To sell, or not to sell: social media data-breach in second-hand Android devices
Information and Computer Security
ISSN: 2056-4961
Article publication date: 19 August 2021
Issue publication date: 31 January 2022
Abstract
Purpose
The purpose of this paper is to investigate the private-data pertaining to the interaction of users with social media applications that can be recovered from second-hand Android devices.
Design/methodology/approach
This study uses a black-box testing-principles based methodology to develop use-cases that simulate real-world case-scenarios of the activities performed by the users on the social media application. The authors executed these use-cases in a controlled experiment and examined the Android smartphone to recover the private-data pertaining to these use-cases.
Findings
The results suggest that the social media data recovered from Android devices can reveal a complete timeline of activities performed by the user, identify all the videos watched, uploaded, shared and deleted by the user, disclose the username and user-id of the user, unveil the email addresses used by the user to download the application and share the videos with other users and expose the social network of the user on the platform. Forensic investigators may find this data helpful in investigating crimes such as cyber bullying, racism, blasphemy, vehicle thefts, road accidents and so on. However, this data-breach in Android devices is a threat to user's privacy, identity and profiling in second-hand market.
Practical implications
Perceived notion of data sanitisation as a result of application removal and factory-reset can have serious implications. Though being helpful to forensic investigators, it leaves the user vulnerable to privacy breach, identity theft, profiling and social network revealing in second-hand market. At the same time, users' sensitivity towards data-breach might compel users to refrain from selling their Android devices in second-hand market and hamper device recycling.
Originality/value
This study attempts to bridge the literature gap in social media data-breach in second-hand Android devices by experimentally determining the extent of the breach. The findings of this study can help digital forensic investigators in solving crimes such as vehicle theft, road accidents, cybercrimes and so on. It can assist smartphone users to decide whether to sell their smartphones in a second-hand market, and at the same time encourage developers and researchers to design methods of social media data sanitisation.
Keywords
Acknowledgements
The authors would like to thank the anonymous reviewers for their comments and suggestions. The authors would also like to thank Sajjad Rafiq, Mohamad Waseem Baba, Hazim Altaf and Mohammad Altaf Wani for their help with the experiments.
Research funding: the authors acknowledge and thank the Deputyship for Research and Innovation, Ministry of Education, Saudi Arabia for funding this research work through the project number (20\14).
Citation
BenRhouma, O., AlZahrani, A., AlKhodre, A., Namoun, A. and Bhat, W.A. (2022), "To sell, or not to sell: social media data-breach in second-hand Android devices", Information and Computer Security, Vol. 30 No. 1, pp. 117-136. https://doi.org/10.1108/ICS-03-2021-0038
Publisher
:Emerald Publishing Limited
Copyright © 2021, Emerald Publishing Limited