People who sell their old Android smartphones are at risk of blackmail because private intimate photos are not being correctly wiped before sale.
Hundreds of naked selfies and intimate pictures were found on a batch of 20 Android phones bought through
A factory reset function appears on the smartphones, but standard forensic security tools can retrieve deleted information from older devices.
The researchers said they found more than 40,000 photos, including 750 photos of women "in various stages of undress" and 250 photos of male anatomy.
Details of the person's residence could also be traced using EXIF data embedded in the image file.
Four of the phones tested included the previous owners' identity in the file data.
One Reddit user said he had been contacted by someone who bought his phone, saying they had extracted "embarrassing" images from the device.
The factory reset function on older Android devices wipes the index that points to the locations where data is written, but forensic tools can still directly access storage areas.
That is because phones running Android 3.0 onwards offer a setting to encrypt the phone using a cryptographic key generated from a user's passcode.
A reset will then delete the key, rendering the data unreadable.
Newer Apple iPhones and iPads encrypt data by default using a software key which renders all data unreadable after a reset.
Most Popular Stories
- Criminal Investigation Opened Into James Foley's Death
- The Hip New Career? Farming
- McDonald's Names Another U.S. President
- Student Startup Develops Date-rape Detector
- Sahara Casino Rises Anew as SLS Las Vegas
- Chinese Coal Gas Boom Poses Climate Risks
- Job Market Shifts Complicate Yellen's Rate Decision
- U.S. Supporters of Islamic State Get Close Scrutiny
- Is Diversity in the Eye of the Beholder?
- Dems Losing Fear of Obamacare