Android reset flaw affects 500 million+ devices

Android reset flaw affects 500 million+ devices
The factory reset option in the Android mobile operating system may not be as reliable as you'd think, according to new research.

Using the factory reset is common when giving away / selling an old smartphone or tablet, clearing out personal information so the new owner can start afresh, and the previous owner can rest assured that all personal information is wiped.



But.. what if the data is not wiped properly? A study from Cambridge University has raised doubts about the reliability of this function across Android hardware. It focused on tests performed on 21 devices from five manufacturers, running different versions of the popular operating system.

Unfortunately, the researchers could successfully recover partial data after the factory reset was carried out. Even with Full Disk Encryption, some data recovery was still achieved.

In 80 percent of the devices, the researchers could recover the master token required to access Google services. They could also recover login information for other services, as well as images, videos, contacts and so on.

There are a variety of reasons for the problem, with one being manufacturers failing to include adequate drivers that would be needed to properly erase the internal memory, or removable flash memory of a device.

This flaw could affect more than half a billion devices.


Sources and Recommended Reading:
Security Analysis of Android Factory Resets (PDF): www.cl.cam.ac.uk



Written by: James Delahunty @ 24 May 2015 17:13
Tags
Android
Advertisement - News comments available below the ad
  • 3 comments
  • pmshah

    Here you are dealing with feasibility. Now how many recipients of such devices would have the knowledge or resources to retrieve such data? Secondly how many people who store critical data on their Android devices would actually give away their device?

    There are some very basic steps one can take to prevent this. Like on phones with "Redial last dialed number". After one finished a call he \/she only needs to dial some fake numbers a few times. On Android device just create a new email id that is not linked to your phone number and pass on that information to the recipient / buyer.

    24.5.2015 22:52 #1

  • hearme0

    Yet another reason why I have advocated against Android for a couple years now. It's slow(over time) and insecure ........PERIOD

    Android blows chunks!

    26.5.2015 01:26 #2

  • Bozobub

    Originally posted by hearme0: Yet another reason why I have advocated against Android for a couple years now. It's slow(over time) and insecure ........PERIOD

    Android blows chunks!

    Fine. Now, tell us of the alternative that YOU endorse.

    26.5.2015 13:47 #3

© 2024 AfterDawn Oy

Hosted by
Powered by UpCloud