According to latest analysis performed by security researchers, factory reset function of Google’s Android mobile operating system is not working as per the requirement. The factory reset feature which should ideally wipe an Android device clean is leaving residual data. Researchers from Cambridge University have found this new flaw in the Android.
Cambridge University researchers have published their research in a paper titled ‘Security Analysis of Android Factory Resets’. Researchers carried out this research on 21 Android based devices running various versions of the mobile OS from 2.3 to 4.3. These devices were from 5 different mobile manufacturers.
As per the research, it is estimated that more than 500 million devices are under threat due to this vulnerability. New android devices running on latest 4.4 Android OS were not checked, but they may also be affected.
Once the factory reset was applied to the tested phones the phones do not lose the entire data. Researchers were able to extract data such as contact details, details from 3rd party apps and even Android master token to access the Gmail account of the user. The failure for the phone to wipe the data completely may be due to multiple reasons. Sometimes the manufacturer does not include the software drivers to wipe the data from SD cards. The worrying part of the study is that the data can be picked from phones having full-disk encryption as well.
The failure for the phone to wipe the data completely may be due to multiple reasons. Sometimes the manufacturer does not include the software drivers to wipe the data from SD cards. Sometimes the data is stored in multiple partitions of SD card.
The worrying part of the study is that the data can be picked from phones having full-disk encryption as well.
The users who are used to selling their old phones by simply doing a factory reset will have to think twice before doing so. If their phone falls in hands of some hackers or other anti-social elements they can use the phone for identity or data theft.
Researchers have provided a number of recommendations to Google and device manufacturers to overcome this problem. Device manufacturers have to use updated software for their devices which should cover sanitization of SD cards, partitions of SD card and option to flag to apps before factory reset.