Cloud Hosting

The ongoing Mumbai Drug Case involving Bollywood superstar Shah Rukh Khan's son Aryan Khan and actress Ananya Pandey has once again put WhatsApp into the limelight. WhatsApp chats between these celebrities are seemingly dictating the direction of the ongoing investigation. Deja vu? This has slowly become a norm. It's surprising too, given that WhatsApp claims that the platform is entirely end-to-end encrypted and messages or media exchanged on it, cannot be accessed by anyone.

Yet, the entire Bollywood industry was shaken last year when the NCB got access to Rhea Chakraborty's WhatsApp messages. Now, India Today TV has learnt that NCB has recovered chat messages of a conversation between Ananya Panday and Aryan Khan. The sources also tell that this has put many Bollywood superstars on an alert. Whether they have something to hide or not, many are now trying to get their phones wiped in a bid to erase messages, photos and other data that can possibly lead to violation of their privacy.

Is it possible though? Can a user actually get rid of all the data on your smartphone without leaving a trace? It's more complicated than what it may appear to be. We will try to explain.

There are different ways through which you can delete the data on your phone cleaning the physical storage, doing a factory rest of the device and erasing everything from cloud or backup drives. In each case, the phone reacts differently and there might be times when some data is left behind. Let's go through each of these methods one by one.

Cleaning physical storage: Any device (smartphone, tablet or laptop) stores data in two places physical storage and cloud. The first is commonly known as the onboard or internal storage. The pictures, videos and documents you see on your phone are stored on phone's physical storage. When you delete them, they are not instantly removed. Instead, they are "marked for deletion."

And this "marked for deletion" happens in two ways.

One, tech companies don't like when you delete data. So instead of deleting something right away, they put it in "bin" or "trash". For example, on an Android phone, when you delete a photo it goes into bin. You can go to bin and can retrieve it if you have changed your mind about deleting that photo. All these media files remain in Bin on your device for the next 30 days before they are completely removed. Or after deleting a photo or video, you can directly go to "bin" or "trash" and delete the files manually and immediately.

This means that even the deleted files can be accessed for a month unless they are also removed from the 'Recently Deleted' folder. The same also applies to your emails. Most email services, including Gmail store your deleted emails for a month before completely trashing them. It is done to provide users an option to recover the deleted files.

The second "marked for deletion" happens after a file has been completely deleted. Although, there are different ways different smartphones and laptops handle this. Traditionally, all storage systems whether they use a hard drive or a card storage or something else work by creating writable and non-writable sectors. So, when you have a photo in your phone, the sector this photo is using is deemed non-writable by the operating system. When you delete the photo, the sector suddenly become writable. However, the data is not overwritten until there is fresh data in the photo, such as you clicking some more photos.

What this effectively means is: Even if a user has deleted a photo, video or some other data completely, it can be retrieved by forensic tool. The only way to be sure that data is all gone are two: In non-extreme case this would be not just deleting the data but deleting it securely by overwriting the storage with rubbish. There are a number of programs that do it. Or the other option is: just burn the thing if you are extremely paranoid about your privacy. That is what Edward Snowden would do,

One more important bit to note is the cloud factor. Phones use cloud storage. These include Google Drive, iCloud, OneDrive etc. If you have a backup on any of these services, the files deleted from phone can still be accessed through cloud. How to deal with this? We will get to it later.

This is a good way to get rid of phone data or at least the companies claim so. In simple words, the factor reset option sends your device into the condition it came out of the factory. This means everything on the device including photos, images, apps and data is gone forever. Once you factory reset the phone, it will reboot and begin with the usual opening questions, such as language, account, network, etc.

The smartphone makers claim that any data removed through factory rest cannot be recovered. It's true, at least in case of users. You cannot see that data on your phone or access it. But, there is no way to find out if this data cannot be accessed by the smartphone makers too. Also, even if they share this with the government agencies, the users will never get to know.

Also, a lot depends on what a company means by factory resetting. These things are not told to users. We don't know what sort of logs are created when a phone is reset. Or what sort of data a phone company choose to save or delete, and in what way when the factory reset command is given.

In other words, even when a phone has been factory reset, do consider the possibility that forensics can get a lot of private data from it.

One thing that you again need to know is that the data on cloud is not removed even when your factory rest your device. Whenever you will log in to a new smartphone and use the same cloud service, this data will be back. And, at this point, we should address this cloud storage problem.

A lot of our data these days is also stored in cloud services. Blame it on the lack of limited physical storage if you want to or our urge to capture everything we see. I have already mentioned some of these popular storage services on top. In both the methods we have mentioned above, the data on cloud is still not erased.

To get rid of it, you need to manually erase everything from the cloud service you are using, disable the backup option and also sign out from the service. Again, some of these cloud services store the deleted files for a few days to give users an option to restore them. For example, Apple says 'iCloud backups are available for 180 days after you disable or stop using iCloud Backup'. So, you will also have to delete these files from the 'Recently Deleted' folder to completely erase them.

By now you should know that wiping your phones is not as easy as it sounds. And even if you are able to follow all the processes we have mentioned, there is no guarantee that the smartphone makers are not storing your data at their end, even though they promise to. Also, there are certain recovery methods which may not be able to provide the deleted files but, give some insights how the information was stored on the device.

The learning for Bollywood, or anyone concerned about privacy, here is that it's not easy to get rid of anything that has once appeared on your smartphone in this digital world be it messages, images, location history or anything else. So, the so called superstars need to be a little more careful about their privacy.

Follow this link:
WhatsApp chats leaking so Bollywood superstars are trying to get phones wiped, but is it possible? - India Today