Factory Reset Leaves Data On 500 Million Android Devices

Researchers from the University of Cambridge published a paper on the effectiveness of data wiping Android phones using the factory reset function. The results show up to 500 million devices could be still holding your sensitive data after doing a factory reset. The researchers looked at Android versions 2.3 to 4.3 and were able to recover Google credentials on all devices with the factory reset vulnerability. Even when the full disk encryption was enabled researchers were still able to recover the encryption key and then data.

This vulnerability in the sanitization process means that you should think twice before selling your phone to a stranger on Craig’s List and organizations need to implement a sanitization process that is more than just doing a factory reset.

The report is available from Cambridge University at: http://www.cl.cam.ac.uk/~rja14/Papers/fr_most15.pdf

Post by Remote Process