (as well as all
iPads and any iPod Touch 3rd generation and later), this will use the
hardware encryption method described above. It will be very fast, yet
still leave your data secure. For any older devices, the process will
actually take a lot longer, as iOS will overwrite all of your data with
random information to prevent it from being read later. Either way,
though, this should be as secure of a wipe as you can get.
Android: Encrypt your phone, then erase
Android
phones are set up a little differently from iPhones (shocker, I know),
and they vary somewhat from manufacturer to manufacturer. However, in
general the default options are mostly secure. We talked with Android
security researcher and Elite Recognized Developer on XDA jcase and he
gave us a few pointers in the right direction.
Unlike
the iPhone, Android encryption is not done on a hardware level. For
starters, this means if you want to have your phone encrypted, you'll
need to enable it manually in Settings. This process will take a while
and, from then on, you'll need to enter a PIN when you first boot your
phone (not to be confused with your lock screen PIN). It can also cause
some slight performance decreases, so keep that in mind. This process
also can't be reversed without wiping your phone, so consider carefully
before you commit.
Now, on Android, you have
two options for wiping your phone: you can either do a factory reset
(located in different places depending on your phone, but should be
under something like "Backup & reset") which will wipe everything
you've ever stored in any user-accessible area of storage. For most
people, this will be enough to ensure that no one will be able to access
data you've ever stored.
How effective a basic
wipe is can depend on how well the manufacturer implemented its factory
wipe. When we spoke to jcase, he said that some manufacturers' methods
can still leave behind recoverable data. Additionally, if you root your
phone and use a custom recovery, wiping via the recovery might not do
everything properly.
While, ideally, you
shouldn't have to overwrite your phone to erase data using a factory
reset, if you're unsure or want to be extra safe, encrypting your phone
(usually found in Settings under "Security") before wiping it can
provide some reassurance. Just be aware that it may be redundant on
certain phones. Still, better safe than sorry.
Of
course, the last line of defense before you sell your phone is to vet
your buyer. If you're using a CDMA device, be sure to deactivate your
phone with your carrier before handing it off. And while you're at it,
make sure you've taken care of your phone and are selling it for as much
as possible.
No comments:
Post a Comment