Factory Reset Feature on 500 Million Android Phones Fundamentally Flawed, Does Not Erase Data

Getting rid of an unwanted mobile device isn’t as easy as getting rid of an unwanted file on your computer.

mobile devices

It would be convenient if you could just click a button and delete your old phone (maybe that’s next on Google’s plate), but for now it takes a little more effort to get rid of a real, tangible object.

Before you sell or give away your old Android smartphone, you’ll want to do a factory reset so that the next owner won’t have access to any of your sensitive data.

But how effective is that factory reset feature? Does it actually erase your data, or could a stranger still find a way to extract private information out of your used phone.

Researchers recently put that question to the test, and the results weren’t exactly promising.

The Verdict: Factory Reset is Fundamentally Flawed

Cambridge University professor Ross Anderson and researcher Laurent Simon bought 26 secondhand Android phones over eBay, sampling the operating systems Android 2.2 (Froyo) through Android 4.3 (Jellybean).

Every single phone of the 26 they tested retained at least some of the information that was in them before they were put them through a factory reset. This information included contact information, photos, videos, messages, third-party data, and more.

In 80% of cases, Anderson and Simon were able to recover Google authentication tokens and restore the previous user’s information for Gmail and other apps.

The operating systems tested are used by 50.5% of all Android users, meaning that over 500 million Android phones out there have this factory reset flaw.

What can you do about it?

Strong passwords (11+ characters with both upper and lower case letters and also numbers and symbols) can’t hurt. Activating full-disk encryption also helps.

One of the more technically-involved solutions is to overwrite all unallocated space with random-byte files, but this method requires some technical skill, as the partition has to be overwritten manually bit by bit to be properly sanitized.

Want to learn about what else you can do to ensure that your private data is kept private when you get rid of your old devices? Give us a call at (866) 828--6674 or send a message to info@offsiteIT.com for information about our mobile device security services.

Alexssa

I first hired John directly as an employee back in 1999.
He was an excellent addition to a growing team at a small technology company. Subsequent to the sale of the company, John branched out on his own and started an IT consulting firm. Since that time, I have not used anyone else. John is capable, personable, has integrity and is also very likable. I would recommend him without reservation.”

  Kevin DiCerbo   

Connect With OffSite IT

  • Los Angeles / Orange County 22607 La Palma Avenue Suite 409 Yorba Linda, CA 92887
  • Chicago 6912 Main Street Suite 214 Downers Grove, IL 60516
  • 1-866-828_-6674 info@offsiteIT.com