Singapore Expats Forum

Android's Factory Reset Option Does Not Wipe All Data

Discuss about computers & Internet. Including mobile phones, home appliances & other gadgets. Read about Windows security risks or virus updates.
User avatar
the lynx
Governor
Governor
Posts: 5253
Joined: Thu, 09 Dec 2010
Location: Location: Location: Location: Location: Location: Location: Location: Location: Location: Location:

Android's Factory Reset Option Does Not Wipe All Data

Postby the lynx » Wed, 09 Jul 2014 5:21 pm

http://gadgets.ndtv.com/mobiles/news/androids-built-in-factory-reset-option-does-not-wipe-all-data-study-555500

"Users thought they were doing a clean wipe and factory reinstall," said Jude McColgan, Avast Mobile Division President speaking to CNET, but instead of a clean wipe, the factory reset clears "only at the application layer."


Oh boy...

User avatar
ecureilx
Immortal
Immortal
Posts: 9808
Joined: Fri, 20 Aug 2010

Re: Android's Factory Reset Option Does Not Wipe All Data

Postby ecureilx » Wed, 09 Jul 2014 5:47 pm

the lynx wrote:http://gadgets.ndtv.com/mobiles/news/androids-built-in-factory-reset-option-does-not-wipe-all-data-study-555500

"Users thought they were doing a clean wipe and factory reinstall," said Jude McColgan, Avast Mobile Division President speaking to CNET, but instead of a clean wipe, the factory reset clears "only at the application layer."


Oh boy...


I know it, when I was about to gift my Galaxy ace

rooted it and did an upgrade to pseudo V 4 .. problem solved ... but warranty void

actually even the Symbian phones don't delete all info too ...

User avatar
nakatago
Moderator
Moderator
Posts: 8333
Joined: Tue, 01 Sep 2009
Location: Sister Margaret’s School for Wayward Children
Contact:

Re: Android's Factory Reset Option Does Not Wipe All Data

Postby nakatago » Wed, 09 Jul 2014 6:10 pm

ecureilx wrote:
I know it, when I was about to gift my Galaxy ace

rooted it and did an upgrade to pseudo V 4 .. problem solved ... but warranty void

actually even the Symbian phones don't delete all info too ...


Flash memory has a limited number of writes it can tolerate before it fails. Deleting stuff actually just changing the state in a memory address from "something" to "nothing." For most purposes, this suffices as from the OS's point of view, all files are deleted. If one really wants a true wipe, you must go deeper. Old phones tend to get passed along and immediately overwritten with the new user's data. For what it's worth, even desktop OSs work this way (what? you think that Windows laptop you passed on doesn't have your old data in the newly-formatted hard drive still?).

If you're really worried about other people getting your data, you either shouldn't be using consumer-grade products (like how the president of the United States can't just use any phone) or you have protocols in place to prevent data retrieval in the first place.

There are tools available that does true data deletion as you might have guessed, Avast is most probably be peddling one.

User avatar
ecureilx
Immortal
Immortal
Posts: 9808
Joined: Fri, 20 Aug 2010

Re: Android's Factory Reset Option Does Not Wipe All Data

Postby ecureilx » Wed, 09 Jul 2014 6:28 pm

nakatago wrote:
ecureilx wrote:
I know it, when I was about to gift my Galaxy ace

rooted it and did an upgrade to pseudo V 4 .. problem solved ... but warranty void

actually even the Symbian phones don't delete all info too ...


Flash memory has a limited number of writes it can tolerate before it fails. Deleting stuff actually just changing the state in a memory address from "something" to "nothing." For most purposes, this suffices as from the OS's point of view, all files are deleted. If one really wants a true wipe, you must go deeper. Old phones tend to get passed along and immediately overwritten with the new user's data. For what it's worth, even desktop OSs work this way (what? you think that Windows laptop you passed on doesn't have your old data in the newly-formatted hard drive still?).

If you're really worried about other people getting your data, you either shouldn't be using consumer-grade products (like how the president of the United States can't just use any phone) or you have protocols in place to prevent data retrieval in the first place.

There are tools available that does true data deletion as you might have guessed, Avast is most probably be peddling one.


or install everything in memory card and remove it if you are giving it away ...

