Doing a factory reset to wipe the data off smartphones does not work, and the data can be recovered, warned Avast.
The company recovered tons of data, including more than 40,000 stored photographs, from 20 used Android phones purchased from eBay.
Avast said device owners need to overwrite their files to make them irretrievable, touting one of the applications it offers.
“I am not at all surprised because RAM-based memory still uses the same file system as hard drives, and … PC files do not really get deleted either,” Stu Sjouwerman, CEO at KnowBe4, told TechNewsWorld.
What About iPhones?
Avast did not analyze iPhones, but “in general, on iOS, recovery is much more complicated,” Tomas Zeman, its mobile product manager, told TechNewsWorld.
“It depends on the version of iOS, the version of the device, and whether files on the device are encrypted,” he continued.
Dave Jevans, founder and CTO of Marble Security, told TechNewsWorld that both Android and iOS are based on Unix-like operating systems and use NAND flash storage. ” So it’s highly likely” that data on both can be retrieved after it has been deleted.
Tablets are just as vulnerable to data retrieval.
Avast’s Rich, Sometimes X-Rated, Harvest
More than 1,500 family photos of kids, 750 photos of women in various stages of undress, and more than 250 selfies of men’s nether regions were among the photos Avast recovered.
The identities of four previous device owners, one completed loan application, more than 250 contact names and email addresses, more than 750 emails and text messages, and more than 1,000 Google searches were also recovered.
One phone had another vendor’s security software installed — but that device gave up the largest amount of personal information gleaned, Avast said.
How the Data Was Obtained
Avast used the program FTK Imager to mount the image of a partition containing user data. Devices whose users did not store data on removable micro SD cards or internal storage could be connected by a USB cable to a computer, which mounted the storage as removable storage.
Devices that don’t support mass storage had to be rooted, and a mass storage application such as Media Transfer Protocol was used to transmit media files.
In some cases, the cell phones were backed up using Android Debug Bridge, and the data was converted to a .tar archive using an Android Backup Extractor.
The Numbers Tell the Story
More than 80,000 people list their smartphones on eBay daily, Avast said.
The market for used smartphones is growing, with Apple, big box stores such as Walmart and Best Buy, and carriers all running phone buyback or trade-in programs. Also, carriers have leasing programs that let users get a new device at regular intervals.
Companies like Gazelle, which buy used smartphones, erase and resell them. In May, Gazelle accepted its 2 millionth device and hit its 1 millionth customer mark.
That makes things more dangerous for smartphone owners.
Smartphone Recovery Pro and Recovery-android.com are among the companies offering Android smartphone data recovery software.
Easus, which offers free and paid versions of its MobiSaver Android data recovery software, also offers something similar for iOS.
Solutions to the Problem
Smartphones, whether owned by an enterprise and provided to the staff or owned by consumers, must be wiped before they are reissued, discarded, or sold, KnowBe4’s Sjouwerman said.
“Use encryption in corporate applications for BYOD phones,” Marble’s Jevans suggested.
Enterprises may not wipe the hard drives of smartphones they own before reissuing them to other staff.
NAND flash “only has a limited lifetime for reads and writes before it wears out,” Jevans said.
Erasing the contents of files “is not only slow but would reduce the life of the memory considerably,” he continued. “That’s why it’s generally not done.”
Loading ...
Great article! I never knew that data still remains inside the smartphone and can be recovered again that too after factory reset. Other than the Android data recovery software names mentioned here, I remember one of my friends suggested a software called Stellar Data Recovery For Android which has a similar capability in data recovery. The software was nice but I had a similar doubt on what if I need to sell my Android someday and somebody can “actually” recover my data which I think was gone. Thanks for educating on this topic.
Good articles thanks for sharing
Yes, if you are going to sell or abandon your old phone, for safety issue, you’d better erase your phone instead of doing a factory reset. Such recovery tool like easeus, android data recovery, mobikin doctor has the ability to recover the phone data.
Figure out How to root android telephones. Get ventures by step technique to root android telephone without pc. Complete manual for root android with programming and apparatuses. Additionally root android tablets or gadgets
http://howtorootandroid.org/