Broken Android factory reset leaves critical data intact

Factory reset or wipe is often used not just to start fresh but to also as a necessary step when selling a used Android device. Well, that's the theory anyway. Researchers from Cambridge University claim that they are just that: theories. Unfortunately, in practice, that might not be completely the case. Their tinkering of 21 smartphones from five manufacturers, all running Android versions 2.3 t 4.3, showed that factory wipe actually leaves some data locations intact. Worse, some of these locations are the very places that store credentials and encryptions keys that are supposed to be private and safeguarded.

This flaw in the Android factory reset implementation is more technical than social or intentional. Manufacturers might just not have the proper drivers to perform a completely clean wipe of data storage, especially SD cards. That said, leaving critical data partitions that hold private information intact is a pretty serious blunder. Especially when you consider that factory resets are usually done on stolen devices or those to be re-sold.

The amount of data that could be recovered from these presumed wiped devices are frightening. Some hold bits and pieces of contact information, especially those from third party apps. Some even have old photos and videos, or even messages. And while the cryptographic key used when doing a full phone encryption remains encrypted, it wouldn't take long before an experienced hacker could crack it open. And most frightening of all, the researchers were also able to find the master token that Android uses to authenticate with Google apps and services, giving them the ability to re-sync a device with the data backed up with Google.

Based on their findings, the researchers estimate that around 500 million devices don't have those sensitive data fully wiped by a factory reset. And even larger 630 million may have parts of the SD card still intact and ripe for the picking. They admit that they haven't been able to test Android 4.4 and 4.5 yet, but, unless the flaw was already known and kept secret, chances are big that later Android versions would still be vulnerable.

Sadly, the research doesn't end on a hopeful note, leaving users with very little alternatives. Since encryption might not be so effective after all, it might be better to turn off encryption, which does a factory reset anyway, when performing a wipe. Using a randomly generated unlock code might be more secure, but also extremely inconvenient. A third-party app could also be used to fill such data partitions with random data so as to overwrite sensitive information that might be there, but that app has to be installed manually and not through Google Play Store, which would require that master token in the first place. And the most extreme suggestion would be to just destroy phones instead of reselling them, which is not really an option in most cases. Google has not yet responded to these findings.

VIA: Ars Technica