Android’s Factory Reset Leaves Recoverable Data on Device
Planning on selling your used Android phones and tablets or giving it away to a charitable donation bank? Have you done so in the past? You might want to know that a recent study conducted by popular security software maker Avast, discovered that Android’s factory reset failed to permanently wipe out your personal data, including all those pictures you had stored there at some point in time.
Avast put to the test the default factory reset effectiveness by testing 20 android phones purchased from eBay. The testers were surprisingly able to recover over 750 text message, facebook and email communications, 250 personal contacts along with certain personal details and documents and a staggering 40,000 plus pictures that included hundreds of nude selfies.
It is important to note that Samsung and Android have never claimed a factory reset as being an effective tool at wiping personal data. Most users have no idea but the factory reset only wipes a device’s applications allowing you to re-install a fresh OS and cleaning out a cluttered phone or tablet. The flash memory of the device however, only gets a simple first layer delete operation without going deep into clearing recoverable data.
Avast used publicly available forensic data recovery tools, such as Forensic Toolkit to recover the deleted data out of the devices. These smartphones are heavily used by daily users and represent a gold pot of information for attackers to exploit. With the thousands of used devices being sold on eBay and online, it makes it really easy to turn this criminal venture into a large, scalable operation. With possible nudes, banking details and login passwords, the possible dangers are extensive.
With the rise of mobile devices being used by millions of users, better awareness is important. These mobile devices are now capable of almost all the same daily operations done on your computer and that means you leave a heavy trail of data behind. There are ways to properly wipe out your smartphone’s data before selling or donating it with tools offered by various makers. Avast reminded users that their application offers such a tool designed for Android users. We would hope to see such a tool become available from Android themselves, making their platform more secure for all devices using their OS.
Most users do not care much and disregard the possibility of the person purchasing the device having bad intentions, but this is the wrong way to go about your security and privacy, even when you have absolutely nothing to hide. What an attacker can do with your information can be irreparable, and although it seems to be a rare occurrence, it may sway you to think it can never happen to you, but anyone would hate to be the one telling their story for others to be more conscious.