Many mobile device users rely on simply deleting the private information on the storage card of the phone before selling it, in order to ensure that sensitive details are not passed to the new owner. However, items are stored persistently, and unless they are corrupted through overwrite action, they can be recovered.
Avast carried out an experiment with 20 Android phones purchased through eBay, and then tried to find out how much of the deleted information could be retrieved.
The results showed that a numerous amount of items belonging to the previous owners could be recovered by using a mainstream utility.
According to their report, they managed to bring back more than 40,000 photos, and learned about over 1,000 Google searches, more than 750 email and text messages and over 250 contact names and email addresses.
By putting together these bits and pieces, cybercriminals can learn important details about the potential victim and start targeted phishing campaigns with a high rate of success, which could bring them a pretty income.
Blackmailing activities can also be deployed by the criminals, as Avast says that more than 750 of the images retrieved were with women in various stages of nakedness.
Among their findings were the identities of four previous owners, which can also be leveraged to conduct nefarious activities against them.