A new study reveals that Android smartphones' built-in 'factory reset' feature may not be enough to delete your personal data. Security software maker Avast discovered that Android's factory reset fails to delete some data and leaves it in a recoverable state. The study didn't include iOS devices.
In a world where smartphones have become constant companions, with users carrying it everywhere, taking selfies, sharing bank account details while purchasing stuff, surfing social networking websites through apps that keep logins, and more, such a revelation can be shocking. When users discard or sell their old phones, a simple click of the 'Factory reset' option reassures them all their personal data has been wiped from the device - Avast says however, that the feature does not wipe the data thoroughly.
"Users thought they were doing a clean wipe and factory reinstall," said Jude McColgan, Avast Mobile Division President speaking to CNET, but instead of a clean wipe, the factory reset clears "only at the application layer."
For the study, a team of Avast purchased 20 old Android smartphones from eBay that were thoroughly erased, and then attempted to recover the data. The team says it recovered more than 40,000 photos including a number of nude selfies of males and females, along with 750 emails and text messages, 250 contacts, identity of four phones' previous owners, and one completed loan application from these Android smartphones.
The team says it didn't use any complex recovery procedure to recover the data; instead it used a free tool named FTK Imager (forensic toolkit imager). It also gathered tips on individual phone models from the publicly accessible developer forum called XDA, on which programmers and experts trade information on mobile hardware.
"Although at first glance the phones appeared thoroughly erased, we quickly retrieved a lot of private data. In most cases, we got to the low-level analysis, which helped us recover SMS and chat messages," Avast researchers Jaromir Horejsi and David Fiser wrote in the report.
The company also noted in a blog post that its own Avast! Anti-Theft app, which comes with a deletion tool, does a better job at wiping personal data than the Google's factory reset option in Android OS.
Avast explains how files were able to be recovered after the factory reset. When a file is deleted, the operating system just deletes the pointers corresponding to that file and marks the space that will be overwritten when another file is stored. Therefore until the space is re-written, the file can still be restored.