A study published last week by Avast (AVST) suggests the vulnerability of Android smartphones goes beyond malware. As it turns out, wiping the devices fails to remove sensitive data.
Avast is in the business of selling security software, so anything the company says about smartphone security should be taken with a grain of salt. Still, the evidence that Avast offered is shocking and should serve as a wake-up call, especially to those who are selling their Android smartphone in preparation for buying the next must-have mobile device.
What They Found
Avast purchased 20 used smartphones that sellers assumed had been wiped of personal data because they used Android’s “Factory Reset” option. This is what was found:
- 40,000+ photos (including 750+ photos of women “in various stages of undress” and more than 250 male nude selfies)
- More than 1,000 Google (GOOG) searches
- 750+ e-mails
- 250+ contacts
- The personal identity of four of the previous device owners
- One completed loan application
While this sample might not be representative of what data you have on your mobile phone, it serves as a stark reminder that selling your smartphone comes with risks. And this may be just the tip of the iceberg when it comes to smartphone security issues.
By the way, this particular problem isn’t present on iPhones. Apple (AAPL) encrypts all user data in iOS automatically with a strong 256-bit algorithm and when a user chooses to “Erase all Contents and Settings” the encryption key is removed, rendering the data inaccessible. If you’re handing down or selling an old smartphone to get a new one, an iPhone doesn’t have the same smartphone security issues as an Android device does, at least when it comes to someone grabbing your data.
Smartphone Malware Is Serious, Android Is Most Vulnerable
Kapersky Lab, a well-regarded security company, published a study in 2013 showing that 99% of all mobile threats target Android devices. The company also noted an explosion in smartphone malware, going from 8 new threats per month in 2011 to an average of 6,300 per month in 2012. That trend is continuing, and many smartphone owners are wearing a cyber crime bulls-eye.
Why is Android so vulnerable when it comes to smartphone security? There are multiple factors. Apple only allows app downloading through its own, curated App Store and the majority of iPhones are running the latest version of iOS while Android devices are often running older (and possibly more vulnerable) operating systems.
And then there’s the size of the target.
Why bother chasing iPhone users or the few people using Microsoft’s (MSFT) Windows Phone when more than 80% of the smartphones being used are running Android?
Of course, we’ve seen this situation before…