Have you been down the factory reset route in order to sell Android smartphone or attempted to flash/root a custom OS maybe? If you thought going down the factory reset path actually wiped all your data and personal information, you need to think again. A recent study conducted by University of Cambridge reveals that a factory reset doesn’t actually erase everything.
The researchers selected 21 Android smartphones as their sample size from five different vendors to ensure that the representation wasn’t biased. Also these devices were running different Android versions, from v2.3.x to v4.3. The five vendors happen to be HTC, LG, Samsung, Google and Motorola.
It is estimated that around 500 million devices haven’t been sanitized properly or not formatted their data partition where sensitive data resides. And up to 630 million do not take care of formatting their Internal SD card completely which houses their multimedia files such as photos and audio clips.
Due to flawed factory resets the researchers were able to extract conversations from these devices which include emails, SMS’s and IM chats from messaging apps. Around 80% of the devices had emails stored on them. The device also stores authentication tokens which help in automatic login and avoid us inputting our passwords every time we open our apps. Well a flawed factory reset has Google’s token still stored on the device which means it can give a hacker access to a user’s Google’s credential and if a master token is recovered, 80% of the time it was in this study, then an attacker can access the calendar, email, contacts and all Google’s apps. Even our social media apps tokens can be recovered and the researchers point out that Facebook tokens are present as well but they haven’t attempted to access anyone’s account.
The devices in question that were being tested include HTC Sensation, Samsung Galaxy S3, Galaxy S2, HTC Desire S, HTC One X, Nexus 4, Nexus 5, LG Optimus L7, and Motorola Defy among others. Every device had its own set of problems; however, the Nexus 4 performed the best in tests.
So what to do in order to wipe everything safely of your Android device and be assured that no one can get access to your account details and personal data. For starters there is no one correct way. The factory reset method is definitely flawed that we have witnessed. The report mentions to overwrite the system partition “bit-by-bit” which flood over the old data and replacing it with new. However it is not something for the faint-hearted and the process requires some technical expertise; you should know how to root.
Other method is filling the partition with random byte files which fills the empty space and is usually done post-format via a third party app. However the rights and privileges accorded to an app to overwrite system files might be a bit cumbersome.
The method we suggest is to avoid selling your device if possible or better yet smash it instead of handing it in, a brutal way and not a very effective one but save your data from falling into the wrong hands. Deleting each and every picture and other media one by one is not effective at all as well; nothing gets actually deleted in reality. Google would recommend the normal procedures such as factory reset and enable encryption on your data with a passcode but that still doesn’t solve the problem of a permanent erase. You can protect your Google related information though by revoking your device’s privilege from Google dashboard.
With the second hand device flourishing and users looking to trade their old devices for a newer better Android device, this issue is on the rise and needs to be brought to users attention. Someone with enough time, and expertise on their hands can purchase these devices off eBay for quite a cheap price and can crack into a user’s personal data and use it for blackmailing, not an appealing prospect for anyone of us, given how much of our lives are stored in our devices.