Smartphones have advanced over the years, so much so that they can become too smart for our own good. If you have an old Android smartphone that you would like to sell off into the second-hand market, or maybe you are thinking of passing it on to a dear friend or family member. The average user would, first of all, do a factory reset of the Android device before giving the old phone away thinking you have secured your personal data.
Well, a new study done by Cambridge suggests otherwise. As cited by TechWeekEurope.com, if your old Android device falls into the hands of people who know what they are doing, all the data you thought you had erased by factory resetting your phone can be retrieved.
This includes your access tokens, pictures, and messages among other content. This possibility is a grave concern especially if the data retrieved compromises your security, safety and privacy. In case you are asking yourself, what if I had encrypted all my data. Well, the hackers can even get the decryption key, which will still be in the phone’s memory.
Experts blame this security lapse on Android handset manufacturers whom they say do not provide a foolproof way of deleting users’ data when they would like to dispose of their devices. For quite some time now experts have been raising an alarm over the fact that smartphones are particularly difficult to erase all personal data stored in them.
The research tested 21 second-hand devices all running on different versions of Android, from five different manufacturers. The devices had all the data wiped out by factory-resting the devices. They were able to recover all the data stored on those devices including login credentials of the previous owners. A good number of the devices yielded the master token that is used to access Google’s services like Gmail and Google Calendar.
Experts say that this problem comes as a result of multiple issues, including the usual problem of truly and fully deleting data from flash memory. Flash memory is what is used in the manufacture of smartphones’ memory, and their physical nature makes it difficult to completely wipe out stored data.
Other possible causes, as cited by the team includes, failure by the vendor to install necessary drivers or device integrity degradation brought about by the customization of an Android devices to suit specific needs.
To prove the gravity of the situation the team recovered a master token for one of the devices being experimented on and after reboot. They were able to re-synchronize the previous user’s contacts, emails, and other personal data. The master token is what Google uses to grant a user access to their Google accounts and enjoy the search engine’s services.