Summary: Personal Data of More than 500Million Android Users in Danger — Researchers Claim it is Impossible to Fully Delete Data from Handset after changing Mobile Phone.
Even after full wipe it is possible to access text messages, emails, apps, photos and videos because around 630million cell phones cannot clear internal SD cards when the device is reset. Researchers believe that this revelation will limit growth in the app and mobile phone market.
More than 500million Andriod users are risking their personal details because their data may get shared when they change their mobile phone. Tests on this aspect revealed startling fact that it is almost impossible to delete data from a majority of devices.
In a Cambridge University report it was revealed that images, videos, private text conversations and email details can easily be recovered even a full formatting or factory reset has been performed.
This shows that users who have lost, sold or exchanged their mobile phones are now facing the threat of their personal details and private/sensitive data be shared with whoever possesses their old phone.
Also, it is possible to access third party applications because many mobile phone users store their financial details and perform online banking/transactions on some popular apps like Nat West and Halifax.
It was also discovered by the researchers that Google authentication tokens allow access to numerous synced services across devices (including Gmail, Google Cloud and YouTube).
Various second-hand devices that were bought on eBay were tested with different versions of Android software and it was identified that if the phone is fully encrypted even then the data could be accessed despite factory reset.
Android, on the other hand, claims that about 50percent of Android devices use the tested software (Android 2.2 to 4.3 versions), this is why researchers claims that 500million handsets are at risk.
Researchers also claimed that up to 630million phones contain SD cards that are not completely wiped. These are the locations where usually videos and photos are saved.
We can therefore, identify that users can only wipe some amount of information that is stored on their phone and when the phone is sold or passed on to another users, it is possible to access a big portion of personal data.
Researchers said: ‘The extraction of data from resold devices is a growing threat as more users buy second-hand devices. A healthy second-hand market is valuable for vendors as people are more willing to buy expensive new devices if they know they can trade them in later. So data sanitisation problems have the potential to disrupt market growth.’
‘If users fear for their data, they may stop trading their old devices, and buy fewer new ones; or they may continue to upgrade but be reluctant to adopt sensitive services like banking or healthcare apps, thereby slowing down innovation. Last but not least, phone vendors may be held accountable under consumer protection or data protection laws’
It is however, reported that the level of risk may vary with vendors.
In an interview with Ars Technica Computer Scientist Kenn White told that a whopping number of devices are at risk in the market not only Gmail passwords but images, photos, text, chat. A reset can never be good enough and the level of risk associated with Android devices varies with their wholesaler.