Securely Erase your Mobile Phone Data

Here's a common problem: You want to sell your mobile phone, but also want to make sure that you don't accidentally sell your personal data with it.

Of course, if you are lucky enough to have a phone that has a built-in secure factory reset feature (e.g. reasonably recent iPhones), or can be encrypted before a factory reset (e.g. recent Androids), then this is a no-brainer - use your phone's built-in feature. If, on the other hand, you have an older phone, or you don't trust your phone manufacturer to do the job properly, then read on.

This is something I had to do very recently on my old Android phone. The idea is to overwrite your phone's storage space with random data, so that even if someone attempts to recover your deleted data, any recovered data will be unreadable. There are certainly multiple ways of approaching this problem, like using ADB in USB debugging mode, but I find the solution below straightforward and easy.

I have tested these instructions on Ubuntu 16.10.

  • Start by performing a factory reset on your phone to recover as much free space as possible
  • Then connect your phone to your PC over USB and find the mount point
    • If your phone connects through MTP, the mount point will be under /run/user/$UID/gvfs/mtp*
    • Otherwise, just type mount on the command prompt (should be under /media/*)
  • Once you have determined the mount point execute:

    $ head -c 4G </dev/urandom >$MOUNT_POINT/junk.data
    

The above command will generate a file named junk.data, filled with 4GB of random data. Just make sure that you set the file size to a value that is larger than your phone's free space, so that it overwrites as much data as possible.

In case you connect through MTP and get "operation not supported" error messages, then you might have to first generate the random file in a temporary directory, e.g. /tmp, and then use gvfs-copy to transfer the file over to your phone:

$ gvfs-copy /tmp/junk.data $MOUNT_POINT/junk.data

It is recommended that you delete the junk.data file and repeat the above procedure a few more times. The reason is that SSDs keep some extra storage space to improve performance and endurance, that is not directly accessible by users. Even if you overwrite your free space a dozen times, there might still be readable data left in the over-provisioning area, however the more data you write on your disk, the higher the probability that the over-provisioning area will be overwritten.

Warning: These instructions cannot fully guarantee the destruction of 100% of your data. Nevertheless, for most cases, this method is a good compromise. If the data you want to wipe out is indeed valuable, it's highly recommended to physically destroy your device.