Google's Reset Function Doesn't Actually Erase All of Your Personal Data

[dgstorm]

For users who have ever, (or plan to) sell or give away their used Android devices, but want to make sure their personal data is gone from the device, the common logic is to simply do a Google factory reset. Unfortunately, as it turns out, that doesn't actually erase all of your personal data.

Avast, the software security company famous for their anti-virus programs recently did a test in which they bought up 20 used smartphones online. On nearly all of the devices, even though the reset function in Android was used, Avast was able to recover a vast quantity of personal user data from the devices, which ranged from emails and text messages to contact information and pics. Here's a quote from Avast’s President of Mobile, Jude McColgan on the subject,

“The amount of personal data we retrieved from the phones was astounding. We found everything from a filled-out loan form to more than 250 nude selfies. We purchased a variety of Android devices from sellers across the U.S. and used readily available recovery software to dig up personal information that was previously on the phones. The take-away is that even deleted data on your used phone can be recovered unless you completely overwrite it.”

Yikes! It looks like if you plan on letting other folks get their hands on your old hardware, there is a chance they can get their hands on a lot more. It's a shame there isn't a tool built into Android that will actually get the job done of deleting your personal info.

Of course, Avast isn't just sharing this info for nothing. They offer a free tool to help make sure your personal stuff actually gets deleted. It's called avast! Anti-Theft, and you can get it from the Google Play Store. Even though their "study" is obviously a shameless plug for their company, at least their free solution will actually cleanly erase the data by overwriting it.

Here's a link for those who might need this: Google Play Store - avast! Anti-Theft

 

[gadgetrants]

I'd love to know whether "able to recover" actually meant "we painstakingly restored deleted drive space, one byte at a time" or instead "we found all those files, intact, in plain sight." I somehow imagine it's the former, which simply means the "factory reset" function probably uses a weak format operation. Wouldn't take much to write an app that scrubbed free space a little harder.

-Matt

 

[johnomaz]

I'd love to know whether "able to recover" actually meant "we painstakingly restored deleted drive space, one byte at a time" or instead "we found all those files, intact, in plain sight." I somehow imagine it's the former, which simply means the "factory reset" function probably uses a weak format operation. Wouldn't take much to write an app that scrubbed free space a little harder.

-Matt

I feel its more along the lines of using a tool that sees deleted files. If they are just erasing the phones ability to see the files and telling the phone its not empty space, that is pretty easy to do. I have a utility on my computer when I delete files from one of my flash drives and need it restored. To me, when I put my phone into recovery and tell it to wipe all data I expect the device to be writing all zeros to the usable space instead of just telling the OS that the space is open for rewriting and not removing the actual data.

 

[gadgetrants]

We should also remember that Jelly Bean brought TRIM to the table (I kind of wonder if the devices in Avast's test were running JB or KK), which means that delete operations are pretty secure:

http://raywoodcockslatest.wordpress.com/2014/04/21/ssd-secure-erase/

In the TRIM function, the operating system would notify the SSD when a file was deleted. Wikipedia said this notification was necessary because the SSD would not have its own direct way of knowing when the user or a program was telling the operating system to delete a file. Upon receiving that notification, the SSD would erase, within its memory cells, those places that contained that file’s data. That erasure would take place shortly (often immediately) after the file was deleted in the operating system. TRIM would thus make sure that deleted things were truly and irreversibly deleted, and would also keep the SSD decluttered for best performance.

The catch with the Android implementation, I believe, is that FSTRIM runs on a schedule during low-use times, and not necessarily right after a delete. To make the matter more complicated, it's not clear at all that it would happen after a system format, unless the user restarted the device and let it idle for several hours.

Bottom line: don't fill out loan applications or take naked selfies with an Android device.

-Matt

 

[akhenax]

Bottom line: don't fill out loan applications or take naked selfies with an Android device.

-Matt

My naked selfies are never saved locally on the drive. They are immediately uploaded to the cloud.

 

[gadgetrants]

My naked selfies are never saved locally on the drive. They are immediately uploaded to the cloud.

O.M....G.