Factory Reset On Android Phones Retains Data Traces, Researchers Have Shown
Factory reset on Android advertises that it removes Google account, system and app data settings, downloaded apps, music, photos and other user data, but in reality it still retains data traces which can be exploited to recover old data such as contacts, emails and Wi-Fi passwords.
A group of Cambridge University researchers reported that they were able to recover data from supposedly clean phones.
Researchers tested 21 Android devices from five different manufacturers and all of them retained fragments of old data even after the factory data reset.
They also noted that it was easy to extract master token from 80 percent of the devices which is used to access Google user data such as contacts and emails. Researchers were also able restore Wi-Fi passwords.
Researchers also highlighted that encrypting the phone can help mitigate some of the risk but not entirely.
"The reasons for failure are complex; new phones are generally better than old ones, and Google's own brand phones are better than the OEM offerings," Ross Anderson of University of Cambridge, said in a blog post. "However the vendors need to do a fair bit of work, and users need to take a fair amount of care."
Findings of the research was published in the paper called Security Analysis of Android Factory Resets.
Google did not respond to a request for comment.