Android owners need to be careful when deleting data before they sell a handset
Using the "factory reset" option to wipe Android phones may leave behind valuable data, warn security experts.
The reset function may also fall short when used to remotely wipe a phone that has been lost or stolen, report Cambridge University researchers.
For their analysis the researchers bought used Android phones to see what sort of data remained on the handsets.
In some cases they retrieved key files that let them access a former owner's Gmail account.
The study of 21 phones, running Android versions 2.3 to 4.3, was carried out by Prof Ross Anderson and Laurent Simon from the University of Cambridge computer science department.
The flaws they found could mean that up to 500 million Android devices might be at risk of leaving data available to attackers after being reset, the researchers warned in a blogpost.
"These failings mean that staff at firms which handle lots of second-hand phones (whether lost, stolen, sold or given to charity) could launch some truly industrial-scale attacks," they said.
All of the phones analysed left some data behind after a factory reset, they said.
In most of the phones tested, data generated by apps for WhatsApp and Facebook was left behind.
In addition, images, videos and text messages were also recoverable.
In 80% of the Android handsets the two researchers managed to get at an important file known as the "master token" that is used by Android to give a phone access to Google services such as Gmail.
Then what are those people without rooted phones supposed to do, since they. Can't use a nandroid backup
- Posts : 265
Points : 300
Join date : 2013-05-14
Age : 21
Permissions in this forum:You cannot reply to topics in this forum