There are literally hundreds of reasons why a particular device may appeal to one person and not another, but when you strip that away we’re all concerned with the privacy and integrity of the data that passes through that device. If your smartphone of choice resides on the Android side of the fence then it could be time to rethink how sensitive data is wiped from memory after a new research has suggested that data removed using Android’s native wipe feature can be restored.
It’s common practice for smartphones to be sold via secondary sales channel when a new device is released or an upgrade is available through a network. Part of the process of preparing that device for its new home involves securely wiping all data from the device, allowing the new owner to start from a fresh installation of Android without any personalized content or settings. The existence of a built-in function to wipe all personal content and settings generally exists in most major platforms but it seems that Android’s method comes with a security bug that could potentially afford malicious individuals with the ability to restore things like text messages, contacts and social media conversations.
The rather damning research has been carried out by Avast using a collection of twenty smartphones purchased from the auction site eBay. The security bug within Android’s data-wipe feature allowed the research team to relatively easily recover a total of 40,000 photographs from previous owners, 750 email conversations and a whole host of text message streams. Perhaps even more concerning the Avast team were also able to get their hands on sensitive financial information in the form of a completed loan application.
The tools and applications required to retrieve this “deleted” data is really the nail in the coffin. Rather than having to invest in high-grade professional, forensic software the team were able to get all of the aforementioned yields by using a suite of publicly available data recovery tools, such as FTK Imager.
With Google recently teasing a new version of Android during I/O we can only hope that this flaw gets picked up on and rectified. Until then, it’s recommended that anyone looking to securely wipe data uses a more capable third-party solution.