1. User data retrievable from second-hand smartphones

User data retrievable from second-hand smartphones

Smartphones: Most Android handsets offer no easily accessible way of deleting user data including access tokens, messages, images and erased data can be retrieved.

By: | London | Updated: May 24, 2015 8:10 PM
android smartphones

The factory-reset shortcomings uncovered by researchers at the Cambridge University affect an estimated 500 million Android phones, and pose a problem for organisations that routinely resell such devices. (Reuters)

Thinking of selling your old smartphone? Watch out, as its data may be retrievable even after wiping it!

User data is routinely retrievable from second-hand Android devices that have been wiped through a factory reset, a new Cambridge study has warned.

Most Android handsets offer no easily accessible way of deleting user data including access tokens, messages, images and other content, researchers said.

The factory-reset shortcomings uncovered by researchers at the Cambridge University affect an estimated 500 million Android handsets, and pose a problem for organisations that routinely resell such devices.

Researchers said up to 630 million people do not properly wipe multimedia files.

They examined 21 second-hand devices running Android versions 2.3 to 4.3 from five manufacturers that had been wiped using the operating system’s built-in factory reset feature, ‘Tech Week Europe’ reported.

Researchers said the problems also exist with third-party data deletion applications. Similar problems are likely to persist in newer versions of Android.

The team was able to recover data including multimedia files and login credentials from wiped phones, and many of the handsets yielded the master token used to access Google account data, such as Gmail.

Such data can be recovered even from handsets protected by full-disk encryption, researchers said.

The problem results from multiple issues, including the inherent difficulty of fully deleting data from the flash memory used in smartphones, something due to the physical nature of such memory chips, according to the research.

The researchers were able to recover the master token in a device and found that after reboot, it successfully re-synchronised contacts, emails and other data.

The master token, used to access Google accounts, was found to be retrievable in 80 per cent of the devices that had a flawed factory reset mechanism.

For Updates Check follow us on Facebook and Twitter

Tags: Smartphones
  1. B
    BeLe
    May 24, 2015 at 8:46 pm
    Problem, simple/broad explanation, no solution. Thanks for the news though. I guess I'll have to find out if I need to use dd or something similar to wipe my old phones
    Reply
    1. C
      ch
      May 24, 2015 at 8:18 pm
      Why post a picture of a BlackBerry when Android is the affected platform?
      Reply
      1. C
        charles
        May 24, 2015 at 9:45 pm
        organisations (spelling). No spell checker for this author? Also why focus photo on Blackberry which does not use the Android OS?
        Reply

        Go to Top