Android factory reset doesn’t delete personal data


Avast used forensic data tools to access highly sensitive data which phone sellers believed had been wiped 

Security software provider Avast has discovered that using the factory reset function on Android phones doesn’t completely delete all of the phone’s data.

The firm bought 20 Android phones from eBay and was able to retrieve more than 40,000 photos, including 750 of women in “various states of undress” and 250 photos of naked men. The identity of four of the previous owners was also found and a completed loan application.

Avast was only able to retrieve the data by using forensic data tools which directly accessed storage areas, so the information wasn’t readily accessible. However, these tools are easily downloaded for free via the internet.

Android versions 3.0 and upwards offer a setting that will encrypt the phone with a password meaning that anyone purchasing the phone would require the code to access the information. It is unclear what make of handsets were purchased by Avast.

Google’s OS is making strides to prove to the public that Android is a secure platform, particularly for enterprise. It has recently signed a deal with Samsung that will see its enterprise security platform KNOX, come pre-loaded on Android devices.