Avast, the security software company known for their anti-virus program, has revealed how much personal information can be retrieved from Android phones that have been factory reset. During a research project the company bought a number of smartphones from eBay and were able to access highly personal information despite the fact that all of the devices had been factory reset by their previous owners.
Using off-the-shelf software rather than specialist computer forensics tools, Avast was able to access data on the Android devices that included 40,000 photos along with 750 SMS and email messages. The researchers were also able to access contact details and view secure documents. Researchers in the report wrote that: “Although at first glance the phones appeared thoroughly erased, we quickly retrieved a lot of private data. In most cases, we got to the low-level analysis, which helped us recover SMS and chat messages.”
The factory reset option is available in almost every electronic device that can store information. It usually reverts a device back to its original settings, deleting all stored data and removing applications. Users generally use the reset when they are looking to sell their phone in order to remove any personal or private information. With Android smartphones though, the factory reset is only wiping data at “the application layer”, leaving other information available to be retrieved.
Although the report only investigated Android smartphones, it is possible that this type of security flaw could also be present in other devices. This could potentially mean that personal information stored on electronic devices is vulnerable when sold on or traded in. Avast recommends in the report that users don’t simply rely on the factory reset options on their devices, instead they should also look at alternative software that can help delete data permanently. This would help prevent sensitive data being accessed by potential future owners.