Android Factory Reset Leaves Your Data Exposed: Study – InformationWeek

A burgeoning market in refurbished smartphones can help offset the cost of new devices for you or your employees. But you may want to think twice before letting any of the Android smartphone users in your organization turn their old mobile devices over to the reseller market.

study conducted by two Cambridge University students examined 21 secondhand devices from five different manufacturers running Android OS versions 2.3 to 4.3 that had been wiped using the built-in factory reset. Despite the factory reset, the researchers were able to recover the master token in 80% of the devices, from which they could successfully re-synchronize contacts, emails, and other data.

To improve usability and user engagement, most smartphone apps replace passwords with authentication tokens the first time a user enters his password. After the first password-based authentication, users are automatically logged in with the authentication token. Emails can be retrieved, calendar notifications downloaded, etc., without user intervention.

These tokens are often stored on non-volatile flash storage on the data partition, and their continued presence suggests that consumers will remain exposed to ineffectual data wipes for the foreseeable future.

The team found that viable alternatives to a factory reset for devices running Google’s Android OS each possess certain drawbacks. One such option involved filling up the partition of interest with random-byte files. This alternative was discarded by the researchers because it uses the file system rather than direct flash access, and adds another layer of uncertainty. “Overwriting the entire partition bit-by-bit once did provide logical sanitization for all devices and all partitions we studied; it is therefore a reliable alternative,” the report noted. “The drawback of this method is that it requires privileged [root] access to devices in practice. Therefore, it is likely to put off ordinary users.”

Android Factory Reset Leaves Your Data Exposed: Study – InformationWeek.


About Sin City Examiner

Rocktographer(Live Music Photographer), Motorsports & Beach Sports Photographer, based in Las Vegas & the Beach Cities in California; Website Developer, Food & Drink Photographer, Enthusiast and Critic with No-Sugar-Coating Reviews, Sports Handicapper, etc. No longer on Facebook, due to being discriminated against for using Fake Names, unlike the 'Drag Queens' of the GLBT Community that are allowed to do so. I urge everyone that reads this to leave Facebook for easier use at ( ) & ( )

Posted on May 26, 2015, in Uncategorized and tagged , , , . Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: