Do you have any inactive smartphones or cellphones in your house? Chances are you do; and as there are some vendors that still offer credit towards a brand new smartphone or turning your old tech into a tax deduction, donating or recycling an older model phone is the smart, responsible, and environmentally friendly thing to do. Upgrading our conveniences though, can sometimes have us suspend our common sense and put ourselves in precarious situations where our private data is at risk.
The smartphone has dramatically changed from the early days of the Personal Digital Assistant. (Remember those?) My first computer would be considered ancient compared to the power that now fits in the palm of my hand; and like any technology, upgrades promise better communication, better connectivity, and faster response time with apps. These upgrades pose new challenges and new responsibilities, and these responsibilities begin with your previous cell phone.
The security company AVAST purchased second-hand mobile phones from sellers across the United States and discovered these devices still carried sensitive data on them. “The amount of personal data we retrieved from the phones was astounding. We found everything from a filled-out loan form to more than 250 selfies of what appear to be the previous owner’s manhood,” said Jude McColgan, President of Mobile at AVAST.
When you are ready to upgrade your smartphone, you should always check to see if you have completely:
- Logged out of e-commerce apps?
- Logged out of apps for paying bills?
- Logged out of your banking apps?
- Logged out of your dining out apps?
- Disabled any “Save password” options?
That last item on this checklist is important as apps can retain your login data if permission is granted.
The windfall for identity thieves if they get hold of these phones, though, resides in your collection of contacts, usually found inside the phone or stored on the phone’s removable Subscriber Identity Module or SIM card. Any photos salvaged from SIM cards also provide a bonus for identity thieves as the contacts now have faces to go with the names. A great deal of damage can be dealt with a legitimate cell phone number. Add to that potential images and names, the damage increases.
Here is another checklist for you to follow when you are upgrading smartphones and mobile devices:
- When activating a new phone or mobile device, backup your data from your previous device and then transfer the old data to your new one.
- Once the previous device’s data is backed up and/or transferred, find the “Settings” feature of your phone (usually this is where you customize your phone with ringtones, personal messages, wallpapers, and the like) and look for any option labeled “Restore to Factory Settings,” “Reset,” or simply “Erase.” (It may be different from model to model. Consult your phone’s user guide, the phone manufacturer’s website, or your cellular provider’s site for details.)
- Confirm you have erased your data. Power up your phone and go through it. If you cannot find your applications, your login credentials, or any PII present, you have successfully removed your data.
- Consult your device’s manufacturer for any additional steps you can take in wiping the device’s memory. As AVAST reports, some “Factory Settings” resets are not thorough enough. Take a few extra steps to see that you have done everything to clear the device’s memory.
- If applicable, remove the phone’s SIM card. If you are no longer using that SIM card, destroy it. Do not simply throw it away but destroy it, preferably by shredding or cutting it to pieces.
Any investment in technology means eventually there will be a need and desire to upgrade to something better, something more powerful. To be green we should recycle, but an older smartphone is not equivalent to an empty milk jug or soda can. Sensitive data is merely a USB connection away so make certain to remove PII before releasing that device into the wild. Security should always be your first consideration.