Android smartphone users who wipe their devices before selling them on internet auction sites could still be leaving behind reams of confidential data for the new owners to uncover.
That's the warning from anti-virus software company Avast, which claims much of the data users think they have irretrievably wiped from their devices can be easily recovered.
The company purchased 20 used Android phones from eBay and using what it describes as "simple and easily available" recovery software managed to restore a sizeable number of deleted files on them.
These included the identities of four previous smartphone owners, one completed loan application, over 750 text messages and emails, and details of more than 1,000 Google searches.
The trawl also uncovered thousands of stored photos, including 1,500 of children, 750 of women in various states of undress, and more than 250 pictures of the previous owner's manhood.
In a blog post, announcing the results, Jude McColgan, president of mobile security at Avast, said users may underestimate the potential value of this data to cyber criminals.
"Stalkers, enemies, and thieves can abuse personal data to stalk, blackmail and steal people's identities. They can... watch people's every move, exploit their strange fetishes, open credit cards in their name, or even continue what they started by further selling their personal information online," he warned.
As a result, the firm is advising people who want to sell their old devices on to overwrite the files, rather than simply deleting them.
"Deleting files from your Android phone before selling it or giving it away is not enough. You need to overwrite the files, making them irretrievable," he added.
Cleo attack victim list grows as Hertz confirms customer data stolen
Lateral moves in tech: Why leaders should support employee mobility
