LONDON - Embarrassing pictures including nude selfies have been discovered on hundreds of second-hand phones bought on eBay by a Czech security firm.
The Android smartphones that previous owners thought had been wiped clean turned out to contain 40,000 photos, including 750 photos of women "in various stages of undress" and 250 photos of male anatomy, said Britain's Guardian newspaper.
Even more startling, that haul was from only 20 phones bought for a study by Prague-based Avast Software, which found an easily available disc imaging programme and an app management programme exposing material that former owners thought they had removed.
Avast was able to discover identity details of several sellers and even one person's completed loan application, said London's Mail Online. The test proved that the factory reset function does not work.
After the shocking news was revealed last Thursday, the BBC warned phone owners that other data extracted included e-mail, text messages and Google searches.
It said experts advise that the only way to delete data is to destroy the phone, despite most smartphones coming with a "factory reset" option, which is designed to wipe and reset it.
"Deleting files from your Android phone before selling it or giving it away is not enough. You need to overwrite your files, making them irretrievable," Avast told the BBC.
Google responded to the BBC saying that Avast had used outdated smartphones and that the study did not reflect the security protections in Android versions that are used by the vast majority of users.
Google recommended that all phone owners use a feature available for the past three years that enables encryption before applying a factory reset.
Computer security analyst Graham Cluley told the BBC that a user who is serious about privacy and security should make sure his phone is always protected with a personal identification number or passphrase, and that the data on it is encrypted.
London's Independent said security-conscious owners could load dummy data following a factory reset and then deleting it, before selling the phone.
For iOS users, encryption is built in, with all Apple devices apart from the original iPhone, iPhone 3G, and the first two generations of the iPod touch using Advanced Encryption Standard to secure data, the newspaper said .
Mr Jude McColgan, president of Mobile at Avast, warned that people selling their phones may not realise that they are also selling their memories and their identities, said the Mail Online.
Add to that pictures intended for only the most intimate of friends.
This article was first published on July 13, 2014.
Get a copy of The Straits Times or go to straitstimes.com for more stories.