What you need to know about Android’s ‘factory reset’ function
Upgrading your Android device?
Are you still sporting an HTC Dream (Google G1) or a tablet running Android Honeycomb? Probably not, as technological obsolescence means that as mobile devices have evolved, so has our desire to upgrade to newer models with improved performance and functionality.
Can data still be recovered after an android 'factory reset'?
Yes, many people believe that factory reset means that their personal data is permanently deleted from their device. However, this is actually not the case; it was reported that there was a flaw in androids factory reset functionality meaning personal data could still be recovered from around 500 million Android smartphones. It was also found that recovery is possible even if the device is encrypted, which is concerning for home and business users alike.
In a previous blog post we described how data such as pictures, videos and app information gets stored on Android devices, mostly via the use of internal NAND flash memory. We asked Michal Cieslik, a Mobile Device Recovery Specialist at Ontrack to explain why data can still be recovered from these types of storage devices when a factory reset has been completed:
"Performing a factory reset on an Android device simply removes the path to the data, making the device appear empty; however the data is actually still there. A recovery is possible by looking at the data structures from a low-level and using specialist tools to recreate the data into a useable format. Also, factory resetting a mobile device only affects the internal memory - any added external storage in the form of micro-SD memory cards would not be touched and the data could be recovered with widely available software recovery tools."
What does this mean for Android device users?
When the factory reset function is selected on an Android device, whilst a message may warn you that you are about to erase all of your data, the reality is that it does not. For home users, it is important to consider this when trading in your old mobile device or selling it online, as your personal photos, videos and account information could still be recoverable by someone else if the device has not been wiped correctly.
For organisations of all sizes, this poses a serious risk from a compliance and data protection perspective. Company-issued mobile devices are likely to contain confidential data; if this information was recovered and leaked externally it could lead to significant financial penalties, especially under the proposed GDPR legislation. There is also the likelihood of reputational damage, which could be detrimental to client’s trust.
What precautions should Android users take?
Android users should take care in how they dispose of their mobile devices once they no longer have a use for them, even if the device has full-disk encryption enabled. Previous processes and best-practice information should be reviewed accordingly to ensure that data does not end up in the wrong hands.
There are a number of ways in which you can erase data from mobile devices, however, the main goal would be to overwrite all of your previous data so that a recovery is not possible. Tools such as Hosted Erase fulfil this by using a secure erasure algorithm and also create a report that proves that the process has been completed successfully. If you will be relying on a third party to get rid of your data for you, it is important to check what methods of erasure they use and if they can provide any proof of this process once completed.
Ontrack Erasure Software Solution
Looking for a reliable way to ensure your data is erased?
Our specialist team at Ontrack can help give you the piece of mind that your smartphone device's personal data has been properly removed after a factory reset has been enabled with our erasure service.
Contact us today to find out more and help ensure your data is securely taken care of.
