Your personal data may not be completely removed with an Android factory reset

Your personal data may not be completely removed with an Android factory reset
You just received your shiny new flagship of a smartphone and now you are ready to put the old one up for sale on eBay, or Craigslist, or Swappa. The secondary market is alive and well with over hundreds of thousands of devices for sale.

You have taken really good care of your older Android device and are certain that it will get a great price from an eager buyer. All you need to do is perform a factory reset and you are good to go, right? Maybe not.

AVAST, an anti-virus software and provides free software, as well as paid services for consumers and businesses alike, took to the internet and bought 20 used Android phones for the purposes of seeing how much, if any, personal data was still on the devices after a factory wipe and reset had been performed. The results were stunning to say the least.

With the help of some off-the-shelf digital forensic software (such as FTK Imager), AVAST was able to cover the following:

  • Over 40,000 stored photos
  • More than 1,500 family photos of children
  • More than 750 photos of women with varying degrees of clothing on (or off)
  • More than 250 selfies taken by men doing their best imitation of former Congressman Anthony Weiner
  • Over 1,000 Google searches
  • At least 750 emails and text messages
  • More than 250 contacts names and email addresses
  • Four previous owners’ identities
  • One completed loan application

What is happening then? AVAST’s press release does not note if any of the devices were, in fact, not factory reset or if there were any errors in how devices might have been reset. We also do not know how old, or what version the operating system is on the devices. We reached out to AVAST to see if there were any other variables worth noting in their findings. Taking those issues aside, where is the factory reset falling short? The reset in these instances seems to be focused more on the application layer, and not much more.

AVAST noted that its anti-theft app, free on Google Play, has the ability to delete and overwrite these personal files along with a host of other features. That app, avast! Anti-Theft, and dozens of others may be worth considering before putting your former device, a veritable digital life-wallet up for sale.

UPDATE: We sent a few questions to AVAST to get some idea of what they were working with when the embarked on this little project. We heard back from Jaromír Hořejší, malware analyst, and Tomas Zeman, Mobile Product Manager at AVAST.

Q: Were there any indications that any of the devices were not properly "factory reset?"
A: The majority of the phones were factory reset, however there were some that our virus lab started and went via default setup tutorial.

Q: What version of the operating system was installed on the devices?
A: All different android versions were present, most of the phones had Android version 4 (different versions), some others had Android version 2.3.x called Gingerbread.

Q: Was AVAST able to replicate the results? - meaning, re-wiping a device and still finding data?
A: Yes, we did proper factory reset on some phones (in case the owner had not done this) and were still able to find data. Therefore, we were able to replicate our experiments.

Q: Aside from the "application layer" being wiped, is there any explanation from AVAST's point-of-view as to how and why the factory reset is so ineffective?
A: It depends on the manufacturer's implementation. If the implementation of factory reset was correct, nothing was recovered. If the implementation is incorrect, we were able to recover some data.

As for the 20 devices AVAST bought on the secondary market to take on this project, the breakdown is as follows:

HTC EVO V 4G
HTC One X
HTC Thunderbolt
HTC Sensation 4G
Motorola Droid RAZR (4)
Motorola ATRIX 4G
Samsung Galaxy S2 (2)
Samsung Galaxy S3 (3)
Samsung Galaxy S4 (2)
Samsung Galaxy Stratosphere
LG Optimus (2)

Based on the answers, where implementation "was correct," and nothing was recovered, if nothing else, this serves as a handy reminder to take care in properly preparing your devices before you part ways with them.

Your personal data may not be completely removed with an Android factory reset

sources: AVAST via CNET

FEATURED VIDEO

54 Comments

1. apple4never

Posts: 1064; Member since: May 08, 2013

lol anthony weiner expression

2. CX3NT3_713

Posts: 2347; Member since: Apr 18, 2011

Sounds legit...

10. steedsofwar unregistered

These kinds of claims need independent verification from a third party with nothing to gain from this report to be 'legit' imho. Of course I won't be surprised if it's true, when ALL hard drives or digital file storage solutions probably have this inherent flaw. Only very sophisticated 'wiping' and rewriting/overwriting the data really makes it non recoverable. Or least recoverable.

20. Napalm_3nema

Posts: 2236; Member since: Jun 14, 2013

The iPhone doesn't have the flaw. Just sayin'.

21. Napalm_3nema

Posts: 2236; Member since: Jun 14, 2013

Ugh, self-spam.

3. jaytai0106

Posts: 1888; Member since: Mar 30, 2011

Glad I didn't sell my old Nexus 4 then. Displaying it on my bookshelf.

6. garlic456

Posts: 251; Member since: Dec 24, 2012

lol Nexus 4 isn't even old :D

45. jaytai0106

Posts: 1888; Member since: Mar 30, 2011

I know it's not that old :P but you know how in the tech world, 1+ year is consider old. :P

43. UglyFrank

Posts: 2188; Member since: Jan 23, 2014

Nexus 4 is amazing, still has top offscreen graphics

4. HerpDerpMapleSerp

Posts: 52; Member since: Jul 07, 2014

Sounds like a marketing ploy to me. I usually sell my old phones preloaded with weiner pics for the new owner to enjoy.