User avatar
nakatago
Moderator
Moderator
Posts: 8333
Joined: Tue, 01 Sep 2009
Location: Sister Margaret’s School for Wayward Children
Contact:

Re: Android's Factory Reset Option Does Not Wipe All Data

Postby nakatago » Wed, 09 Jul 2014 6:34 pm

ecureilx wrote:or install everything in memory card and remove it if you are giving it away ...


* Not all phones come with a card slot
* Not all people even bother thinking about removing their data from a phone

If you're passing your phone to someone you know, you're probably ok.

If you're selling your phone, after a factory reset, install a dummy account, take pictures/install apps until full, factory reset again, repeat if desired.

You can also go to Settings>Security>Encryption>Encrypt Phone. Then do a factory reset.

Or you can buy their software.

User avatar
x9200
Moderator
Moderator
Posts: 9294
Joined: Mon, 07 Sep 2009
Location: Singapore

Postby x9200 » Wed, 09 Jul 2014 8:14 pm

If one is paranoid:
-even zeroing doesn't help
-urandom may, if done few times.

On a practical note: nobody will give a damn sh*t about your private data. You are not the most wanted celebrity. Also if one wants to hack it, (s)he will find a way regardless your efforts. Stay below the radar and manage your date accordingly.

User avatar
zzm9980
Governor
Governor
Posts: 6837
Joined: Wed, 06 Jul 2011
Location: Once more unto the breach

Postby zzm9980 » Thu, 10 Jul 2014 3:33 am

x9200 wrote:If one is paranoid:
-even zeroing doesn't help
-urandom may, if done few times.

On a practical note: nobody will give a damn sh*t about your private data. You are not the most wanted celebrity. Also if one wants to hack it, (s)he will find a way regardless your efforts. Stay below the radar and manage your date accordingly.


This is one of the stupidest things I've ever seen you type (and you're generally quite intelligent). No one gives a shit? Maybe the *user* gives a shit. Passwords? Financial data? Nude photos (from the article)? Just personal expectation of privacy?

FWIW iOS's solution to this is offering hardware level encryption. All data is encrypted per application is encrypted if the application developer 'opts in'. Then when the user wants it wiped, iOS simply wipes the key used for decryption. The encrypted data remaining is no more useful than random numbers.

User avatar
x9200
Moderator
Moderator
Posts: 9294
Joined: Mon, 07 Sep 2009
Location: Singapore

Postby x9200 » Thu, 10 Jul 2014 7:17 am

zzm9980 wrote:
x9200 wrote:If one is paranoid:
-even zeroing doesn't help
-urandom may, if done few times.

On a practical note: nobody will give a damn sh*t about your private data. You are not the most wanted celebrity. Also if one wants to hack it, (s)he will find a way regardless your efforts. Stay below the radar and manage your date accordingly.


This is one of the stupidest things I've ever seen you type (and you're generally quite intelligent). No one gives a shit? Maybe the *user* gives a shit. Passwords? Financial data? Nude photos (from the article)? Just personal expectation of privacy?


It's not really stupid, just pragmatic:
1) for majority of the users nobody would care to look for such data (leftovers) unless they are still available at the application level. Good that the study showed a potential problem (more real right now as it was advertised) but in reality it was/is extremely unlikely that the next owner was going to make any attempts to recover anything. I bet it is more likely by an order of magnitude that the said devices were lost or stolen with all the data presents in their original condition.

2) no one with a tidbit of common sense store this sort of data in such devices (or he/she takes calculated risk). I think you as a security specialist are more then aware that practically always it is possible to restore the data, factory reset or not. It is just the matter what means are employed. If you chose to store your naked photos on such device you always take a risk. Always.
Also, if you have a PC with sensitive data and you encounter a disc failure with no access to the disc within the warranty period what should you do?

3) Yes, encryption helps but if someone really wants I bet the key can be also recovered, or not? The only true* protection would be to have the key on a separate piece of hardware and have a new one issued with the change of the owner with the old one being physically destroyed.

*true as of the computing power available to check all the possible keys.

User avatar
zzm9980
Governor
Governor
Posts: 6837
Joined: Wed, 06 Jul 2011
Location: Once more unto the breach

Postby zzm9980 » Thu, 10 Jul 2014 7:36 am

x9200 wrote:
zzm9980 wrote:
x9200 wrote:If one is paranoid:
-even zeroing doesn't help
-urandom may, if done few times.

