Notebookcheck Logo

Android factory reset does not wipe all data

Researchers recently conducted a study revealing that 500 million Android devices may not fully wipe disk partitions.

Most phone contracts last two years. At the end of the contract, many users tend to use factory reset, wipe all of their personal data, and either give the device away or sell it using a site like Gazelle or eBay. For Android users, this could be a huge risk. It has just been discovered that a large number of Android phones may have a massive security flaw allowing users to access a lot of personal information from the person who used the device previously. An attacker can recover what is called a crypto footer to brute-force a PIN offline in order to decrypt the phone or tablet. While that may sound complicated, researchers were able to do just that to access former users' data.

Researchers at Cambridge University purchased second-hand Android devices and found that the file that stores decryption keys was not wiped in the factory reset. Thanks to this file, and the process mentioned above, the researchers were able to bring back messages, pictures, and even the authentication credentials needed for Google accounts. This is a huge security flaw for Android phones and tablets. The same process worked with devices ranging from Android 2.2 Froyo to Android 4.3 Jellybean, and considering more than 50% of Androids are running these OS versions or something in between, over 500 million devices could be at risk.

It has also been determined that over 630 million handsets might not wipe internal SD cards, leading to even more security issues. This flaw could prove to be very problematic for anyone who has sold his or her Android device in the past few years, and hopefully a fix will come soon.


static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
Joseph Lambert, 2015-05-23 (Update: 2015-05-23)