Saturday, 12 July 2014

"Factory wipe" — does it make the data on your phone safe from prying eyes?

You're about to dispose of your old phone, so, to protect your privacy, do a factory reset & all you data is gone. Right?

Well, maybe. Exactly what is gone depends on the age of the phone & the version of the operating system it runs. On an Android phone the index into your data is erased. For most purposes, this is enough. But the data is still there & is recoverable by those with the tools & know-how.

If our phone runs Android 3.0 or later, there is a way around this.

Since 3.0, Android has included optional encryption of the phone. Encryption requires a user-supplied key without which data on the phone is unreadable. So before doing the factory reset, encrypt the phone. The factory reset will erase both the index into the data & the encryption key. Your data still won't be erased, but it will unreadable even to someone who has the know-how to recover it.

Apart from the first few versions of iOS, encryption of data has been automatic, so a factory reset will make your data irrecoverable. Earlier versions overwrite user data, so, either way, you're safe.

http://www.theguardian.com/technology/2014/jul/11/factory-wipe-on-android-phones-left-naked-selfie-photos-and-worse-researchers-find / hundreds of naked selfies intimate pictures men women found batch Android smartphones owners thought they had wiped research study studying 20 handsets security company Avast factory reset function Android phones doesn't delete data on the phone retrieved using standard forensic security tools researches said found 40,000 photos 750 photos of women various stages of undress 250 photos male anatomy EXIF data picture file details location residence previous owners' identity file data Settings function doesn't actually wipe the data storage on the phone wipes the index points locations storage data is written sufficient accessing data forensic tools access storage areas Avast reconstruct the files Google Ars Technica research older devices versions Android security protections versions running software before Android 4.0 vulnerable Google's Android documentation setting file encryption is optional newer devices vulnerable Android 3.0 onwards encrypt the phone cryptographic key user-provided passcode factory reset delete the key rendering the data unreadable Google's spokesperson recommended disposing device enable encryption carry out a factory reset Apple iPhone iPad encrypt data AES 256 algorithm software key generated information user erase all content and settings cryptographic key deleted encrypted beyond any capability to decode existing data partition /