Android Factory Reset Fails To Delete All Data Safely In Tests
When wishing to dispose of old smart phone hardware and move on to a more modern piece of kit, what is necessary to protect the data on the old phone?
For many of us, we might think that rolling the phone back to the original factory settings by using a “factory reset” function would be ideal. Surely this would do the trick, clear out the cobwebs and prevent any potential trouble with old data, private selfie photos and other undesirable items going viral?
If you bet on a factory reset being enough, then you were dead wrong. In fact, this rolls the settings and other aspects back to original settings, but is insufficient when it comes to the data already stored on the phone. Just as is the case with other forms of data on PCs that need to be rendered safe before disposal, smart phones and tablets are no different.
Avast Research
Avast, the security company, recently set out to see how bad the security problem potentially was. They just released a paper discussing their findings which is quite interesting.
There's Deletion and There's DELETION!
The majority of users will highlight a file and press the delete function. This is true whether on a PC or a mobile device. In the majority of cases, file management software will only delete the reference pointer that identifies the file and where it is located. The actual file data is not touched. This is why file recovery utilities can often retrieve files a user thought were previously deleted.
A factory reset will delete the reference pointers to the files and other cell phone data, but not the data itself.
Avast Test
Avast set about proving this. They bought 200 droid smart phones from eBay auctions. This is out of the approximately 80,000+ smart phone auctions running at any given time, they estimated.
What Did Avast Discover?
Avast technicians set about trying to recover data from these 20 smart phones. What they discovered was a little shocking. Hundreds of explicit “selfie” photos that you wouldn't want other people to see, many private emails and SMS texts, several previous owner's identities including likely GPS locations, hundreds of previous contacts listed, and even a financial loan application.
What this proves is that Android owners need to invest in a file wiping utility that securely overwrites old data with nonsense information to completely obliterate what was previous stored on the device. A factory reset doesn't do that. A factory reset isn't enough.
Good Android File Wipe Utilities
The Avast Free Mobile Security app does have a secure wipe function and the product is free for Android. McAfee and Symantec also offer Android security apps, but they're not free. There are also standalone file wiping utilities like Secure Erase with iShredder 3 or Nuke My Device which are worth considering too.