Android reset flaw affects 500 million+ devices

James Delahunty
24 May 2015 17:13

The factory reset option in the Android mobile operating system may not be as reliable as you'd think, according to new research.
Using the factory reset is common when giving away / selling an old smartphone or tablet, clearing out personal information so the new owner can start afresh, and the previous owner can rest assured that all personal information is wiped.

But.. what if the data is not wiped properly? A study from Cambridge University has raised doubts about the reliability of this function across Android hardware. It focused on tests performed on 21 devices from five manufacturers, running different versions of the popular operating system.
Unfortunately, the researchers could successfully recover partial data after the factory reset was carried out. Even with Full Disk Encryption, some data recovery was still achieved.

In 80 percent of the devices, the researchers could recover the master token required to access Google services. They could also recover login information for other services, as well as images, videos, contacts and so on.

There are a variety of reasons for the problem, with one being manufacturers failing to include adequate drivers that would be needed to properly erase the internal memory, or removable flash memory of a device.

This flaw could affect more than half a billion devices.


Sources and Recommended Reading:
Security Analysis of Android Factory Resets (PDF): www.cl.cam.ac.uk

More from us
Tags
Android
We use cookies to improve our service.