On a practical note: nobody will give a damn sh*t about your private data. You are not the most wanted celebrity. Also if one wants to hack it, (s)he will find a way regardless your efforts. Stay below the radar and manage your date accordingly.


This is one of the stupidest things I've ever seen you type (and you're generally quite intelligent). No one gives a shit? Maybe the *user* gives a shit. Passwords? Financial data? Nude photos (from the article)? Just personal expectation of privacy?


It's not really stupid, just pragmatic:
1) for majority of the users nobody would care to look for such data (leftovers) unless they are still available at the application level. Good that the study showed a potential problem (more real right now as it was advertised) but in reality it was/is extremely unlikely that the next owner was going to make any attempts to recover anything. I bet it is more likely by an order of magnitude that the said devices were lost or stolen with all the data presents in their original condition.


Once a cheap/easy tool is available (There are already a pair of tools I know of, and have for a while) to do this, lots of people will be doing this to old devices. Mobile phone vendors need to consider this.

2) no one with a tidbit of common sense store this sort of data in such devices. I think you as a security specialist are more then aware that practically always it is possible to restore the data, factory reset or not. It is just the matter what means are employed. If you chose to store your naked photos on such device you always take a risk. Always.
Also, if you have a PC with sensitive data and you encounter a disc failure with no access to the disc within the warranty period what should you do?

Email access automatically begets most of this. Many more users access this type of data from phones anyway. Except maybe the nudies lol.

3) Yes, encryption helps but if someone really wants I bet the key can be also recovered, or not? The only true* protection would be to have the key on a separate piece of hardware and have a new one issued with the change of the owner with the old one being physically destroyed.

*true as of the computing power available to check all the possible keys.


Every iPhone since iPhone4 has had dedicated crypto storage specifically for this purpose. It's easy for Apple since they own the hardware and software stack. Other phone makers should do the same. It's harder for them.

User avatar
zzm9980
Governor
Governor
Posts: 6837
Joined: Wed, 06 Jul 2011
Location: Once more unto the breach

Postby zzm9980 » Thu, 10 Jul 2014 7:38 am

You can encrypt the device and Android will do something similar. I'm hoping it zero's out the key. Note sure though:

http://arstechnica.com/gadgets/2014/07/ ... warranted/

User avatar
x9200
Moderator
Moderator
Posts: 9294
Joined: Mon, 07 Sep 2009
Location: Singapore

Postby x9200 » Thu, 10 Jul 2014 8:46 am

zzm9980 wrote:
x9200 wrote:
zzm9980 wrote:
x9200 wrote:If one is paranoid:
-even zeroing doesn't help
-urandom may, if done few times.

On a practical note: nobody will give a damn sh*t about your private data. You are not the most wanted celebrity. Also if one wants to hack it, (s)he will find a way regardless your efforts. Stay below the radar and manage your date accordingly.


This is one of the stupidest things I've ever seen you type (and you're generally quite intelligent). No one gives a shit? Maybe the *user* gives a shit. Passwords? Financial data? Nude photos (from the article)? Just personal expectation of privacy?


It's not really stupid, just pragmatic:
1) for majority of the users nobody would care to look for such data (leftovers) unless they are still available at the application level. Good that the study showed a potential problem (more real right now as it was advertised) but in reality it was/is extremely unlikely that the next owner was going to make any attempts to recover anything. I bet it is more likely by an order of magnitude that the said devices were lost or stolen with all the data presents in their original condition.


Once a cheap/easy tool is available (There are already a pair of tools I know of, and have for a while) to do this, lots of people will be doing this to old devices. Mobile phone vendors need to consider this.

Lots? They will be buying 2nd hand camera phones from ebay and such to check if there are some naked photos inside? C'mon.


2) no one with a tidbit of common sense store this sort of data in such devices. I think you as a security specialist are more then aware that practically always it is possible to restore the data, factory reset or not. It is just the matter what means are employed. If you chose to store your naked photos on such device you always take a risk. Always.
Also, if you have a PC with sensitive data and you encounter a disc failure with no access to the disc within the warranty period what should you do?

Yes, true, but who, an average who, cares to recover such data? You sold your phone, somebody bought it and then, this somebody had to: a) know he could do it; b) make some effort to do this. A 1/10k chance?

