It’s never fun to have to issue a warning, but a new study by the LA Times indicates that the Factory Reset function on Android devices may not work as advertised. The site worked with a security expert to run a test on BlackBerry, Android, and iOS devices as well as PCs. It discovered that important, sensitive data could be retrieved on a large portion of Android devices even after the Factory Reset feature had been properly used.
Robert Siciliano, an identity theft expert from McAfee performed the experiment, where he purchased 30 used devices (mostly smartphones and laptops) from random users on Craigslist. His goal was to see how smart people were about removing their personal information from phones, but as it turns out, even though a majority of owners did correctly Factory Reset their Android devices, he was still able to retrieve vital data like “Social Security numbers, child support documents, credit card account log-ins, and a host of other personal data.” This finding is all the more disturbing since he could find no problems with the way iPhones, iPads, or BlackBerry devices delete their data. The only other weak link was Windows XP, which is so old it’s almost expected.
We’ve reached out to Google’s Android team to try and learn more about this potential vulnerability, but have not heard back as of publication. We’ll update this article if and when we get some answers.
Until we learn more, we don’t recommend that you don’t sell your used Android devices to anyone that you don’t know or trust. It’s quite possible that personal information could be leaked from it.
Definitely an issue. I recently bought a used Droid from Craigslist and even though the guy factory reset the device, ALL of his pictures / videos were still on the 16GB SD card. Fortunately for him it was nothing exciting and I wiped the card completely.
Most phones do have an option to also wipe the SD card. Every one of them I’ve used. He must have forgotten? But noted.
The odd thing was that there was no other data on the card, so I feel like it was a bug. But who knows, user error is ALWAYS a possibilty
Yeah, I’ve found pictures and data on SD cards after a device was reset. If I remember correctly some versions of Android make resetting the data, and wiping the card two different tasks.
Very true. Google does allow Android makers to freely mess around with where the Factory Reset is and how it operates, to some degree, at least.