18. vincelongman

Posts: 5607; Member since: Feb 10, 2013

Exactly, especially since Avast on Android (or any other "antivirus" app) does basically nothing

5. networkdood

Posts: 6330; Member since: Mar 31, 2010

Well, it is like if you did a factory reset on your PC - guess what? The stuff is still there for myself or someone in police forensics to find - you have to do a secure wipe to completely wipe a hard drive - same thing with Android, I suppose, and with Android it is better to do a system wipe than just a factory reset...

32. jroc74

Posts: 6023; Member since: Dec 30, 2010

Exactly. "With the help of some off-the-shelf digital forensic software" applies to PC's too. And the system wipe is done by rebooting in recovery mode.

7. SupermanayrB

Posts: 1188; Member since: Mar 20, 2012

The Po Po's use a Cellebrite machine that can retrieve ALL lost data. The machine is like $10,000.

36. Shatter

Posts: 2036; Member since: May 29, 2013

The only way to actually erase it without destroying it is to overwrite everything with 1s and 0s several times, but you can't do that to a phone so...

8. JakeLee

Posts: 1021; Member since: Nov 02, 2013

That's Android, gentlemen.

9. steedsofwar unregistered

This guy's a douche, ladies and gentleman

11. darkkjedii

Posts: 30783; Member since: Feb 05, 2011

Jake, where've thinking of u been bro?

26. darkkjedii

Posts: 30783; Member since: Feb 05, 2011

Oops, short cuts lol. You is what I meant.

12. boosook

Posts: 1442; Member since: Nov 19, 2012

It's the same on your PC… that's why there are tools that completely erase your deleted files on the hard disk by writing random patterns multiple times over them (up to 30 times on everu file) so that they can't be recovered. It's normal, unless you encrypt your hard disk (you can do it in linux, and even in android, the option is in the preferences), so why something that is perfectly known (and has always been like this since when computers were invented) has suddendly become an android's issue?

13. rodneyej1

Posts: 3576; Member since: Jul 06, 2013

Do you really trust that iOS, and WindowsPhone, erase everything permanently?.... I doubt it. .............. You can't be 100% sure if you didn't code it... Not even WP team members are 100% sure, because no one developer coded the OS.... Please don't troll.. There's some good Android fans here... We love WP, but we don't have to defend it, and we definitely shouldn't stoop to the rock bottom low level of trolls... Remember that!

15. wilsong17 unregistered

At least on android we got custom recovery to wipe out the system with special script or manually 10x

16. rodneyej1

Posts: 3576; Member since: Jul 06, 2013

That's nice... Maybe one day MS will let up on access to WP so that it'll enable, and attract, developers to make these kinds of apps for the platform... ............... But, how do we know they work?

22. Napalm_3nema

Posts: 2236; Member since: Jun 14, 2013

The source article actually states that the iOS devices are clean because iOS overwrites the data partition with 1's, and the newest models remove the encryption keys rendering anything left behind unreadable.

25. JakeLee

Posts: 1021; Member since: Nov 02, 2013

And that's iOS, gentlemen. And it's just one of so many differences that aren't noticeable immediately.

33. jroc74

Posts: 6023; Member since: Dec 30, 2010

Thats PC's too, gentlemen.

14. wilsong17 unregistered

Lol I fee sorry for these virus app to be making bogus claim so people can buy then... been using Android since 2009 no problem here

19. JakeLee

Posts: 1021; Member since: Nov 02, 2013

No problem you are aware of. And that's the real problem when it comes to security.

46. Ishmeet

Posts: 111; Member since: Sep 16, 2013

The real problem to security comes from user itself. One can have a super strong antivirus, that updates definitions almost instantly, as they become available, and that too on a super locked OS, where the potential for hacking is quite less, but still be at a security risk if the user just goes on around without knowing anything and writes random, corrupted data or spyware on that OS and also gives permission to it for running and data collection. In today's world, one needs to be smart himself/herself, rather than just sit and enjoy browsing stuff and downloading unknown things. If one has to worry so much about things needing to be super secure just out of the box, then he/she may wear a tinfoil and go to the period when mobiles didn't exist. And to be very frank, I myself have been running windows 7 home basic on my old laptop, without any antivirus, but haven't got even one issue or virus/malware/adware/spyware on it, and I browse many sites daily, and even if things did sneak in I myself know how to remove things and where they can be located. Hope this contributes to the dense brains of many fanbabies here.

54. JakeLee

Posts: 1021; Member since: Nov 02, 2013

Oh, people died in car accidents have noone else to blame than themselves then since they would have maneuvered out of the mess if they were more skilled drivers. Very intersting.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.