When You Least Expect It: Reselling Your Device and Your Privacy

Recently Avast exposed a troubling trend which has called in to question the growing practice of many Americans reselling their smartphones. While most Americans feel that they have adequately wiped their device clean of any type of personal information before offering it up for resale on popular sites like eBay and Amazon, Avast discovered, after purchasing 20 Android phones from eBay, that these phones still contained a troubling amount of private information - such as personal photographs, search records, text messages, emails, contact information and even a completed loan application.

In a post-Snowden world motivation to protect our privacy is now, more than ever, a top priority. The recent Supreme Court ruling on cellphone privacy further illuminates the high regard we have for the uniquely intense amount of information that we store on our phones. Practically speaking however, how do we manage the sensitivity of our personal information through the entire lifecycle of our device? Furthermore, as BYOD continues to move in to the enterprise how can this conversation on lifecycle answer the security concerns of the enterprise?

Currently, as the Avast discovery shows, there is a particularly weak point in the lifecycle of a device – when it’s resold. For everyday users this has its obvious concerns, but for the enterprise there are also serious considerations. In particular, with BYOD, where the employee owns the device which contains corporate information, the enterprise should be invested in a BYOD solution that extends protection into the sensitive stage where a device is resold. The most effective means of protecting sensitive data is using encryption, which assures that even if the wipe is incomplete or weak, there is a limited ability to extract the data from the device drive. In a single persona solution, a user needs to encrypt everything on their device if they want to protect anything. The burden of encryption, for the everyday user, created when a user needs to enter a password for even the most casual of device experiences, such as checking the weather, makes encryption when using a single persona solution impractical.

The difference with a multi-persona strategy is that it allows for the ability to differentiate the levels of protection according to the value placed on the information contained in a given persona. This enables the use of encryption for personas which contain sensitive information and the ability to elect not to use encryption for a less sensitive persona. Multi-persona transforms encryption from an all or nothing approach to a differentiated application at the persona level, adequately protecting only what matters to you most. In addition, the timing for the decisions relating to sensitive information is moved from the hurried time point of reselling, to the beginning of the lifecycle when assessments relating to risk, impact the choices of which personas do and do not need to be encrypted.

For example, the user can decide on a “Business Persona,” a “Wallet persona” and a variety of personal personas, where all relative future interactions will be done from within these personas – interactions based on business, sensitive personal information such as banking and health care and personal information that is less sensitive, like the games you download for your kids. Those highly sensitive personas, such as Business and Wallet, will use encryption, loading the user experience with a password on one hand but providing the needed and expected level of protection on the other. With a less sensitive persona the user experience will not be degraded with a password but the risk that stems from this persona is much smaller because the information contained within the persona is seen as less valuable.

Now, at the point of resell, apps and data are already categorized and in a known isolation allowing for a better understanding of the risks associated with each persona. Having to sort out a pile of apps, data, logs and more is extremely difficult to do after the fact and opens the user up to a considerable amount of risk. If the user elects to begin with a multi-persona solution, or chooses to enroll the device in a BYOD strategy, they are effectively able to mitigate this risk at the reselling stage of the device’s lifecycle by assuring that proper controls such as encryption are appropriately matched with sensitive data.

 

For the Consumer

The ability for the user to segregate apps and data into various personas means that they can place highly sensitive information, such as banking and health information, in a highly private persona with higher levels of security measures such as encryption - as opposed to another personal persona, such as a “Kid’s persona,” where they may decide to put games and apps for their children. When it is time to resell their phone they will have the comfort of knowing that high risk data is encrypted and not available for another user and they are less dependent on a wipe to eliminate sensitive data.

 

For the Enterprise

The enterprise can mandate encryption on the professional persona in order to protect the enterprise in the scenario where the device is sold. If someone has sold a device that they have used for work, containing corporate data, and that corporate data has been encrypted, it makes the information extremely difficult to extract.

From the beginning of a user’s relationship with their phone, each decision s/he makes, with a multi-persona solution is designed to protect and organize all of their information, for all aspects of life and work, throughout the entire lifecycle of the phone. The ability to “bucket” your information in a seamless way that is aligned with the way that you work and live allows you to effectively use your phone as an extension of your personality while you own the device, and then allows you to successfully terminate your relationship with the phone, and with any future risk of exposing your most private information.