July 16, 2011, 8:47 AM — Your old cell phone data can reemerge from the past to haunt you. Whether it's because sellers are lazy or naive, cast-off phones still contain troves of information about their former users. And as phones get smarter, they're ever more likely to hold bank account passwords, personal email, or private photographs that anyone with the right kind of motivation could exploit.
PCWorld's previous investigations have shown that people don't properly erase the data on their old computer hard drives before they dispose of their laptops and desktops, even when the data includes their own sensitive information and that of others. And consumers seem to be just as uninformed when it comes to eliminating the data on their old phones.
To see just how critical the problem is, we bought 13 Internet-capable phones from various sellers on eBay, small businesses, and flea-market stands in the San Francisco Bay Area. We found that 5 of the 13 phones still had information on them.
The first incompletely wiped phone we purchased from a reseller had call-duration data still on it--proving that some of your information, however anonymous, will remain on the phone even if you perform a proper factory reset. Another phone we bought from a company that claimed to specialize in cell phone recycling arrived with contact information, voicemail, and text messages on it. Two phones purchased from flea markets in Oakland, California, had considerable amounts of email, text messages, contact information, and photos on them; and one phone we bought from an individual still had email and contact information on it.
Wipe Your Phone and Check It Twice
Smartphones usually have at least two stores of memory: a SIM card, and the phone's internal memory. Many phones also have additional data stored on removable SD Card media. The SIM and SD cards had been removed from all the phones we purchased. But people seem to forget (or not know) about wiping the phone's internal memory. That's where we found data on the five phones that still contained some. Removing the SIM card stops the phone from communicating with the network, but doesn't erase the email and contact lists already on the phone.