Upgrading your Android device?

Are you still sporting an HTC Dream (Google G1) or a tablet running Android Honeycomb? Probably not, as technological obsolescence means that as mobile devices have evolved, so has our desire to upgrade to newer models with improved performance and functionality.

So if you do decide to upgrade, what should you do with your old mobile phone or tablet to ensure no-one else will be able to access your personal information? Up until now, users may have chosen to perform a factory reset, with the perception that this will securely erase all data on the device. This is actually not the case; it was recently reported that data may still be recoverable from around 500 million Android smartphones, even after performing a factory reset. It was also found that a recovery is possible even if the device is encrypted, which is concerning for home and business users alike.

Why is the data still recoverable?

In a previous blog post we described how data such as pictures, videos and app information gets stored on Android devices, mostly via the use of internal NAND flash memory. We asked Michal Cieslik, a Mobile Device Recovery Specialist at DataRecoup to explain why data can still be recovered from these types of storage devices when a factory reset has been completed:

“Performing a factory reset on an Android device simply removes the path to the data, making the device appear empty; however the data is actually still there. A recovery is possible by looking at the data structures from a low-level and using specialist tools to recreate the data into a useable format. Also, factory resetting a mobile device only affects the internal memory – any added external storage in the form of micro-SD memory cards would not be touched and the data could be recovered with widely available software recovery tools.”

According to researchers at Cambridge University, around 500 million Android smartphones are vulnerable to a flaw in the factory data reset function that could allow the recovery of a wide range of data.

Following a series of tests, the researchers estimate that 500 million Android devices don't fully wipe data partitions that contain sensitive data, allowing the restoration of contact and message data from first- and third-party apps. In 80 percent of phones tested, the researchers were able to extract the Google master token after a factory reset, giving them access to Gmail and Calendar data.

The team also estimate that 630 million devices don't wipe SD cards and other places where pictures and videos are stored during the factory reset process. This is concerning for people who sell or give away used smartphones, who might think that sensitive data is removed after a factory reset, when in many cases it's still accessible.

It was also discovered that the flaw in Android's factory reset allows you to recover data with full-disk encryption enabled. During the reset process, the decryption key isn't wiped, and recovery of the "crypto footer" along with this key allows an attacker to crack the encryption offline.