Click to Skip Ad
Closing in...
  1. Early Prime Day Deals
    08:06 Deals

    10 incredible early Prime Day deals that are about to end at Amazon

  2. Amazon Deals
    10:32 Deals

    Today’s best deals: Free $15 Amazon credit, early Prime Day deals, first M1 iMac sale, $20 Blink cam, $600 projector for $300, more

  3. Best Prime Day TV Deals
    16:38 Deals

    Best Prime Day TV deals: Samsung, LG, Vizio, and more

  4. Amazon Deals
    07:57 Deals

    10 deals you don’t want to miss on Sunday: Rare Nest Thermostat deal, $6 Kasa smart plugs, Instant Pot accessories, more

  5. Prime Day Laptop Deals
    15:18 Deals

    Prime Day 2021: Best laptop deals




500 million Android devices at risk: Researchers find that factory reset doesn’t completely wipe data

May 22nd, 2015 at 3:02 PM
Android Factory Reset

One of the most important things to do before selling or giving away a used smartphone is to wipe the device clean. After all, the last thing anyone wants is for a complete stranger to have access to all of their personal data. Unfortunately for Android users, researchers from Cambridge University recently discovered that performing a data wipe on Android devices doesn’t clear the device as one would expect.

DON’T MISS: Former Android diehard ‘never looking back’ after switch to iPhone 6 – find out why

Even with full-disk encryption in play, researchers found that performing a factory reset on Android smartphones isn’t always what it’s cracked up to be.

“[Researchers] found the file storing decryption keys on devices was not erased during the factory reset,” Allie Coyne reports for ITNews. “With access to that file, an attacker could recover the “crypto footer” to brute-force the user’s PIN offline and decrypt the device.”

As a result, researchers were successfully able to access data “wiped” Android devices from a wide variety of sources, including text messages, images, video, and even third-party applications. What’s more, researchers were able to “recover Google authentication tokens”, thereby enabling them to sync up any data a user had tied to Google’s services, including private emails.

The Android devices tested, which were purchased secondhand via eBay, were running Android 2.2 Froyo through Android 4.3 Jellybean. Together, devices running those particular flavors of Android account for 50.5% of all Android devices in use, this according to Google’s developer dashboard.

“The researchers estimated that 500 million Android devices may not fully wipe device disk partitions,” the report adds. “As many as 630 million phones may not wipe internal SD cards.”

Speaking to Ars Technica, Computer Scientist Kenn White said: “It’s a staggering number of devices out there that are exposed, and it’s not just somebody’s Gmail password. It’s images, photos, text, chat. It’s all these things that are private that you think if you’ve reset it you’ve reset it.”

Notably, the researchers point out that the level of risk across Android devices can vary by vendor. The full research report, titled Security Analysis of Android Factory Resets, can be viewed over here.

A life long Mac user and Apple enthusiast, Yoni Heisler has been writing about Apple and the tech industry at large for over 6 years. His writing has appeared in Edible Apple, Network World, MacLife, Macworld UK, and most recently, TUAW. When not writing about and analyzing the latest happenings with Apple, Yoni enjoys catching Improv shows in Chicago, playing soccer, and cultivating new TV show addictions, the most recent examples being The Walking Dead and Broad City.




Popular News