AfterDawn: Tech news

Android reset flaw affects 500 million+ devices

Written by James Delahunty (Google+) @ 24 May 2015 17:13 User comments (3)

Android reset flaw affects 500 million+ devices The factory reset option in the Android mobile operating system may not be as reliable as you'd think, according to new research.
Using the factory reset is common when giving away / selling an old smartphone or tablet, clearing out personal information so the new owner can start afresh, and the previous owner can rest assured that all personal information is wiped.

But.. what if the data is not wiped properly? A study from Cambridge University has raised doubts about the reliability of this function across Android hardware. It focused on tests performed on 21 devices from five manufacturers, running different versions of the popular operating system.

Unfortunately, the researchers could successfully recover partial data after the factory reset was carried out. Even with Full Disk Encryption, some data recovery was still achieved.

In 80 percent of the devices, the researchers could recover the master token required to access Google services. They could also recover login information for other services, as well as images, videos, contacts and so on.

There are a variety of reasons for the problem, with one being manufacturers failing to include adequate drivers that would be needed to properly erase the internal memory, or removable flash memory of a device.

This flaw could affect more than half a billion devices.


Sources and Recommended Reading:
Security Analysis of Android Factory Resets (PDF): www.cl.cam.ac.uk

Tags: Android
Previous Next  

3 user comments

124.5.2015 22:52

Here you are dealing with feasibility. Now how many recipients of such devices would have the knowledge or resources to retrieve such data? Secondly how many people who store critical data on their Android devices would actually give away their device?

There are some very basic steps one can take to prevent this. Like on phones with "Redial last dialed number". After one finished a call he \/she only needs to dial some fake numbers a few times. On Android device just create a new email id that is not linked to your phone number and pass on that information to the recipient / buyer.

226.5.2015 1:26

Yet another reason why I have advocated against Android for a couple years now. It's slow(over time) and insecure ........PERIOD

Android blows chunks!

This message has been edited since its posting. Latest edit was made on 26 May 2015 @ 1:26

326.5.2015 13:47

Originally posted by hearme0:
Yet another reason why I have advocated against Android for a couple years now. It's slow(over time) and insecure ........PERIOD

Android blows chunks!

Fine. Now, tell us of the alternative that YOU endorse.

Comments have been disabled for this article.

News archive