Again, why do you think somebody would make an effort (personal, finantial) to buy a phone from an anonymous person hoping to take over her or his e-mail passwords? Just realize what efford this would require, assuming the intentions are criminal.

3) Yes, encryption helps but if someone really wants I bet the key can be also recovered, or not? The only true* protection would be to have the key on a separate piece of hardware and have a new one issued with the change of the owner with the old one being physically destroyed.

*true as of the computing power available to check all the possible keys.


Every iPhone since iPhone4 has had dedicated crypto storage specifically for this purpose. It's easy for Apple since they own the hardware and software stack. Other phone makers should do the same. It's harder for them.

But this is a built in storage and can not be replaced/destroyed by the end user. Or is this some sort of storage that once wiped out is not possible to recover data at all? Somehow I doubt that in this world of permanent invigilation a company would sell a product where the data can not be recovered.

User avatar
rajagainstthemachine
Manager
Manager
Posts: 2810
Joined: Sat, 24 Nov 2012
Location: Singapore

Postby rajagainstthemachine » Thu, 10 Jul 2014 8:50 am

zzm9980 & X9200

I'm open to buying used memory cards from you guys :cool: how many naked photos will I find?
To get there early is on time and showing up on time is late

User avatar
x9200
Moderator
Moderator
Posts: 9294
Joined: Mon, 07 Sep 2009
Location: Singapore

Postby x9200 » Thu, 10 Jul 2014 9:53 am

The whole point is there is no reason to panic. Nothing is going on more severe that is already going on for many years. It is simply ridiculous if one considers how people handle their sensitive data on their own PCs/Macs/laptops whatever. How many of them wipes their hard drives clean when selling the computers or sending for a service? I mean anything beyond format c: . Tools to recover are everywhere and guess what? Nothing bad happens. Here we have exactly the same situation from the end user accessibility perspective.

Raj, I believe my wife may have some photos of my naked chest and above on her iphone. You have to negotiate with her.

User avatar
nakatago
Moderator
Moderator
Posts: 8333
Joined: Tue, 01 Sep 2009
Location: Sister Margaret’s School for Wayward Children
Contact:

Postby nakatago » Thu, 10 Jul 2014 9:58 am

rajagainstthemachine wrote:zzm9980 & X9200

I'm open to buying used memory cards from you guys :cool: how many naked photos will I find?


You do NOT WANT to see those.

User avatar
rajagainstthemachine
Manager
Manager
Posts: 2810
Joined: Sat, 24 Nov 2012
Location: Singapore

Postby rajagainstthemachine » Thu, 10 Jul 2014 12:05 pm

nakatago wrote:
rajagainstthemachine wrote:zzm9980 & X9200

I'm open to buying used memory cards from you guys :cool: how many naked photos will I find?


You do NOT WANT to see those.


hey want a used camcorder dude?

@x9200 *steps away from the keyboard slowly*
To get there early is on time and showing up on time is late


  • Similar Topics
    Replies
    Views
    Last post
  • Data protection - Personal data
    by martincymru » Sun, 12 Jan 2014 1:42 pm » in General Discussions
    28
    5983
    by JR8 View the latest post
    Thu, 23 Jan 2014 10:55 pm
  • Reset the Net
    by the lynx » Fri, 06 Jun 2014 8:57 am » in Computer, Internet, Phone & Electronics
    4
    1097
    by x9200 View the latest post
    Sat, 07 Jun 2014 8:44 am
  • Microsoft Has Killed Skype for Android
    by Strong Eagle » Thu, 29 Aug 2013 11:02 pm » in Computer, Internet, Phone & Electronics
    15
    9357
    by sm1980 View the latest post
    Wed, 16 Oct 2013 10:14 am
  • Android external mics
    by Brah » Tue, 08 Jul 2014 9:26 pm » in Computer, Internet, Phone & Electronics
    13
    2307
    by Brah View the latest post
    Thu, 07 Aug 2014 7:17 am
  • Android stagefright security hole
    by x9200 » Tue, 28 Jul 2015 11:48 am » in Computer, Internet, Phone & Electronics
    6
    2061
    by x9200 View the latest post
    Wed, 12 Aug 2015 3:26 pm

Return to “Computer, Internet, Phone & Electronics”

Who is online

Users browsing this forum: No registered users and 1 guest