Warning to Android owners who want to sell or give away their old phones, or need to remotely wipe their data after their device was lost or stolen: A new study out of Cambridge University shows that the factory reset option, which is supposed to wipe away all data, doesn't.
Cambridge researchers Laurent Simon and Ross Anderson estimate that 500 million Android phones failed to completely wipe all data during a factory reset, leaving open the possibility that future owners could recover the previous owners' login credentials, passwords, contacts, e-mails and more; and 630 million phones fail to wipe clean all photos and video.
Their research paper, Security Analysis of Android Factory Resets, is available in .pdf form here.
Not too surprising
The paper's results are not entirely surprising (though the enormous scale of the problem might be); other security researchers have previously discovered problems with Android's data-wiping capability. Last July, for example, a digital forensics team at the security software company Avast performed an experiment on secondhand Android phones: they bought 20 used smartphones on eBay, all of which had been wiped clean, subject to factory reset, or otherwise treated so that their original owners figured their data was no longer on them.
Yet, from those phones, the Avast team was able to extract more than 40,000 photos (including at least 250 nude selfies), hundreds of email and text messages, a completed loan application (with all the personal financial data therein), and the identities of four of the phones' previous owners — and remember, that's four out of only 20 phones.
What's even more frightening is that Avast's team didn't have to invent some fancy new digital forensics tools to get all this information; the team only used readily available, off-the-shelf data-retrieval tools.
Even encryption not always effective
The Cambridge study tried a similar experiment: Simon and Anderson tested the factory reset options of 21 Android smartphones bought from five different vendors, all running Android versions v2.3.x to v4.3. (The researchers later told ArsTechnica that it is “plausible some newer devices are also affected.” Google had no comment on the matter.)
Even after the Android phones were factory reset, the researchers could retrieve the same types of confidential data as could the Avast team last summer. Worse still, the Cambridge study determined that even encryption doesn't offer full protection, as the abstract says:
We estimate that up to 500 million devices may not properly sanitise their data partition where credentials and other sensitive data are stored, and up to 630M may not properly sanitise the internal SD card where multimedia files are generally saved. We found we could recover Google credentials on all devices presenting a flawed Factory Reset. Full-disk encryption has the potential to mitigate the problem, but we found that a flawed Factory Reset leaves behind enough data for the encryption key to be recovered.
The researchers go on to discuss various technical changes Google could conceivably implement, to make the Android factory reset more effective.
What to do
But in the meanwhile, what can Android device owners do, if they want to sell or donate an old phone, but don't want to give away their personal files too? Must you abandon all hope of giving the device to someone else, and destroy it instead?
Maybe not. There is a way to truly erase all your data, but it's very time-consuming (and not guaranteed 100% effective).
If you have an erased or factory reset phone and want to hobble any future owners from retrieving your data, your best best is to overwrite the memory with new data: Save a bunch of innocuous stock photos or videos (they don't even have to be your own) onto the phone. Or just save one large file, over and over again until you run out of memory space. Override your previous personal emails and messages by filling your phone with innocuous or even meaningless messages.
To make an analogy: Imagine your phone or computer as being like an old-fashioned three-ring binder. That binder holds many sheets of loose-leaf paper, which is its memory capacity and data storage space. And all the data saved on your device – every photo and video, email and text document, password and credential and everything else – is written or drawn in pencil on that loose-leaf paper.
If you have an eraser, it's pretty easy to wipe away your pencil-marks and make the paper “blank” again — but a person willing to take the time and effort could probably look at that “blank” paper and reconstruct at least some of what you erased. But retrieving your erased writings will be much harder, hopefully impossible, if you then write or at least scribble new pencil marks all over the site of your old erased ones.