“This guy was really into anime porn,” says Caroline James, PR manager for Avast, pointing to a spread of papers with pictures of data taken from 20 smartphones purchased on eBay.
Security software firm Avast bought the phones as a test to see what they could find on theoretically “wiped” phones. What they found was a virtual goldmine of information: 40,000 photos — including nudie pics — 750 emails and texts, 250 names and addresses, one completed loan application, and a whole lot more. Only one of the phones had security software loaded on it, but that phone gave up some of the most sensitive information.
Hackers at Avast were able to identify the previous owner, access his Facebook page, plot his previous whereabouts through GPS coordinates, and find the names and numbers of more than a dozen of his closest contacts. What’s more, the company discovered a lot about this guy’s penchant for kink and a completed copy of a Sexual Harassment course — hopefully a preventative measure.
That’s some serious intel from a phone you thought you’d wiped clean.
The stunt is a part of an awareness campaign by Avast to make people, specifically Americans, realize just how insecure their mobile phones are — and to sell their mobile software for Android.
Only 14 percent of Americans installed anti-virus software on their phone, according to a recent Consumer Reports study. And only 8 percent use software that could erase their phone remotely. As Avast points out, factory resets aren’t as thorough as we think they are.
That’s because when you delete a file, it’s not really deleted. Rather the operating system deletes pointers that correspond to the file and marks the space that the file occupies as available so that it can eventually be overwritten. But until it’s overwritten, the file can still be restored. This is true for your cellphone and PC.
(See VentureBeat’s earlier coverage of this issue: “5 alarming things that can be undeleted from your phone.”)
“Selling your used phone is a good way to make a little extra money, but it’s a bad way to protect your privacy,” said Jude McColgan, the president of mobile at Avast. The company boasts that its mobile software doesn’t just erase pointers, it overwrites the file making it irretrievable.
Avast is not the only company trying to sell mobile security software. Major U.S. security brands like McAfee and Symantec have apps on the market — although they cost money. The security packages range in price, with most costing about $29.99 for the year, while Avast’s software is free and pretty extensive at that.
Beyond locking and remotely wiping your phone as needed, the company offers a variety of other tools to keep your Android phone safe from malware. And with a price tag of free it should be an easy sell to consumers. But clearly it’s not, because, as indicated earlier, few people in the U.S. use security software on their phones.
PCs for businesses and homes often come preloaded with antivirus software, so consumers may not be trained to think about security software — or its importance. Also, security software generally tends to eat up battery life.
But considering that Avast’s experiment wasn’t exactly advanced hacking, it may be time to consider securing your phone.