Researchers from the University of Cambridge carried out a study on the sensitivity of personal data under Android after a factory reset.According to them, in January 2014, on more than 630 million terminals under Android, factory reset led to the partitions of personal and confidential data such as photos, messages or even passwords.Bad news for all those who plan to finance their new smartphone thanks to the resale of the old.
When you reset a smartphone or an Android tablet, we expect all of your personal and applications to be deleted to be deleted.However, this is not always the case.Last July, the Avast antivirus teams had made a fairly unfortunate discovery since the reset of the Android terminal factory did not effect properly the personal data.Lauren Simon and Ross Anderson, researchers from the University of Cambridge, break the nail with a 10 -page study that has just been published.Between the months of January and May 2014, they obtained used Android phones in order to study the behavior of the plant restoration.In the vast majority of cases, personal and sensitive data were readable after the operation through tools that are not necessarily easy to use.
The Android menu to restore factory values (here on Android Lollipop).
The study is extremely interesting since the two men were a panel of 26 aircraft, under different versions of Android (Froyo, Gingerbread, Ice Cream Sandwich, Jelly Bean and Kitkat).They were therefore able to analyze the behavior of each version of the bone, under different devices.It's very simple, almost no device reacts in the same way to a factory restoration.For some, you have to go through the recovery (not Android settings) to erase part of the personal data once and for all.For others, on the contrary, the telephone settings will overcome data.And for the last category (the most numerous), the majority of sensitive data will remain forever in flash memory.
Percentage of terminals with unsecured reset.Data corresponds to applications data.Primary SD with personal data.Secondary SD with data stored on a physical SD card.
However, since Jelly Bean, Google plans the possibility, for manufacturers, to implement a factory restoration which erases data from the partition /data containing the data from the applications.It is still necessary that the manufacturer takes into account and integrates the pilots necessary to send the magical command IOCTL (Blksecdiscard) to flash memory.For the partition /sdcard, which stores personal data, Google does not facilitate the work of manufacturers.Thus, AOSP does not provide the possibility of sending the famous command to erase this data physically.Thus, by default, they are only logically deleted (Android no longer sees them) but are always physically available, on flash memory fleas.Unless the manufacturer uses an emulated partition /SDCARD physically stored in the partition /data.In this case, the partition /sdcard will be formatted in the same way as the partition /data.If the manufacturer uses the right method (physical formatting), then the two partitions will be almost illegible for a possible pirate.Particular case: Android Froyo perfectly deletes the data contained on the partition /data (as can be seen in the graph above) thanks to the use of the YAFFS2 file system allowing direct access to flash memory chips Unlike the duoFAT - EMMC used from GingerBREAD.
Erasure methods according to Android versions
There are, of course, methods to succeed in extracting information from flash memory fleas which would have been correctly formatted under Android, but they require special skills and equipment.On the other hand, with a sloppy (or rather logical) formatting), it is much easier to recover personal data (contained in the partition /sdcard) and the sensitive data (of partition /data) as the Wi- passwordsFI or even tokens connection to the Google account.The researchers have indeed managed to recover their own token on a terminal, to reset it, then to reinject the token to recover access to the Google account, without using the slightest password.
Example of recoverable data
How to properly erase your data?
The researchers then give some tracks for users to erase their personal data before separating from their terminal.This is for example the case of applications that write random data on the partition /SDCARD after a factory restoration in order to make old data illegible that could always be physically present on flash memory cells.But this solution is not reliable since it is not likely to operate on all terminals in the same way (because of the use of different file systems and their specificities) and does not concern the partition /sdcard.It is then possible to fill all partitions with random data, but it is necessary to have root access and to handle from a computer connected in USB with the ADB commands.A method that has its limits when the EMMC memory controller has used overprovisioning and sensitive data is therefore on a flash memory cell which is no longer linked with the file system.OverProvisioning allows you to use part of the flash memory when certain cells are too worn.On the other hand, the data remains on the worn cells and is not deleted.
To read on the subject that they really delete his confidential data under Android? The default encryption of Lollipop discreetly abandoned
Telephone encryption: a safe option?
Finally, the last solution is to quantify your phone before making the reset.Researchers recommend activating encryption from the start of using your phone.Otherwise, clear data could be present in flash memory cells following overproplisionning.In addition, some phones do not support the encryption of the partition /data although AOSP has been planning this possibility since Jelly Bean.To add a layer, the authors specify that the encryption key is stored in the last 16 ko of the partition /data.Too bad since the end of the partition /data is that which has the least chance of being properly formatted since no data is likely to be rewritten.
Bread to board for Google and manufacturers
The study therefore ends with 8 recommendations for manufacturers in order to guarantee maximum protection of sensitive data.This therefore requires the use of Google's recommendations present in the AOSP source code as well as certain tips such as sending a message to applications before catering to ask them to revoke their authorizations or even store theencryption key at the start of the partition in order to increase the chances of deleting it physically during a restoration.
We hope that manufacturers will take into account this study and that Google will strengthen the recommendations and possibilities offered by AOSP for the physical erasure of data.It would also be interesting to carry out the same study with more recent phones and Android 5.x lollipop.For the most curious, the 10 -page study (in English) is available for download in PDF format.Practice for those who want to know more about the technical details of the case.
To follow us, we invite you to download our Android and iOS application.You can read our articles, files, and watch our latest YouTube videos.