Android’s built-in factory reset doesn’t fully wipe data: Report

Factory reset in AndroidLooks like the built-in factory reset function is not doing its job in most Android devices. According to a recent research paper, an estimated 500 million Android devices are susceptible to the recovery of personal information like logins, emails, contacts and more even after factory reset.

While this flaw doesn’t matter much as long as your Android devices remain with you, but if you sell your Android smartphone, lose it and remote wipe it or you use the company provided devices, which end up back with employers or in a landfill somewhere, malicious parties might take advantage of it.

“In the first comprehensive study of the effectiveness of the Android feature, Cambridge University researchers found that they were able to recover data on a wide range of devices that had run factory reset. The function, which is built into Google’s Android mobile operating system, is considered a crucial means for wiping confidential data off of devices before they’re sold, recycled, or otherwise retired. The study found that data could be recovered even when users turned on full-disk encryption,” wrote Ars Technica in a report.

The researchers tested 21 devices with varying Android versions (2.3 to 4.3) and found that they were able to extract the master token Android uses to give access to most Google user data,  text-based conversations, contacts, data from third-party apps and more.

According to researcher, the consumers can do little to fix the issue apart from manually installing an application, which fills up the phone storage with random information to overwrite all space, or destroying their device. It is now up to Google and the device vendors to offer a solution.

You can read the full research paper here or Arc Technica’s coverage of the same.

One comment

  1. What about versions 2.2 (Froyo)? We are still in the very nascent stage of e-evolution and it wont be before four-five more years more (thanks, now, in part to NSA and our very own CMS) that functions like factory reset would actually wipe off all data completely. Till then news such as this, HeartBleed, other major vulnerabilities will be trickling through. So the lesson we must learn is: Don’t be too over reliant on technology.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s