February 2013

Mythbusting Mobile Data Security

Take No Chances – Mythbusting Mobile Data Security

Source: Device Renewal Forum with contributions from eRecyclingCorps and FutureDial

What private information do you keep on your phone? If you’re like most phone users, your phone is at the center of your life, containing personal photos, confidential messages and financial information.

In a recent Harris Interactive study, 76% of respondents said that data security on mobile devices is “priceless” – and rightfully so. Users are often hesitant to turn over their devices to others, knowing that they are handing over their entire digital selves – emails, photos, videos, and contacts. With a slew of phone-hackings in the public eye, from Scarlett Johansson’s personal photos to the News Corp. scandal over stealing pivotal voicemails from crime victims, data theft from mobile devices has become increasingly visible across society.

As we regularly upgrade to the latest and greatest devices, more users are trying to reclaim the value of older models by reselling them through carriers, to friends, or through online broker sites. Many take minimal steps to remove data from their phone by deleting pictures or old text messages; even those who use factory resets usually cannot verify their data has been completely removed from their devices.

Only carrier-grade solutions, powered by direct device trade-ins through major carriers like Sprint, AT&T and Verizon, provide a complete and reliable end-to-end data wiping solution. But as competition increases, other companies look for ways to slash costs and remain competitive. In many cases, this means cutting corners – at the expense of your security.

How data wiping works

For each new model of iPhone, Droid or other mobile device, device manufacturers create new codes that power the phone and make it run. For each model, carrier-grade data wipers write a set of protocols that use these codes to access built-in clearance functions. By design, these functions erase everything modified since the phone was taken out of the box – from passwords and security settings to ringtones and bookmarks. The only original software that remains is a master timer, which tracks how many minutes a device has been used over its lifespan, much like an odometer on a used car.

The Device Renewal Forum (DRF) is a mobile industry group that’s committed to building trust in renewed devices by promoting enforcement of secure processes, strict standards and complete data security. To that end, one DRF member, FutureDial, turned their data wiping protocols into a powerful plug-in application. After plugging the device into a data wiping application, the phone identifies the correct protocol set and wipes itself.

Carrier-grade solutions surpass the hodgepodge of data clearing processes native to disparate devices, ensuring complete data security. However, major misconceptions still surround data wiping. Some users believe that simply deleting their email account is sufficient, while others do not trust carrier-grade solutions to do the job right.

Below are listed common myths around data clearing on mobile devices, along with facts and strategies to ensure users take no chances when it comes to protecting their sensitive personal information.


Myth: There’s no difference between carrier-grade solutions and doing it yourself.

Fact: Wiping devices completely means going deeper than basic handset resets. Carrier-grade solutions are optimized to leave zero room for error with complete data deletion.

Most users are unfamiliar with data clearing processes, and may complete a basic phone-level data clear after cursory research via Google or asking a friend. Moreover, few users can verify each step of data clearing. They just aren’t trained to check all the possible data stowaways to ensure proper deletion.

Carrier-grade solutions rigorously test the processes to make sure they are up to standard, ensuring that every trace of old data has been removed from the phone. Once wiping programs are ready for use, carriers ensure that every single phone is completely wiped. For example, DRF member eRecyclingCorps provides a carrier-grade device trade-in platform for Sprint, Verizon, and other carriers that run the data wiping process at least twice on each device, with verifications each time.


Myth: Anything could happen to my phone post-trade in. Once I hand it over, I have no control over what happens.

Fact: Carrier-grade solutions have developed strict accountability practices for customers and partners to verify the security of their processes.

At the point of sale in stores, devices are manually cleared and immediately sealed into secure envelopes, then shipped to processing facilities. There, automated systems record all information and action taken at each step in the process to create an audit trail. Each phone’s unique audit trail tracks who has seen and touched the device, recording it in the system and enabling accountability at every step.


Myth: Data wiping is still vulnerable to data recovery.

Fact: Consumers’ attempts at data clearing have been exploited – and some have failed outright. One user’s improperly cleared iPhone ended up in China with his Apple ID still logged in. Once the phone was restarted, it was a matter of minutes before the phone synced with the cloud, and all of his personal data was accessible to the new user.

In contrast, no phone wiped using DRF member systems has ever been recovered with resident data. By leveraging phone manufacturers’ proprietary data-wiping processes, data erasure is complete and irreversible. The proprietary processes are similar to vaporizing data – it’s impossible for third parties to piece the original back together.

Fact: Data wiping is too important to ignore.

When done properly, data wiping is a secure, robust process that ensures your information is never at risk. Instead of rolling the dice with unproven processes or doing it yourself, data wiping solutions employed by major carriers are accountable and thorough, wiping data completely and permanently.

When your entire life’s data is at stake, it’s just not worth taking chances.