It is common for smartphone owners to sell or recycle their smartphones after completing a “factory reset” to ensure the deletion of the stored confidential or personal data. However, even after a factory reset Android smartphones might still retain the deleted data, says ARS Technica. This alleged Android OS flaw has reportedly been identified by the computer researchers at Cambridge University.
The researchers evaluated a total of 21 Android smartphones from five OEMs. All 21 devices were reportedly running Google's mobile OS version Android 2.3.x to Android 4.3. During the test, all handsets seemingly retained at least a part of the stored data from the past. This includes photos, videos, SMS messages and emails, in addition to contact details stored in the phone app and social networking sites like Facebook and WhatsApp.
The Cambridge University researchers were apparently able to acquire the stored old data when the Android smartphone was protected with full-disk encryption. To top it off, the researchers seemingly retrieved the master token in 80 percent of the cases. For those uninitiated, the master token is the key to access Google user data.
Furthermore, the same experiment has apparently pointed out that approximately 500 million Android smartphones are at risk because of the faulty elimination of data partition where the personal information is stored. Plus, a whopping total of 630 million phones have no proper sanitization of the internal SD card and hence, it is an easy target to retrieve stored multimedia files like images and videos. Needless to say, this shocking revelation is a wake-up call for anyone using an Android phone.
In the meantime, ARS Technica has cited a North Carolina computer scientist, Kenn White, as saying, "It's going to have a major impact in organizations that have fairly mature established disposal practices because they're not effective."
Interested readers can check out the entire research and experimentation work under the title “Security Analysis of Android Factory Resets” in the form of a PDF.