Android phones cannot remove all your personal data with factory reset

By Phi Tran Comment

avastWiping your phones for resale may seem like a simple task, but for Android phones, it’s likely to be a lot more painstaking than your typical factory reset.

The security team at Avast used their data-recovery tools on 20 phones found on eBay. What they find was rather shocking. Avast was able to retrieve 40,000 photos, 750 emails, 250 contacts with names and addresses, and even one completed loan application. Obviously some of the photos were pornographic – about 250 of the photos were nude male selfies. One user was reportedly quite a big fan of anime porn.

According to Avast, a typical factory reinstall only cleans the phone at the application layer, meaning that hidden data can still linger in parts of the phone that keeps redundant copies of your files.

When people want to delete a file, most will use the standard features that come with their operating system. After it’s done, they consider the unwanted data to be gone forever. However, this is not true. When a file is deleted, the operating system merely deletes the corresponding pointers in the file table and marks the space occupied by the file as free. The reality is that the file is not deleted and the data it contained still remains on the drive. With regular usage of the drive, the remaining data will sooner or later be overwritten with different data. The same thing happens on your PC.

In addition to the factory reset, users are encouraged to add empty data – like a harmless video, generic photos, or similar harmless files. Doing so resets some of the NAND flash on the device, the flash memory storage device used to store redundant copies of your phone’s data. Even doing so might not guarantee complete removal. Avast was quick to point out that its Android security app was able to properly clean an Android phone for resale.