Posted by: David Harley | May 22, 2015

Selling on your Android?

Then you might want to be aware that you may be selling on some of your data with it, even after a factory reset.

A paper on Security Analysis of Android Factory Resets by Laurent Simon and Ross Anderson is based on a study of ‘the implementation of Factory Reset on 21 Android smartphones from 5 vendors running Android versions v2.3.x to v4.3.’ They believe that:

…up to 500 million devices may not properly sanitise their data partition where credentials and other sensitive data are stored, and up to 630M may not properly sanitise the internal SD card where multimedia files are generally saved. We found we could recover Google credentials on all devices presenting a flawed Factory Reset.

Anderson’s own blog also points out that this calls into question the ability of security software to guarantee the effectiveness of a remote wipe of a stolen phone if the software relies on a faulty factory reset, an issue explored in more detail in the paper Security Analysis of Consumer-Grade Anti-Theft Solutions Provided by Android Mobile Anti-Virus Apps.

Hat tip to Randy Knobloch, who flagged an article by Liam Tung that brought the papers to my attention.

David Harley
Small Blue-Green World


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.


%d bloggers like this: