The consequence is that hackers could potentially access files stored in the cloud, or get access to cloud accounts, using leftover data stored on your Android device, iPhone or other smartphone. The tracing of leftover data on smartphones is not for the layperson, says Pravin Kothari, founder and CEO of CipherCloud, but it could be looked at as the modern-day equivalent of Dumpster-diving for personal information.
Researchers at the University of Glasgow ran the tests on an HTC Desire, running Android 2.1, and an iPhone 3S running iOS 3, and cloud-based file storage systems tested included Box, Dropbox and SugarSync. A hard reset of the phones being tested was done before 20 files were created on each of the devices, including images, documents, PDFs and music files and uploaded to the cloud-based services. Researchers found a variety of metadata leftover after the files had been uploaded to the cloud services. Email addresses of users and transaction logs of which files were uploaded to the cloud were visible, for example. Researchers said they were even able to piece together various metadata to get a URL address of where a file was located in Box's cloud. Researchers also found that all files marked for "offline access" were able to be recovered from both the Android and iOS devices. Even some deleted files were still traceable on the SD card of the Android device."