Tech —

Panicking over Android’s factory reset is (mostly) unwarranted

Don't fret, there is a way to make your factory reset more like a secure erasure.

Selling your old phone online is <em>exactly</em> like prostitution.
Selling your old phone online is exactly like prostitution.

The security outfit Avast has written up a breathless advertorial claiming that selling an old Android phone exposes all your personal data—even after a factory reset. The company bought 20 used phones off eBay that the sellers thought had been wiped out, but by using forensics techniques, Avast was able to recover the previous owner's data. The melodramatic descriptions of the leftover data includes "family photos of children," "photos of women in various stages of undress," and "selfies of what appear to be the previous owner’s manhood," along with the usual texts and e-mails. Like all Anti-virus company bulletins, the recommended solution is to install the company's product, in this case the freemium "Avast! Anti-Theft" app.

While the tone is definitely over-the-top, the issue raised is legitimate. It's something that affects most computers: there is a big difference between "deletion" and "secure erase." Deleting something—either a single file or a whole partition—usually involves changing an index that points to the thing, rather than deleting the thing itself. Since only the pointer to the bits is changed, and not the actual bits, recovery software can reconstruct the contents of the "deleted" information. While you could make every deletion or partition wipe physically erase the bits, this is usually a waste of time, and, on flash memory, it would reduce the life of the device.

"Secure erase," on the other hand, means using at least one (and sometimes more than one) method of actually removing or obfuscating data past the point of practical recovery. Sometimes this means overwriting the data on the storage medium multiple times; it could also mean encrypting the data and then deleting the encryption key. One way or another, "secure erase" denotes a more permanent form of erasure than just deleting the index or reference to a file.

Securely sell your Android device with this one weird trick! (The trick is pressing the "Encrypt Phone" button).
Enlarge / Securely sell your Android device with this one weird trick! (The trick is pressing the "Encrypt Phone" button).

Avast is pointing out that Android's "factory reset" doesn't do any kind of secure erase operation, making data recovery fairly easy for someone with the right tools. The app being advertised has a “thorough wipe” feature, which presumably writes over the existing data the way a normal secure erase would. Android has a built-in way to fix this problem, though—users can just encrypt the phone before erasing it. Android has a built-in disk encryption feature that can be turned on by going to settings, security, and "encrypt phone." Since it's encrypting the entire phone (other than the SD card, which you can just keep), it will take a while to finish. After the encryption is done, then you can hit the factory reset button, and your device will be more secure than the standard factory reset. This is because even though the files are all still present, the factory reset tosses out the encryption key, and the device then has no way to decrypt and read them.

Even on a much more capable, full-sized computer, though, no software method is really trusted. The US Department of Defense used to have a standard "data sanitation" method, sometimes referred to as "DOD 5220.22-M," which advocated writing junk data to an entire drive anywhere from three to seven times. Times have changed, though, and the newest guidelines from the National Industrial Security Program say that no software method is good enough to prevent some kind of recovery. Someone, somewhere, can always get your data. The real end game for data protection now is to physically destroy the thing that used to hold your data. In the enterprise, that's done via a (totally awesome) drive crusher.

So if you want to sell your Android phone and be relatively secure, encrypting it before you wipe it would be a good idea. There is always a risk of someone getting your data once they have your old phone, though, so if you want to be really secure, don't sell it. Do something like this instead.

Update: After this report went up, a Google spokesperson got in touch with us with a statement, saying "This research looks to be based on older devices and versions and does not reflect the security protections in Android versions that are used by 85% of users. If you sell or dispose of your device, we recommend you enable encryption on your device and apply a factory reset beforehand; this has been available on Android for over three years."

Listing image by Yuri Samoilov/Flickr

Channel Ars Technica