Security software company AVAST managed to pull a wealth of personal data using widely available tools from phones that had supposedly been wiped clean.
AVAST employees purchased 20 used phones on eBay that had undergone a factory reset by the original owner and tried to get as much data out of them as they could, CNET reports. In the process, they uncovered thousands of photos, texts, emails and other personal information.
“We found everything from a filled-out loan form to more than 250 selfies of what appear to be the previous owner’s manhood,” Jude McColgan, president of mobile for AVAST, said in a statement released by the company.
Other finds included more than 40,000 photos, including over 1,000 naked pictures, over 1,000 Google searches, 750 emails and texts and over 250 contacts.
Of the 20 phones examined, only one contained any form of security software, VentureBeat reports. However, AVAST even managed to grab sensitive data from this phone, including access to the previous owner’s Facebook, his previous GPS coordinates and the names and numbers of over a dozen contacts. The researchers also discovered that he had previously completed a sexual harassment course.
Such recovery is possible because a deleted file is not immediately deleted. Instead, the file is marked by the operating system and can eventually be overwritten by new data. Until it is overwritten, the file can still be restored.
AVAST conducted the study to raise awareness of the risks of selling used phones without using proper measures to ensure privacy.
“Selling your used phone is a good way to make a little extra money, but it’s potentially a bad way to protect your privacy,” McColgan said.
Natural, AVAST is hoping consumers will chose to protect their privacy with AVAST’s own software, which allows users to remotely lock or wipe their phone, in addition to providing malware protection.