Even if Android smartphone is initialized, the possibility that mails, images, contacts, etc. are restored turned out to be revealed

BySiddartha Thota

Demand for secondhand smartphones has been rising with the advent of cheap SIM cards, but when selling Android smartphones it turned out that the risk of information leakage can not be avoided even if the terminal is initialized. Researchers at the University of Cambridge say that Android smartphones can be restored by factory reset to factory default, which can not be avoided by encryption.

Security Analysis of Android Factory Resets.pdf
(PDF file)http://www.cl.cam.ac.uk/~rja14/Papers/fr_most15.pdf

Flawed Android factory reset leaves crypto and login keys ripe for picking | Ars Technica
http://arstechnica.com/security/2015/05/flawed-android-factory-reset-leaves-crypto-and-login-keys-ripe-for-picking/

Dr. Lucent Simon of University of Cambridge and Dr. Ross Anderson published in the paper that there is a possibility that the Android smartphone can restore the data even if it initializes. Two researchers investigated "How much data can be restored after performing a factory reset" on 21 smartphones released from 5 manufacturers equipped with Android 2.3 to Android 4.3 and found that all the terminals We have announced that we succeeded in retrieving the contacts, Facebook, images, movies, SMS, e-mail etc saved before restoration as data of fragments.

For an additional 80% of devices, I have also stated that I could restore the master token, which is the credential for accessing Gmail and Google Calendar information. In other words, on most Android smartphones, it was possible to restore personal information even after performing a factory reset.

More seriously, data can be restored even if all data is encrypted using "encryption of terminal" which is the data encryption function of Android smartphone. Researchers have found that even if the data is encrypted, the file itself storing the decryption key itself is not deleted by factory reset, so if encrypted information is attacked over time it is possible to break through the password It is pointed out. In order to prevent this password cracking, it seems to be relatively effective to use a password of eleven characters or more, randomly combining upper case and lower case letters of numbers and alphabets, but it is realistic for smartphones inconvenient to key input It seems not to be.

ByTsahi Levent-Levi

According to researchers, an effective way to prevent data restoration is to write random bytes of data to overwrite all unallocated areas on storage after performing factory reset. However, even when using such a data overwrite application, it is not an easy task because it is necessary to manually install the application without going through Google Play in order to overwrite and erase Google's master token That's right.

Researchers stated that "The way to prevent data leakage damage is to leave handheld smartphones on hand, or to physically destroy them," says the researchers. Since Android smart phones experimented in this paper are OSs prior to Android 4.4 KitKat, it is unclear whether similar risks of data leakage also exist for Android 4.4 or later smartphones.