Reset function of Android allows user data behind’




Security researchers from the University of Cambridge have uncovered in two papers vulnerabilities in the system to get rid Android phones and personal data, both through a ‘factory reset’ as a ‘wipe’ through external programs.

The researchers from the university bought some second Android phones to check whether the reset to factory settings did provide a completely clean phone. That in all cases is not good, write the researchers in their blog: all cell phones allow at least fragments of ancient and dates back at 80 percent of the phones it was even possible to identify the master token, so log on to the Google account of the former owner becomes possible.

The other study focused on software offered by third parties, including antivirus companies offer apps to block a remote telephone or deleted. Antivirus software that uses the built-in Android way to reset the phone to factory settings fail, for understandable reasons, which provides that no third-party software solution to the problem.

To test the quality of the factory-reset function, watched the investigators to 21 Android phones from five different manufacturers. The phones were running on different Android versions, from 2.3 to 4.3. Based on the results obtained, the researchers estimate that up to five hundred million Android devices to the data partition not erase, and to 630 million units, the internal SD storage is not clean properly. Users who store their secured with encryption, have no luck there remains after a factory reset after enough information to eventually retrieve the encryption key.

The problem with anti-theft mobile apps composed by poor wipe implementation and limitations of the Android APIs, and adjustments are made to the operating system by the manufacturer of the devices. “It’s unfortunate, but a mobile anti-theft app offers better wipe function and not an alternative to the built-in factory-reset,” write the researchers in the other paper. According to them, is the only viable option that manufacturers provide their own good software to restore the factory settings.

The problem is not entirely on the side of Android; Also, the flash memory is part of the problem. The available storage capacity of the flash memory is larger than indicated, in connection with error correction and the manner of data storage. New EMMC support improved data cleansing methods. Furthermore, according to the researchers, manufacturers must use the entire flash capacity and full show in the boot loader and the recovery and Android kernels.

Users can also ensure better protection of their devices, namely by securing their devices with encryption and thereby have to choose a long pin with both letters and numbers for their own login. To determine the encryption key, must still be the regular password or PIN code be cracked. What about Android versions 4.4 and higher, is not known, but researchers suspect that it plays a similar problem.

Android 4.x under 4.4 still runs on nearly 45 percent of Android phones turns out data from Google itself dated 4 May 2015. Six percent of the mobile phones is still in contact with the Play Store with a 2.2 or 2.3.x device.

In: Technology & Gadgets Asked By: [18798 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »