Users of Google's Android mobile operating system might be at the risk of providing confidential information even after running the Factory Reset feature, which allows users to wipe out all data before selling/disposing/recycling their smartphones.
According to a new research, this information could be compromised by criminals to obtain user data even after the Factory Reset feature has been used to deleted it.
The study conducted by researchers Laurent Simon and Ross Anderson at the University of Cambridge, UK, has revealed that despite using the factory reset option, a chunk of user data remained within data partitions on Android smartphones.
Detailing their study in a report titled "Security Analysis of Android Factory Resets", Laurent Simon and Ross Anderson stated that they researched the Factory Reset feature of 21 smartphones (second-hand devices) of five different companies, which ran Android OS versions 2.3.x to 4.3.
The researchers said that their study revealed that nearly 500 million Android devices did not wipe-out data properly, after using the Factory Reset feature. Areas where data remained included internal SD cards that generally contain multimedia data of users.
Data such as Google credentials of users could be recovered from devices.
"For example, we recovered some conversations (SMSes, emails, and/or chats from messaging apps) in all devices using pattern matching," the study revealed.
"Compromising conversations could be used to blackmail victims. Gmail app emails were stored compressed. By searching for relevant headers, we were able to locate candidates and then decompress them. We found emails in 80% of our sample devices," the researchers added.
Mitigating sensitive user information
Laurent Simon and Ross Anderson state that generally smartphone users (who do not used their handsets for business) can enable Full Disk Encryption (FDE) mechanism on the first time that they use the devices. However, Android devices will need to support this feature.
For Android smartphone vendors, the digital researchers said that they could use a recent eMMC, which supports digital data wipe-out. Vendors would also have to expose the eMMC with digital sanitisation in the Bootloader, Android and Recovery Kernel.
For AOSP developers, the following guidelines have been provided:
- Use an emulated primary SD card: this ensures that only one partition needs to be properly sanitised on the phone, thus reducing margin for errors.
- Erase the entire partition, not only the part explicitly used by the file system. This reduces the chance of unfortunate surprises due to eMMC wear-levelling block management and deletion implementation problems.
- Implement sanitisation of all partitions in one place only; either in the Recovery or Bootloader Mode.
- Expose an option to have the Recovery mode perform a sanitisation validation, by reading back the entire partition and checking it.
- Provide test units for vendors to test sanitisation in the Android Compliance Suite Test (CST). Have the tests fail if secure sanitisation fails, e.g. if not supported or if the verification step 4 fails.
- Do not resort to an insecure sanitisation if the secure one fails.
- Before a Factory Reset takes place, a broadcast Intent could be sent to apps, so that they could take necessary steps to invalidate their credentials – assuming that Internet connection is available.
- Store the encryption metadata at the start of the data partition in a crypto header, rather than at the end in a crypto footer. This reduces the risk of dictionary attacks in the event of flawed sanitisation, since the first blocks are generally overwritten during partition formatting. Storing the metadata on the data partition also ensures that there is only one partition to take care of.
The latest study adds meat to a July 2014 research, conducted by digital security firm Avast, which had found that Android smartphones do not completely wipe out data when users resort to a Factory Reset.
Avast's research coincided with the above research based on close examination of more than 20 second hand smartphones, whose previous owners had resorted to a factory reset to erase stored data.