Your personal data may not be completely removed with an Android factory reset

You just received your shiny new flagship of a smartphone and now you are ready to put the old one up for sale on eBay, or Craigslist, or Swappa. The secondary market is alive and well with over hundreds of thousands of devices for sale.

You have taken really good care of your older Android device and are certain that it will get a great price from an eager buyer. All you need to do is perform a factory reset and you are good to go, right? Maybe not.

AVAST, an anti-virus software and provides free software, as well as paid services for consumers and businesses alike, took to the internet and bought 20 used Android phones for the purposes of seeing how much, if any, personal data was still on the devices after a factory wipe and reset had been performed. The results were stunning to say the least.

With the help of some off-the-shelf digital forensic software (such as FTK Imager), AVAST was able to cover the following:


What is happening then? AVAST’s press release does not note if any of the devices were, in fact, not factory reset or if there were any errors in how devices might have been reset. We also do not know how old, or what version the operating system is on the devices. We reached out to AVAST to see if there were any other variables worth noting in their findings. Taking those issues aside, where is the factory reset falling short? The reset in these instances seems to be focused more on the application layer, and not much more.

AVAST noted that its anti-theft app, free on Google Play, has the ability to delete and overwrite these personal files along with a host of other features. That app, avast! Anti-Theft, and dozens of others may be worth considering before putting your former device, a veritable digital life-wallet up for sale.

UPDATE: We sent a few questions to AVAST to get some idea of what they were working with when the embarked on this little project. We heard back from Jaromír Hořejší, malware analyst, and Tomas Zeman, Mobile Product Manager at AVAST.

Q: Were there any indications that any of the devices were not properly "factory reset?"
A: The majority of the phones were factory reset, however there were some that our virus lab started and went via default setup tutorial.

Q: What version of the operating system was installed on the devices?
A: All different android versions were present, most of the phones had Android version 4 (different versions), some others had Android version 2.3.x called Gingerbread.

Q: Was AVAST able to replicate the results? - meaning, re-wiping a device and still finding data?
A: Yes, we did proper factory reset on some phones (in case the owner had not done this) and were still able to find data. Therefore, we were able to replicate our experiments.

Q: Aside from the "application layer" being wiped, is there any explanation from AVAST's point-of-view as to how and why the factory reset is so ineffective?
A: It depends on the manufacturer's implementation. If the implementation of factory reset was correct, nothing was recovered. If the implementation is incorrect, we were able to recover some data.

As for the 20 devices AVAST bought on the secondary market to take on this project, the breakdown is as follows:

HTC EVO V 4G
HTC One X
HTC Thunderbolt
HTC Sensation 4G
Motorola Droid RAZR (4)
Motorola ATRIX 4G
Samsung Galaxy S2 (2)
Samsung Galaxy S3 (3)
Samsung Galaxy S4 (2)
Samsung Galaxy Stratosphere
LG Optimus (2)

Based on the answers, where implementation "was correct," and nothing was recovered, if nothing else, this serves as a handy reminder to take care in properly preparing your devices before you part ways with them.


sources: AVAST via CNET