Android factory reset does not permanently delete data, finds Avast

When most people wipe their smartphones before selling them off or after having lost them, they assume all that data is gone forever from the device. But a new study from security software maker Avast says Android’s factory reset option does not fully wipe a device of the user’s personal data.   Avast said it bought 20 used Android smartphones and using off-the-shelf data forensic software, its researchers managed to unearth data thought to have been wiped. They were able to access more than 40,000 photos, including many nude selfies, 750 emails and messages, details of 250 contacts, and the identities of some of the phones’ previous owners. Highlighting the dangers of this threat, the researchers were also able to see one completed loan application, which obviously leaked other information about the user. See this infographic for the full list of details unearthed by Avast.   Avast’s Jude McColgan told CNET, “Users thought they were doing a clean wipe and factory reinstall,” but as the company found out a factory reinstall wipes phones at the application layer, which is not ideal. Using digital forensics software such as FTK Imager, a drive-imaging programme, Avast managed to retrieve personal data.   In contrast, iOS handles data wipe more effectively, according to Apple. Resetting an iOS device removes the encryption key used to protect data. With that gone, there’s no way anyone can decrypt the data, even if they somehow managed to recover it.