3

I have some old Android phones that I'd like to recycle, but obviously I want to wipe them before doing so. While I realize it's unlikely anyone will attempt a forensic recovery on my phones after even a basic factory reset, it got me to wondering how a user can verify that a factory reset erased their data. All of the research I'm aware of involves "chip-off" forensics, which isn't practical for most users. (Or even myself for fine-pitch BGA flash.) Is there any way for a user to be "reasonably certain" about the efficacy of a factory reset in protecting their data?

I'm particularly wondering about devices not from a flagship line. I imagine Google Nexus/Pixel, Samsung Galaxy, etc. devices have well-designed erase (probably by always encrypting data then destroying the key), but a lot of users may have phones made with firmware that is less well-designed.

Note that this differs from How secure is wiping an encrypted Android device? because I'm looking for information on verification, not information on the proper design.

David
  • 15,939
  • 3
  • 50
  • 73
  • I would not exclude major lines; they could make mistakes or have backdoors just like any other company either for their own reasons, government pressure, etc. – Eric G Jan 08 '18 at 06:14
  • fill the storage up with junk and then reset. 100%? no. better than nothing? yes. – dandavis Jan 08 '18 at 12:00

1 Answers1

1

If you don't trust the device manufacturer without a full hardware and OS audit you can never be certain. For all you know the device could have cached the encryption key in a separate piece of flash buried under another chip on the board - or even a full clone of the user space.

I would be surprised if any modern android device is using non-standard android encryption. If they are if anything its likely to be a flagship device with an unusual hardware encryption module. So the odds are if you can verify this then the question falls back to do you trust google/android and the prior question you referenced - How secure is wiping an encrypted Android device?.

If the device is using non-standard encryption you need to ask yourself why do you not trust the manufacturer. Are you expecting malicious behavior or incompetence? If you are expecting a malicious manufacturer then it is already end game. For all you know they have been transmitting your personal data away from the device throughout its use.

For incompetence there are ways to reassure yourself. For example write random data (to avoid any risk of compression) to the device until full. Then read this data back and compare against what was written. If they match you can be reasonably confident the full disk space has been overwritten.

There is one possible caveat. Flash memory has a limited lifetime. As it degrades the device can detect this and decommission certain blocks. Without modifying the storage control firmware decommissioned blocks will no longer be readable/writable to - meaning for older devices there is risk that old data is still contained and available to a determined opponent with access to a forensics lab.

However the odds of randomly decommissioned blocks containing useful confidential information - especially on a priorly encrypted device - is extremely slim. For any individual that does not consider themselves extremely high risk (and if you are you aren't going to be worrying about this - destroying the NAND chip is going to be a far better option than the second hand value of the device) I'd argue there is very little point considering this.

Hector
  • 10,923
  • 3
  • 41
  • 44