As a person who have owned different smartphones, chances are you are among those individuals who resort to selling an old gadget in order to afford to make an upgrade to a better, newer one.
In doing so, you probably resort to doing a factory reset on your device in order to erase all traces of your footprints in it, essentially leaving it feeling like its new.
There are, in fact, other plenty of reasons why smartphone users have to resort to using the factory reset aside from the aforementioned, such as generally fixing issues that are not possible by using any other means.
But does the factory reset wipe the device slate clean in that all data in it are removed beyond anyone’s access?
Apparently, that is not the case.
An Avast! experiment
To make a point, the popular anti-virus software company, Avast!, conducted an experiment which seeks to prove that doing a factory reset does not make any device free from the data it used to hold.
Using 20 unique devices as bought from the E-commerce platform, eBay, the people at Avast! employed an accessible recovery software which, to a surprising effect, gathered many data. This includes images as much as 40,000 unique pieces, Google search histories, a copious amount of emails, and even various loan applications.
Drawing from this result, it is quite an understatement to say how frightening the idea of handing our device over to a new hand, knowing of the possibility that that person might get access to our personal data, even after doing a factory reset on the smartphone.
A case study
It was not just the “prying” people at Avast! who caught the attention regarding the flawed nature of the factory reset’s inability to fully eradicate data as it was supposed to be doing. Some researchers at the Cambridge University were also hooked into the idea that they made their own tests using second-hand devices.
Although, now unsurprising, the result was pretty staggering—in the 80% of the overall cases they have conducted, they managed to retrieve master tokens, which popular service providers like WhatsApp, Google, and Facebook use for authentication once the password is successfully entered the first time.
In essence, these master tokens are what we would allude to a key to a door in real life that grants access to a supposedly highly-kept place. In the case of Android users, this token gives anyone access to a person’s sensitive information which can be re-used or re-synced to the device.
If data recovery is employed, the result would be akin to the previous owner of the device handing over his gadget to a new owner while leaving every data about himself intact (like, not using the factory reset), much to the discretion of the new user.
Why data remains recoverable after factory reset
There are a few factors to blame why the factory reset feature is not able to live up to its full name.
First, there are the manufacturers which have the ability to develop a stronger, if not absolute, data-wiping feature, but failed to do so for whatever reason.
Secondly, there is the flash storage which, by design, is notorious for being difficult about erasing data.
Lastly, there is Google itself which does not seem too keen in providing users fail-safe options about the issue.
Unfortunately, all of these factors still remain in play and what essentially cause the factory reset feature to half-ass on its intended functionality.
While a prominent brand like Avast! has obviously an interest regarding the issue, sadly it does not offer a real solution to the problem. Avast!, especially, is an established anti-virus solution company whose mainline product is aimed at securing our devices from harmful codes and other vulnerabilities. Researchers, in fact, believe that the genuine solution to the issue boils down to the vendors themselves.
Many in the technology scene would probably see a silver lining to the issue by employing the device’s built-in encryption. But even this supposed layer of protection in our devices, too, is not immune to the weaknesses which results to the problem. Much like other sensitive data that can be found lingering in the device post-factory reset, the decryption key established after having used the device’s encryption system remains in the device itself.
While others may find comfort in the idea that the decrypted key is itself encrypted which renders most people out of access to its data, researchers fear that decrypting it for whatever purpose is only a matter of a few days’ work, particularly for a persistent hacker.
Although the aforementioned issues about the factory reset can easily put anyone to weak knees in regards to protecting their personal data, there are a few solutions that you can employ in order to mitigate the problem.
For one, you would want to make access to your device’s lingering data to be as less accessible as possible by encrypting your phone with a robust, randomly-generated password.
Unless the person who came across your gadget is indeed a skilled hacker, the chances of anyone accessing your personal data via a recovery program would be slim at best. Generally, this is done by going to Settings > Security > Encrypt phone.
Another potentially viable method is a rather rudimentary one, which involves you filling your device’s flash storage with new data after making a factory reset. The idea is for the flash storage itself to be inundated with new data, essentially overwriting all information it previously held.
Lastly, you could also use apps which are designed specifically for deleting data, like the Secure Erase with iShredder 6. But if you are keen in going through this process without having to use the Google Play Store in the process, there are potential alternatives you can sideload that does the same job. While easy, I personally would not rest comfortably on merely opting for this step without applying any or both of the previous options.