Posted on 05/23/2015 10:54:18 PM PDT by iowamark
Up to 500million Andriod users who use or have used Android software could be at risk from having personal information shared after tests revealed it's impossible to clear data from many devices.
A report by Cambridge University showed that private text messages, images, videos and email details can be recovered, even after a total wipe - or factory reset - has been done.
It means that people who have given away, sold or lost phones are now at risk from having their personal details and any private or sensitive information in messages or emails seen by whoever now has their old phone.
They could also access third party applications. Many phone users store financial information and do their banking through some of the most popular apps on tablets and phones such as Halifax and Nat West.
Researchers also recovered Google authentication tokens, allowing to access services which are synced across a number of devices, including Gmail, YouTube, and any images or videos stored using Google cloud services.
Tests on a number of second-hand devices bought on eBay with various versions of Android software found that even if the user has the phone fully encrypted, information could still be accessed after a factory reset...
They also discovered that up to 630million phones may not wipe internal SD cards, which often store most of the images and videos on a phone.
It means that the user could wipe the limited information on the phone and sell or pass it on to another person who would still be able to access the majority of personal information it holds...
(Excerpt) Read more at dailymail.co.uk ...
http://www.cl.cam.ac.uk/~rja14/Papers/fr_most15.pdf
“Security Analysis of Android factory resets”
C’mon, let’s start a fight with the Apple antagonists... I have some time to waste ;)
http://www.theregister.co.uk/2014/05/01/thanks_for_nothing_apple_say_forensic_security_chaps/
Yes, it seems that Android is designed to do this while the Apple isn’t.
Now that this article has been published, Android is going to easily duplicate the iphone behavior.
Too bad NSA...
I hear a new Lifelock commercial coming for Beck.
Flawed Android factory reset leaves crypto and login keys ripe for picking - LINK ONLY
plus an additional article with full details from CNN Money in the same thread.
I find it interesting that a lot of articles on this discount the threat to only 500 million when the article itself claims 630 million, and they haven't even tested Android 4.4 or 5.0 at all, which would extend the issue to over one billion devices, and Google, if it had found the issue and fixed it in those new versions, is required to report the issue as an existing vulnerability which they have not. Ergo, it is a reasonable conclusion that it has not been fixed!
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.