1. It is an accepted fact that one can remove all data from Android devices by resetting it
to factory settings, or doing a "force reset." One can do so by either
using the Settings menu to erase all your data or by using the Recovery
menu.It is also understood that by performing a factory data reset, all
data — like apps data, photos, and music etc will be wiped from the
device.This reset in most of the cases will be required as a maintenance issue or when the user decides to sell his mobile to some other third guy.Now when he does a factory reset for ensuring himself that all his/her data is removed from the mobile,there is a sad angle recently revealed in a paper named "Security Analysis of Android Factory Resets" by Laurent Simon and Ross Anderson@University of Cambridge available at http://www.cl.cam.ac.uk/~rja14/Papers/fr_most15.pdf that proves with technical demonstrations to negate the fact that the data and all privacy of accounts goes with the reset.Read on further for brief details...
2. Even with full-disk encryption in play, researchers found that performing a factory reset on Android smart-phones isn’t always what it’s assumed safe up to be.Researchers found the file storing decryption keys on devices was not erased during the factory reset and they were successfully able to access data “wiped” Android devices from a wide variety of sources, including text messages, images, video, and even third-party applications. What’s more, researchers were able to “recover Google authentication tokens”, thereby enabling them to sync up any data a user had tied to Google’s services, including private emails.The study unveils five critical failures:
- the lack of Android support for proper deletion of the data partition in v2.3.x devices;
- the incompleteness of upgrades pushed to flawed devices by vendors;
- the lack of driver support for proper deletion shipped by vendors in newer devices (e.g. on v4.[1,2,3]);
- the lack of Android support for proper deletion of the internal and external SD card in all OS versions;
- the fragility of full-disk encryption to mitigate those problems up to Android v4.4 (KitKat)
- the lack of Android support for proper deletion of the data partition in v2.3.x devices;
- the incompleteness of upgrades pushed to flawed devices by vendors;
- the lack of driver support for proper deletion shipped by vendors in newer devices (e.g. on v4.[1,2,3]);
- the lack of Android support for proper deletion of the internal and external SD card in all OS versions;
- the fragility of full-disk encryption to mitigate those problems up to Android v4.4 (KitKat)
RECOVERY DETAILS OF DATA BY RESEARCHERS |
ATTRIBUTED REASON
3. Smartphones use flash for their non volatile memory storage because it is fast, cheap and small. Flash memory is usually arranged in pages and blocks. The CPU can read or write a page (of typically 512+16 to 4096+128 data+metadata bytes), but can only erase a block of from 32 to 128 pages. Each block contains both data, and “out-of-band” (OOB) data.When removing a file, an OS typically only deletes its name from a table, rather than deleting its content. The situation is aggravated on flash memory because data update does not occur in place, i.e. data are copied to a new block to preserve performance, reduce the erasure block count and slow down the wear. This makes a vulnerable issue as realised here by both these researchers.