DiskDigger: A Useful Tool for Android Users

Checking Your Smartphone for Data Exposure

The first thing authorities do when detaining someone is seize their communication devices. This is done to prevent situations where a member of an organized group warns others about their detention, and to stop the destruction of evidence such as SMS messages, call logs, and most importantly, photos and videos. While call and SMS logs are stored with the provider, photos are kept locally on the device.

Since Android is closely related to Linux, its file systems work similarly, especially when it comes to deleting data. When you delete a file, it isn’t actually erased; the system simply marks the area as “available for overwriting.” Until that space is overwritten, the file can be recovered.

The problem is that storage capacities have increased dramatically in recent years. Hard drives now hold hundreds of gigabytes or even terabytes, and mobile device memory chips can store several or even dozens of gigabytes. Meanwhile, the size of individual files hasn’t grown much, resulting in a lot of unused space. The system will write new files to free areas first, and only start overwriting “deleted” data when there’s no more free space left.

You can check what data forensic experts might recover from your mobile device using the DiskDigger app (https://www.diskdigger.org), which is also available on Google Play.

The app offers two types of scans: “basic” and “root.” The root scan recovers more data (tested many times), but the basic scan is also effective to some extent.

What Should You Do?

1. Encrypt your smartphone if it isn’t already encrypted.
2. Remember that Telegram, even with auto-download of media turned off, still automatically downloads and stores all profile pictures.
3. Fill the “empty” space on your device with 2-4 large files (I use Linux distributions, each 1-2 GB) to ensure that free space is frequently overwritten.
4. Regularly go to Settings > Apps, select your gallery app and file manager (they generate “thumbnails” for JPEGs), and tap Clear Cache and then Clear Data.

Check your device with DiskDigger regularly. If this doesn’t help, perform a hard reset and re-encrypt the data partition. You can repeat this process a couple of times for extra assurance.