Second-hand mobile phones have become a target for illicit data brokers, who recover deleted user data and sell it on the black market for as little as RMB 10 ($1.56). Even phones that have been formatted to prevent incidents like this are not immune to exploitation.
According to reports, consumers sold over 30 million mobile phones in 2017, not including those marked for recycling. The number will only increase after the adoption of 5G networks, at which point the second-hand smartphone market will be flooded with unwanted 4G devices.
In an investigation conducted by AI Finance, reporters found that small businesses selling second-hand mobile phones were selling recovered address book information. One merchant initially charged RMB 100 for all the contacts on a mobile phone but quickly dropped her price to RMB 10.
Yang Bojun, the owner of a phone repair service, is quoted as saying that Android-based phones are more susceptible to data recovery. He said owners should format their devices twice before selling them.
China has seen a number of high profile data breaches in the past year. Personal data is sold for next to nothing. In April 2018, an investigation found that the personal data of users of food delivery apps was being sold for as little as RMB 0.10. Delivery drivers and restaurants were scraping data from delivery apps.
In June 2017, police arrested 22 individuals who worked at Apple-affiliated companies who were allegedly found to be selling iPhone users’ data. The going rate was as little as RMB10.
Officials imposed the country’s Cybersecurity Law in mid-2017 to serve as a roadmap for future legislation. Under the law, the collection of data needs to be legal, justified, and necessary. Additionally, a new set of standards for handling personal data came into effect on May 1, 2017. The standards extend the scope of what is deemed private, but compliance is not mandatory.