Factory Resetting an Android Phone is not 100%

According to identity theft researcher Robert Siciliano, Android smartphones are considerably less secure than a BlackBerry or Apple device, even after you “follow protocol” and use the built-in data wipe function.

As most Android smartphone users will know, there is an option in the settings menu to perform a factory reset. Presumably, this means that all of your personal data, customizations, and apps will be deleted from the on-board memory. However, Siciliano is saying that this data is not fully deleted. He purchased 30 smartphones for his test and he was able to access personal data from 15 of them with the assistance of a forensic expert.

His recommendation is never to sell your used Android phone, but I’m not so sure. In order to hack into half of the random phones he purchased, Siciliano had to make use of his own hacking abilities and he needed the help of a forensic expert. The random buyer on Craigslist has neither of these available to him. Even so, I think that Google should take this information to heart and provide a true “factory reset” and data wipe in an upcoming update.  Or, someone can design an app (will need to be rooted of course) that wipes the data then writes zeros over the empty data, similar to desktop data security.

[Source]


Posted in: Uncategorized

2 Comments

  1. Anon says:

     I have always had this nagging though in the back of my mind what would happen if I bought a used phone rooted it and used root file explorer and snooped around. All a reset does is does a quick re install of the os. For now its security through obscurity.

  2. Art Boyle says:

    The solution is simple if you have ice cream installed: While the phone still has all your data on it perform a full encryption; then do a wipe/reset. Whatever can be found is encrypted with no way to resolve the info.

Leave a Comment