Private Data On Your Android Smartphone After Reset Not Go Away

Owners of an Android smartphone to factory reset the device, called 'factory reset', run the risk of private information are still to recover and attackers can even take over the Gmail account. Researchers at Cambridge University bought 21 second Android smartphones from five different manufacturers, with Android versions 2.3 to 4.3.

Of knew all devices with the factory reset the investigators had failed to retrieve the "Google master cookie", which it is possible to log into the Gmail account of the previous owner. E-mails and chat conversations were recovered and tokens for different apps like Facebook. Full disk encryption can solve the problem, but the researchers discovered that a failed factory reset leave enough data to recover the encryption key.

The reasons that resetting failed, according to the researchers, complex and are caused by errors in Android itself, the upgrade process of the supplier and poor integration and testing by the supplier. The problem is particularly acute among older phones and the phones of Google itself perform better than OEM suppliers. Yet it is a big problem, the researchers said."Finding out information on units sold is a growing threat, now more users buy used equipment."

Sales of appliances is in fact important for manufacturers because more people buy new models as they know they can resell later. If it appears that data on these devices are to figure this could distort the market growth. In their report ( pdf ), the researchers make several recommendations that may apply manufacturers. They also call for further research, where it is checked whether manufacturers have improved the situation on the basis of the present report.