Android Factory Reset Is Just A State Of Mind
Android factory reset option promises to wipe out all your personal data and information from your gadget. It's a common and suggested practice to factory reset your phone or tablet before you sell it to someone or discard it. It turns out that the factory reset could just be making you believe that you've wiped out your personal data forever and no one can retrieve it. A team of researchers from Cambridge University have published a paper titled '#-Link-Snipped-# (PDF)' that hints at factory reset not working as intended.
The team, comprising of Laurent Simon and Ross Anderson from the Cambridge University studied twenty one Android smartphone devices manufactured by five different vendors running Android versions between 2.3 to 4.3; that were 'factory reset'. The analysis revealed that the some part of the data wiped out from the device was recoverable. What's astonishing is that recovery worked even with the devices protected with full-disk encryption.
The researchers were able to retrieve contacts, photos, videos, SMS messages, emails and even log-in information for popular social networking applications like Facebook and WhatsApp. The researchers could even get access to the master token that's needed for accessing Google user data in about 80% of the phones. It's estimated that about 500 - 600 million devices running various Android versions could be at risk.
The reasons for incomplete wipe-out of data could be many. The researchers note that phone manufacturers do not install all the required drivers that are necessary for cleaning the on-board storage or the add on storage cards. The SD cards / flash drives are very difficult to erase completely.
As of now, there's no clear solution to the problem available. It's also possible that your average joe may not be able to retrieve your data easily; but as a caution, avoid selling your phone to a known geek. If you have the time, go through the paper linked above. We'd like to know what precautions do our engineers take when discarding their old phone?
The team, comprising of Laurent Simon and Ross Anderson from the Cambridge University studied twenty one Android smartphone devices manufactured by five different vendors running Android versions between 2.3 to 4.3; that were 'factory reset'. The analysis revealed that the some part of the data wiped out from the device was recoverable. What's astonishing is that recovery worked even with the devices protected with full-disk encryption.
The researchers were able to retrieve contacts, photos, videos, SMS messages, emails and even log-in information for popular social networking applications like Facebook and WhatsApp. The researchers could even get access to the master token that's needed for accessing Google user data in about 80% of the phones. It's estimated that about 500 - 600 million devices running various Android versions could be at risk.
The reasons for incomplete wipe-out of data could be many. The researchers note that phone manufacturers do not install all the required drivers that are necessary for cleaning the on-board storage or the add on storage cards. The SD cards / flash drives are very difficult to erase completely.
As of now, there's no clear solution to the problem available. It's also possible that your average joe may not be able to retrieve your data easily; but as a caution, avoid selling your phone to a known geek. If you have the time, go through the paper linked above. We'd like to know what precautions do our engineers take when discarding their old phone?
0