It’s been known for some time: Google Android devices aren’t very good at wiping data even though they should completely eradicate all traces of a user when the phone is given a factory reset.
Researchers from Cambridge University have now proven it, testing five devices running Android versions 2.3 through 4.3. They believe as many as 500 million Android devices might not properly “sanitise” the parts of the operating system that store sensitive data, whilst up to 630 million may not effectively clean information from the SD card, where multimedia files, like music or video, are often stored. Researchers Ross Anderson and Laurent Simon also discovered they could find Google credentials on all devices with a flawed factory reset to access data from certain apps. And even when full disk encryption was turned on, there was enough data left that it was possible to recover the encryption key and unlock the phone.
Android phones don't delete data properly on factory reset, say researchers
Google said it did not have comment on the matter. Anderson told FORBES it was up to Google to fix the problem though its device partners (Original Equipment Manufacturers - OEMs) also bear some responsibility. “It's something best fixed by Google, and they're working on it - Android 5.0 [Lollipop] is better, and they say it will be fully fixed by Android,” he said.
“However the OEMs must also play along, as many of the current issues come from phone vendors screwing around the Android code as they don't understand it. So Google needs to include factory reset into its conformance test process.”
By digging into devices post-reset, they were able to access text messages, emails, chats from messaging apps and emails. “We found emails in 80% of our sample devices, but generally only a few per device.”
They also uncovered the authentication tokens that replace passwords the first time a user enters his password. These included Google tokens in all devices with flawed factory reset, and the master token 80 per cent of the time. “Tokens for other apps such as Facebook can be recovered similarly,” they added.
The researchers carried out their work between January and May 2014, buying 26 different secondhand Android phones from
They found numerous problems across different operating system versions and devices. For Gingerbread (2.3), Anderson and Simon discovered about 90 per cent of devices fail to sanitise the data partition securely, “in that at most a few hundred MB are deleted, representing between 60 per cent and 99.9 per cent of the data partition depending on its size”, their paper read.
In Ice Cream Sandwich, it appeared vendors had taken the Android code and failed to implement correct wiping mechanisms. In some cases, as with the Samsung Galaxy S Plus, the S2 and the HTC Sensation XE, vendor upgrades likely omitted device drivers needed to carry out proper sanitisation.
Devices such as the LG Optimus L5 did not ship with proper drivers for secure deletion, whilst the Motorola Razr I shipped with the right drivers but didn’t delete blocks of data that should have been removed, the paper claimed. As for primary SD cards (the ones that come pre-installed in the phone), no Froyo or Gingerbread devices properly sanitised them. This represented more than 340 million devices, the researchers said.
Their estimates of the number of devices with flawed reset functions are taken from the Android OS distribution of June 2013, as they took into consideration the time taken for new phones to enter the secondhand market.
Though the numbers were estimates, it’s apparent there are some serious problems with the reset functions on many Android phones in use today. There are ways to fix the issues, the researchers added, such as use of an emulated primary SD card to ensure only one partition needs to be properly deleted on the phone and that partition should be erased in its entirety, not just the part explicitly used by the file system.
