Secure Disposal of Your Smartphone or Tablet
Why is this important to me?
Our app, Signils is primarily concerned with Wireless technologies like Bluetooth and in the future possibly Wi-Fi. We deal mostly with trying to help people better manage and interact with their Bluetooth devices. The most typical devices we see include Bluetooth Headsets, Earbuds, Microphones, Keyboards, Mice, Phones, Desktops/Laptops and others that are not as popular like Bluetooth controlled lightbulbs, candles, and speakers.
Bluetooth allows for the transfer of data and files between computing devices. So, we thought it would be prudent to help inform our users and readers about the potential dangers associated with device disposals and how to avoid them. We feel an obligation to help educate users about how their data could remain on old devices even if they believe it’s been deleted.
What Kind of Data?
Most of us don’t give a second thought to the sheer volume of personal and private information that gets stored to or on our smartphones or tablets. It is very common for us to have multiple email accounts – personal and/or business accessible via our devices. This could be important because there may be personally revealing or confidential information that we wouldn’t want to be publicly known or used.
This could include information emailed to or received from an accountant, financial advisor, customer service of a vendor, a spouse/significant other, travel agent, business partner, or friend. The concern here is that if you don’t securely reset or dispose of your computing device, the next person that either finds your discarded device or buys it might be able to see and access this data. Depending on the contents of your emails, it could damage you personally or cause harm to your personal contacts or business relationships. Think this is far fetched? Not only is there a risk from your device disposal, thieves these days are brazen enough to walk into a cell phone store, pretend to be you, and walk out with a new mobile phone that has your number and email accounts. It happened to Lorrie Cranor, the Chief Technologist of the FTC. The thief can then use these ill-gained resources to impersonate you and steal your money.
Less common on an iPhone and more likely to be found on an Android phone or tablet might be sensitive documents – Spreadsheets, Wordprocessor files, receipts, tax returns, or any other documents you might not want a stranger to see or use. These types of files could be used to compromise your identity or privacy. The impact of which can cause long-standing damage to your personal finances. Identity theft is difficult to recover from and can have lasting effects on both someone’s social standing and how they feel about themselves.
SOCIAL MEDIA ACCOUNTS
Most people have access to at least one or more social media accounts. Many people have way more than that. Extremely popular social media sites include Tik Tok, Facebook, LinkedIn, Quora, Snapchat, Whatsapp, Pinterest, Instagram, and more! In fact, the list continues to grow and evolve. If we don’t take precautions when we dispose of our device, a stranger could gain access to these social media accounts. At that point, there’s nothing stopping the usurper from pretending to be you and potentially causing extensive damage to your online life and reputation. The damage could be severe enough to terminate friendships and other relationships.
BANKING AND CREDIT CARD APPS
What could possibly be worse than handing over the keys to the kingdom to a stranger. Email or documents are bad enough but it would be disastrous to provide a stranger with malicious intent access to our bank account. Naturally providing access via our discard devices isn’t the only way thieves could gain access to our funds and wire transfer our money away. Sara Morrison, a Vox writer, documents her issues and quest to get her stolen money back in this article, “Hackers stole $13,103.91 from me. Learn from my mistakes“. In the article, she talks about practical ways you can protect yourself online including using a Password Manager like Keeper and using a Two or Multi Factor Authentication (2FA or MFA) hardware key like Yubico.
In a similar way, these apps are just as dangerous as handing over access to your bank accounts. Be wary of logged in accounts that include Google (Google Play Store, Gmail), Venmo, Paypal, etc. These accounts usually include connections to bank accounts and/or credit cards, and could result in the theft of large sums of money.
What Happens to My Data?
Technically speaking, data isn’t really “erased”. The common misconception is that when someone deletes a file from a computing device or empties their “trash bin”, there is no way to see that data again or recover that data. That is simply not true. Sensitive data and deleted files are not really erased. This ultimately means that the deleted data could be recovered by interested parties.
Most file systems only remove the link(s) or pointers to where data resides in storage. They don’t truly destroy the data that resides on, for example, hard drive sectors or in memory.
The most secure way of disposing of devices depends on the device and what your plans are. But even overwriting parts of the disk with something else or formatting it may not guarantee that the sensitive data is completely unrecoverable. Special software is available that overwrites data, and modern (post-2001) ATA drives include a secure erase command in firmware. However, high-security applications and high-security enterprises can sometimes require that a disk drive be physically destroyed to ensure data is not recoverable, as microscopic changes in head alignment and other effects can mean even such measures are not guaranteed.
What Should I Do?
There are multiple steps that should be taken before your discard or sell that old device.
First regardless of your intentions of “resetting to factory settings”, do your best to manually remove all unwanted apps. If you don’t have time to remove them all, at least delete the ones that present the most risk: email, calendar, bank, credit card, payments, investments, etc. You know yourself and your devices best. Take the time to really look at and think about the apps on your device and what someone could do if the got unauthorized access to that app.
Next, you need to make an attempt to log out of accounts that you may be logged into and maintain the ability for someone to access. That could mean email accounts like Gmail or other providers that you logged into using the browser instead of an integration that Android provides. In some cases, some web applications aren’t designed to automatically log you, the user, out. They may allow you to remain logged into the application indefinitely. If you’re not deleting your browsing history, or used secured browsing, you could open yourself up once someone looks and sees the sites you’ve been visiting.
Third, delete all of your personal accounts (emails, calendars) and data (documents, spreadsheets, pictures, contacts, and texts) from the device. These are also good housekeeping practices. Try to store your data not on your local SIM card on the phone but instead on an SD card. That way, it’s much easier to remove most of that data simply by removing the SD card. That being said, clean up the phone’s memory and delete all unwanted information directly from the device.
Lastly, follow Newtech Recycling’s advice on how to securely dispose of devices. Since you’re disposing of a mobile device and not a computer with a hard drive, make sure you go ahead and “reset to factory settings” and wipe the phone. If your device is really old, severely damaged, or you have plans to simply recycle or trash the device – drill multiple holes through it rendering it completely useless. If it is a computer or laptop, remove the hard drive or SSD and destroy it. You can use the technique described here to drill holes through the disk platters or use a hammer to smash the drive.
As Newtech’s article mentions, the most securely disposed of device is one that’s completely destroyed to an unusable state. Shredding the entire device is, of course, the ultimate protection against identity theft or fraud.
Be wary of discarding your used and old devices. In order to protect your personal finances and/or reputation, take reasonable steps to protect yourself online. It really does not take that much time to institute the simple precautions and actions we describe in this article. You may think that you are not at risk but the reality is – we are all at risk. Cyber crime is certainly up and 2021 will be no exception.