Your Devices & Software
Your device is the gateway to everything else. Every account, every message, every payment flows through it. Securing the device is the foundation all other habits depend on.
The Sold Phone
James upgraded his phone and sold his old one to a buyer on OLX.
He deleted all his photos and apps. He removed his SIM card. He thought that was enough.
What he did not do was factory reset the device.
The buyer, a tech-savvy student, used a free recovery tool to restore James' deleted files. His photos, banking app session data, and WhatsApp message history were all recoverable. The buyer found James' employer, home neighbourhood, and two family members' contact details within 20 minutes.
James never knew. He had done what felt right - delete and sell. The gap was one step he didn't know existed.
What Is Actually Happening: Device Security
43%
of smartphone users delay or skip OS updates, leaving known vulnerabilities unpatched.
Updates are not just new features. They are patches for active security exploits.
Source: Lookout Mobile Security Report, 202460% of Breaches Use Known Vulnerabilities
Nearly 6 in 10 breaches exploit vulnerabilities that already had a patch available. The attack worked because the patch was not applied.
70 Million Phones Lost Each Year
Globally, an estimated 70 million smartphones are lost annually. Only 7% are recovered. A screen lock is the only thing between a finder and your data.
Encryption Makes Stolen Data Unreadable
Modern phones encrypt storage when a screen lock is set. Without the PIN, the data on a stolen device cannot be read - even by connecting it to a computer.
Deleted Files Are Recoverable Without a Wipe
Deleting files marks storage space as available - but does not overwrite the data. Free recovery tools can restore deleted photos, messages, and app data within minutes.
Why Updates Are Security Fixes
Every software update patches specific vulnerabilities. When a security flaw is discovered, it is publicly disclosed - which means attackers know about it too.
The window between public disclosure and your device applying the patch is when you are most exposed. Automatic updates close this window. Delaying updates extends it.
The update you skipped because it felt inconvenient may be the one that blocks the attack running that week.
Screen Lock and Encryption
A screen lock does more than keep curious people out.
On modern smartphones, setting a PIN or biometric lock activates the device's storage encryption. Without the lock, your device's storage is unencrypted - readable by anyone with physical access and the right tools.
This matters most when a device is lost, left unattended, or sold.
What screen lock types offer
| Lock type | Protection level | Note |
|---|---|---|
| No lock | None | Any finder has full access |
| Pattern | Weak | Patterns are visually traceable |
| 4-digit PIN | Moderate | 10,000 possible combinations |
| 6-digit PIN | Strong | 1 million possible combinations |
| Fingerprint or Face ID | Strong | Combined with PIN as backup |
Public and Shared Devices
Public computers - at libraries, airports, hotels, or internet cafes - have a fundamental problem. You do not know what software is running on them. Keyloggers that record everything typed are common on high-traffic shared devices.
Rules for shared devices:
- Never log into banking, email, or any personal account.
- If you must log in, use incognito mode and sign out completely before leaving.
- Never save passwords when prompted.
- Assume the session is being recorded.
Before Selling or Donating a Device
Deleting files is not enough. The correct sequence is:
- Back up anything you need to keep.
- Sign out of all accounts on the device.
- Remove your SIM card and any memory cards.
- Perform a factory reset through the device settings.
- For iPhones: disable Activation Lock before handing over.
- For Android: confirm the device is fully erased by checking that the setup wizard appears.
A factory reset overwrites the storage, making previous data unrecoverable through standard means.
Try It: Device Health Check
Select your device type and answer 5 questions. You'll get a colour-coded health score and the exact menu path to fix each gap.
What That Just Showed You
1. Updates, locks, and wipes are the non-negotiable three. Everything else in device security builds on these. They take minutes to set up and require no technical knowledge.
2. Encryption is automatic when a lock is in place. You do not need to activate encryption separately on modern devices. Setting a screen lock turns it on.
3. "I deleted it" is not the same as "it is gone." Data persists until storage space is actively overwritten. A factory reset does this. Deleting files does not.
4. Public device rules are simple: do not log in. No convenience justifies entering credentials on a device you cannot trust.
Three Things Worth Doing
1. Turn on automatic updates right now. Settings > Software Update on both Android and iPhone. This single change closes the most common attack surface on your device.
2. Set a 6-digit PIN if you use a 4-digit one. The jump from 4 to 6 digits increases possible combinations by 100x. Takes 30 seconds to change.
3. Before your next device handoff, factory reset. Whether selling, donating, or handing to a family member: Settings > General > Reset (iPhone) or Settings > System > Reset (Android). Remove accounts first.
One Question Before You Continue
James deleted all his files and removed his SIM before selling his phone. What did the buyer use to recover his data?