‘Factory wipe’ on Android phones left naked selfies and worse, study finds – Guardian
After studying 20 handsets, security company Avast has warned that the “factory reset” function on Android phones doesn’t actually delete data on the phone, which can be retrieved using standard forensic security tools.
In all, the researches said that they found more than 40,000 photos, including 750 photos of women “in various stages of undress” and 250 photos of male anatomy. The EXIF data included in the picture file could also allow someone to find out details of the person’s residence if it included location. Four of the phones included the previous owners’ identity in the file data.
The problem arises because the factory reset function, found in the Settings function, doesn’t actually wipe the data from the storage on the phone. Instead, it wipes the index that points to the locations in the storage where the data is written. Normally, that is sufficient to prevent someone who acquires the phone from accessing any of that data.
But by using forensic tools that directly access the storage areas, Avast was able to reconstruct the files – and make its disconcerting discovery.
Google told Ars Technica that the research “looks to be based on older devices and versions [of Android] and does not reflect the security protections in Android versions that are used by 85% of users.” That suggests that only versions running software before Android 4.0 are vulnerable in this way.
However, Google’s Android documentation shows that setting file encryption is optional – which leaves newer devices vulnerable too.
Android 3.0 onwards has offered a setting which will encrypt the phone, using a cryptographic key generated from a user-provided passcode. If that is done, then a “factory reset” will delete the key, rendering the data unreadable. Google’s spokesperson recommended that people who are disposing of a device should enable encryption, and then carry out a factory reset.
Solution – via Time.com
1. Encrypt entire phone
2. Carry out Factory Reset
To turn on encryption, go to Settings > Security and select “Encrypt phone.” Plug in the phone and set it aside, as the encryption can take an hour or longer. Once it’s finished, factory reset the phone like you normally would.
Android Forensics, Part 1: How we recovered (supposedly) erased data
How to Encrypt ANDROID mobile