Are you planning to junk your smartphone in the second-hand device market for the sake of a new one? Beware as your data can be retrieved from your old phone.
A new Cambridge study has found that user data is retrievable from second-hand Android devices that have been wiped via a factory reset, techweekeurope.co.uk reported. Such data can be recovered even from handsets protected by full-disk encryption, the researchers said.
Most Android handsets offer no easily accessible way of deleting user data, including access tokens, messages, images and other content, the study said.
Experts have been airing their concerns for some time now that the smartphones are extraordinarily difficult to clear of user data.
The study examined 21 second-hand devices running Android versions from five manufacturers that had been wiped using the operating system's built-in factory reset feature.
But the problems also exist with third-party data deletion applications, such as those offered by antivirus vendors, the researchers said.
The team was able to recover data including multimedia files and login credentials from wiped phones, and many of the handsets yielded the master token used to access Google account data, such as Gmail and Google Calendar.
The problem results from multiple issues, including the inherent difficulty of fully deleting data from the flash memory used in smartphones, something due to the physical nature of such memory chips, according to the research.
Other issues include vendors' failure to include necessary drivers or failures introduced by their modifications of Android for individual devices.
As a proof-of-concept, the researchers recovered the master token in a device and found that after reboot, it successfully re-synchronised contacts, emails and other data.
The master token, used to access Google accounts, was found to be retrievable in 80 percent of the devices that had a flawed factory reset mechanism.
Devices protected with encryption can still be accessed, because the file storing the decryption key is not erased, making it accessible to cracking, the study said.
You’ve reached your limit of {{free_limit}} free articles this month.
Subscribe now for unlimited access.
Already subscribed? Log in
Subscribe to read the full story →
Smart Quarterly
₹900
3 Months
₹300/Month
Smart Essential
₹2,700
1 Year
₹225/Month
Super Saver
₹3,900
2 Years
₹162/Month
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Exclusive premium stories online
Over 30 premium stories daily, handpicked by our editors
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app