It's a familiar scenario: apps on a smartphone often grant themselves numerous permissions to access the camera, sensors, the photo gallery or even the address book. In most cases, these permissions are required to enable the respective functions of the app – for instance, a navigation app without access to the phone's GPS function would probably have very poor maps. However, many apps grant themselves more access possibilities than they actually need in order to function properly. To make matters worse, there are other dangers to consider when it comes to discarding smartphones. That's because resourceful hackers can read out any app data and operating system data stored on them unless it has been systematically erased. Read on to learn how to protect against all eventualities.
On iOS and Android, an app asks for permissions after installation or when it's opened for the first time. Even at this stage, you should be selective: a game app probably does not need your location data – other than to delight you with location-based advertisements. And an electronic spirit level will also work perfectly well despite requesting access to your microphone. If in doubt, you're better off uninstalling a particularly 'impudent' app immediately. If you want to keep it, you can also set the type of access that is allowed and forbidden for each individual application later on. This is done in the 'Permission Manager' on Android and in 'Settings > Privacy' on iOS devices.
It's also worth checking how useful the apps you have installed are occasionally – and removing any programs you have never actually used from the device. One particularly handy feature that Android introduced in 2021 is the automatic withdrawal of permissions for any apps that have not been used for several months; this now functions on all operating system versions from Android 6 onwards.
However, there is another problem: the data stored by apps and operating systems is also retained in the memory even if the phone is no longer in use. German households are hoarding some 206 million mobile phones and smartphones that are no longer used – this was the finding of a survey by the industry association Bitkom for the year 2021. Most of these devices are long forgotten and are languishing in corners of drawers and cupboards. The growth in the number of unused old devices over many years is partly due to the inconvenience of having to dispose of them at municipal collection points, such as the recycling centres operated by waste management companies. Many consumers also worry about the photos and files stored on these devices falling into the wrong hands. Thankfully, you can take some very simple precautions to prevent this from happening: before disposing of or selling your obsolete smartphone, you can remove all traces of the data it contains – even on older devices.
If data is deleted on a smartphone, for instance, when you remove an app you no longer require, the operating system uses a little trick: instead of actually overwriting the memory space to be freed up, it merely deletes the relevant entry in the contents directory of the memory – which means the data still physically exists. This 'shortcut' employed by the operating system has proven effective in everyday use: it's far quicker to delete an entry in the contents directory than to overwrite it. Such an approach also conserves the battery in the device.
This only presents a problem if the user wants to permanently delete their data, for example, before selling their mobile phone. Since only the entries in the contents directory have been deleted, a subsequent owner could easily make this data readable without any in-depth technical expertise. Data recovery programs, which are available free of charge in the app stores, can track down and restore the files that still physically exist.
But don't panic – iOS, as well as Android devices, provide ways to circumvent these problems safely. One extremely secure method is to encrypt all device data at the operating system level, which makes it particularly easy to erase the data permanently. Data can also be reliably deleted on older devices that don't support encryption. It takes a little more effort, but you won't need to resort to black magic.
Before you delete your smartphone permanently, you should first check whether it is possible in principle, to encrypt the memory. Although this option has been available on Android devices since version 5.0 Lollipop (2014), it is not activated by default on all devices. On the other hand, Apple has activated encryption automatically on Apple devices since iOS 7 (2013). What's the advantage of encryption? If you reset the phone to factory settings, the secret key that is required to read the data is irretrievably deleted. The encrypted data can no longer be restored. Put simply, this means that an unauthorised third party who attempts to read the memory on the device will retrieve nothing but gobbledygook that cannot be used to reconstruct any information.
What to do if you have an old device
But what about older operating systems that don't support encryption? In these cases, users must use an additional technical trick that involves overwriting the memory with a random sequence of zeros and ones. This takes a long time but is the most reliable way of erasing information on even the oldest devices. The steps required are different for iOS and Android: with Apple devices using iOS 1 to 6, you need to connect the phone to a computer (Mac or PC) and overwrite the data it contains using a program like Dr Fone Data Eraser (iOS) or iShredder iOS 4. On Android (from version 4 onwards), you must first return the device to factory settings. You can then download an app such as CB Eraser or iShredder 6 from the Google Play Store to overwrite the memory. So there's no need to connect older Android models to a computer.
Whether you're dealing with unused data on old smartphones or overly inquisitive apps – follow these tips to outsmart the data thieves and keep your personal data private.