Factory Reset of your Android Phone May Not Wipe Data

A digital forensics team retrieved compromising data from factory-reset smartphones

You probably know that before you sell or give away your old computer, smartphone or other data-recording communications device, you're supposed to “wipe it clean,” or get a factory reset — something to erase all of your data from it.

But this month, the security software company Avast made a disturbing discovery about Android smartphones: apparently you can't wipe them clean. Even if the phones undergo a full factory reset, data can still be retrieved form them.

A digital forensics team at Avast bought 20 used smartphones on eBay. All had been wiped clean, factory reset, or otherwise treated so that their original owners figured their data was no longer on them.

Yet, from those 20 phones, the Avast team was able to extract more than 40,000 photos (including at least 250 nude selfies), hundreds of email and text messages, a completed loan application (with all the personal financial data therein), and the identities of four of the phones' previous owners—and remember, that's four from a pool of only 20 phones.

Off the shelf
What's even more frightening is that Avast's team didn't have to invent some fancy new digital forensics tools to get all this information; Avast's mobile division president Jude McColgan said his team only used readily available, off-the-shelf data-retreival tools.

So, if you have an old Android which you want to replace, must you abandon all hope of selling or donating the old phone, and destroy it instead? Not exactly; there is a way to truly erase all your data, but it's extremely time-consuming (and not guaranteed 100 percent effective anyway).

If you have an erased or factory reset phone and want to hobble any digital forensics team seeking to retrieve your data, your best best is to overwrite it with new data: save a bunch of innocuous stock photos or videos (they don't even have to be your own) onto the phone. Override your previous personal emails and messages by filling your phone with innocuous or even meaningless messages.

To make an analogy: think of your phone or computer memory as a sheet of paper, and any saved data is like pencil-marks you made on it. You can use an eraser to wipe away your pencil-writings and make that paper “blank” again — but a person willing to take the time and effort could probably still look at that “blank” paper and reconstruct at least some of what you erased. However, reading your erased writings will be much harder, hopefully impossible, if you then write or at least scribble new pencil marks all over the site of your old erased ones.

Of course, the main problem with this analogy is that you can look at that piece of paper and see at a glance whether or not your new pencil markings obscure the old ones, but unless you're a digital forensics expert you can't necessarily know whether all your previously erased data has been completely overwritten.