Android Factory Reset Feature Has A Big Problem: It May Leave Sensitive Data On Your Phone

Those thinking of selling their Android device might want to think twice about doing so, after a recent study has revealed that the "factory reset" function on Android devices doesn't really do what it claims.

In fact, sometimes factory resetting your device doesn't even come close to erasing all your data. Researchers were able to find key files allowing them to log on to a user's Gmail account.

"We were able to retrieve the Google master cookie from the great majority of phones, which means that we could have logged on to the previous owner's Gmail account. The reasons for failure are complex; new phones are generally better than old ones, and Google's own brand phones are better than the OEM offerings," said Ross Anderson, one of the head researchers for the project, which was carried out in partnership with Cambridge University.

In conducting the study, researchers examined 21 Android phones, running versions 2.3 to 4.3 of Android. Based on their studies, they concluded that up to 500 million Android devices might not fully wipe disk partitions where sensitive data is stored, and up to 630 million may not delete memory cards, where things like photos and videos are stored. Most of the time, they were able to recover master tokens from a reset device.

"After the reboot, the phone successfully re-synchronised contacts, emails, and so on," they continued. "We recovered Google tokens in all devices with flawed Factory Reset, and the master token 80 percent of the time. Tokens for other apps such as Facebook can be recovered similarly. We stress that we have never attempted to use those tokens to access anyone's account."

Why are so many devices not actually deleting all of their data? According to the report, there are a number of sources for the problems, with one of the most prominent being how device manufacturers implement features meant to erase data. In some cases, manufacturers failed to include the drivers necessary to properly remove much of the data. Devices that did not properly erase data include the likes of the Samsung Galaxy S and S2, the HTC One, and the Motorola Razr I.

According to researchers, the Google Nexus 4 performed the best of the bunch, but it still had some issues. Essentially, while device manufacturers are largely to blame, Google isn't perfect either, as even stock Android devices can suffer from the issues.

Photo: Jeff Blackler | Flickr

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics