Modern mobile phones do so much more than just take and receive calls. We use them for nearly every aspect of our lives from taking personal photos of memorable moments, online banking, to viewing and working with company data. It has become increasingly true that obtaining information from your mobile phone is both more desirable and potentially easier for cyber criminals than it is to attack your personal computer. We simply do not treat these devices the same way.
When selling, disposing, or trading in your mobile device, remember to wipe the device through a factory reset. This protects your personal and company related data (with some requirements described below).
Mobile phone storage
Modern mobile phones generally have up to two locations for local storage which are the built in solid state memory and/or a micro secure digital card (SD Card). While Apple mobile devices do not support user added storage such as the SD Card, a fair number of Android phones do. Android phones allow the user to choose what is stored on the SD Card instead of the internal storage. When disposing or selling your device, remember to remove your SD Card.
Encryption – Why does it matter?
In short, it’s what makes a factory reset viable.
APPLE IOS
Devices since the 3GS automatically encrypt their local storage using hardware based encryption via a device specific encryption key. When performing a factory reset, the device simply wipes the key, leaving behind encrypted gibberish. Without the key, this data is unrecoverable. As a result, simply factory resetting your Apple device is enough. You can find instructions for performing this action here.
GOOGLE ANDROID
Most Android devices do not enable encryption automatically. You must enable encryption manually through the device’s settings. To support encryption your device must be running a version of Android that is over V3.0. This is important because simply resetting your device to factory default leaves the data behind for possible recovery. Encrypting the data first alleviates this problem. If your device supports an SD Card, it should also support encrypting it.
Enabling encryption on an Android device will force the user to choose a PIN or Passphrase instead of the other available lock screen methods. You will also need to enter this each time you reboot the device.
Due to the variety of possible OEM alterations to the look and feel of Android, please refer to your device’s manual for exact steps on how to enable encryption and for performing a factory reset.
Pro tips
- The best time to encrypt your phone is when the sales associate puts it in your hand. The second best time is right now. If your device is already encrypted, nod knowingly.
- Once encryption is enabled, if you forget your PIN or Passphrase for unlocking your phone, the only option available to you is a factory reset.
- The longer the PIN or Phrase is, the more secure it is. Your fingers leave oils on the screen that could make it trivial to guess a four digit PIN, as the smudges are easily visible (vastly reducing the number of possible combinations).
- Some devices will automatically wipe your device after a determined number of incorrect login attempts.
- In the case of encrypted SD Cards, you will want to copy the data off before resetting the phone as the phone contains the keys and the methods for decrypting the data. Please refer to your device’s manual for methods of accessing the data stored on the SD Card.
Credits and Additional Resources
Understanding Erase All Content and Settings
http://support.apple.com/kb/ht2110
General HOWTO for Android Encryption
http://www.techrepublic.com/article/encrypt-your-android-smartphone-for-paranoid-level-security/
General HOWTO for Android Factory Reset