How to protect your data on mobile devices – part two

14 October 2020 by Tilly Holland


In the first part of this article, we highlighted how much information we store on our smartphones and the dangers of unrestricted access. We also mentioned that the only way to protect our sensitive information when we recycle a smartphone is to securely erase the data before we give it away. 

In this second blog, we talk about how you can protect your data and detail what methods you can use to erase your data securely.

Where do smartphones store data? 

There are different types of memory in mobile devices that retain our data. The three main types are:

· the memory of the SIM card (Subscriber Identity Module)

· the external memory namely removable 

· the internal memory namely incorporated (embedded) in the electronics of the device.

 How to erase data on a smartphone? 

 SIM card

The memory provided by the SIM card is the smallest. In most cases the SIM card memory stores:

· basic elements of the phone book (such as names and phone numbers)

· SMS text messages

· call lists

The best way to deal with the data on your SIM card before you recycle your phone is to remove it. While most of your data is kept on your internal or external memory, it's still possible for contacts or call logs to be kept on your SIM card. It is, therefore, essential that you always remove it before recycling your old smartphone. 

Internal memory

The internal memory of a smartphone is a flash memory chip embedded in the device that is not removable. One solution to remove the data is by using the default function provided by the device. The function will vary dependent on the make and model of your phone. 

iOS devices - Use the default erase settings - Settings > General > Reset > Erase all Content and Settings.

If you own an iOS device, deleting your smartphone's internal data is pretty simple. The latest iPhone's have built-in options that securely erase the data on your phone. Everything your store on your iPhone (apart from the SIM card) is automatically encrypted using a device-specific key that is only stored on your phone. When you choose to erase the data on the phone, the hardware-specific encryption key is wiped, leaving all the data on the phone unintelligible. 

Android devices - Factory Reset (found in Backup & Reset depending on phone model)

Unlike the iOS devices, the Android encryption is not done on a hardware level. If you want to encrypt your phone, you have to do it manually via Settings. Enabling this hardware encryption will mean you have to enter a PIN when you first turn your phone on - this is separate to the lock screen PIN though. Once the encryption has been enabled, it cannot be reversed without wiping your phone, so make sure you're 100% sure you want to do it. 

When it comes to deleting data on your Android, you need to complete a Factory Reset, this will wipe everything you've ever stored on your phone and should be enough to ensure no one can access the data when you go to sell/recycle. 

Note - from our experience as a data recovery expert, the manufacturer standard basic wipe is not always 100% effective. If you want to be completely sure that all data has been erased, it's best to use a certified data erasure software.

The use of data erasure software, which performs a  complete overwrite (wiping) of the device is a much more effective way of deleting data from internal memory. However, data erasure software is not always a suitable option for organisations due to the lack of verifiable reporting options. With no erasure verification options, companies are unable to demonstrate their compliance with rules surrounding personal data protection, national laws on privacy, or internal audits. 

 In these scenarios, there is a need for advanced solutions to securely erasure company data. If a company needs to verify its erasures and erasure procedures, it is advisable to either use a specialised software solution or a third-party provider. 

External memory

The external memory is much bigger than both the SIM card and internal memory. External memory stores a large part of our data, especially if we have configured this memory space by default for saving photos, email, video and other content.

Some smartphones and tablets are equipped with a slot to add external memory, generally MicroSD's, so you can remove the card before disposing of your phone or tablet. Unless there is a non-standard file system in use, the microSD will be readable without any problems in the new device. Normally, microSDs are formatted by the terminals in FAT32, and this ensures good compatibility between different devices.

If you plan on using your old memory card in your new device, you don't need to worry about erasing it, but instead, you should remember to remove it from the tablet or smartphone before handing it to the new buyer or trading it in.

In the next and last part of this article series, we will be discussing the main data security issues you should watch out for when disposing of or selling your mobile device. 

Do you want to know more about how to protect your data throughout its lifecycle? Our latest report delves into the six stages of the data lifecycle and why it's so important to ensure you have an up-to-date strategy that protects data at each stage.