cool story bro

The latest bit of FUD spreading around about Android is that you can't ever sell your old Android phone without giving away all your data, secrets, and possibly the recipe for KFC.

Like many things you'll read elsewhere on the Internet, there's a lot of crap attached and presented as fact that is just wrong. Someone needs to explain what exactly is going on here. Allow me to try my best. Hit the break for a read.

Part one -- The FAT file system

Any device -- be it a smartphone, an SDcard, or your computer hard drive -- that's formatted with a FAT file system doesn't really erase data when it says it has erased it. Instead, it tells the system "Hey, go ahead and stick something else on top of that if you need to." But it doesn't actually "erase" anything immediately. Someone with the right computer forensic tools (not just some random dude from Craigslist or eBay) can recover data easily from these types of devices. Ever use one of those programs to recover pictures from an SD card you "erased" before you meant to? We're in the same ballpark here.

In fact, any writable storage will give up its secrets if enough pressure and know-how is applied, but FAT formatting just happens to be easy. That's what is being targeted in this round of scare-mongering, but it just looks better if the word Android is used. 

FAT file systems are useful because just about every operating system can read and write to them. Format your SD card with it, and you can swap it to just about any computer or device that it will fit into. Just mount the drive and drag and drop files. This is why SD cards in mobile devices are formatted this way, and why the internal storage in older Android phones is formatted that way as well.

Yes it's true that an enterprising and intelligent person can find "erased" data from them. Since Honeycomb, Android has tended to stop using FAT partitioning and with Ice Cream Sandwich devices can be built with the entire internal storage partitioned without it. The offset is that you'll need to use MTP to access the storage. It's a little trickier (especially if you're not using Windows), but not overly difficult. But keep in mind that most devices that ship with an SDcard slot will expect that card to be formatted as FAT, so this isn't ever going away.

By now you're likely asking "what can we do to fix this?" That's easy to answer -- securely wipe your SDcard or internal storage with a free app. Two minutes of searching the Google Play store found these three, and they should do the job just fine.

Just know that when you tap and use any app like this, there's no turning back. Your data is gone for good, unless you're a very skilled worker in a very expensive forensics lab.

The same thing applies for your Windows computer. If you're using FAT (the default prior to Windows 7 and still in use by some OEMs) you need to wipe things clean before you pass them on to others. The selection of programs that do this for Windows is huge, and a quick Google search will find you exactly what you need. 

Part two -- system partitions

We've covered FAT devices, but what about other partitioning systems like the ones used in Windows 7 or iOS or the Android system partitions? Chances are you don't know anybody who could retrieve data that's been erased from the internal system partitions -- even on an older Android phone. But contrary to the stories floating around today, data recovery is certainly possible with just about every device. The issue is that very few folks have the means, or will spend the money, to do it. 

Part three -- encryption

While this isn't quite the same as securely wiping your phone clean, it's as good a time as any to talk about encryption. Since Android 2.2, device policy management has existed in Android, and Honeycomb brought a native encryption method. You'll find it in the settings, but be warned it's a one-way street if you want to play with it. 

Encryption is what you want to be using if you lose your phone and don't want anyone to access it. It's not really relevant to this discussion except that you could sell an encrypted device and the only thing the buyer can do is erase the whole thing and start fresh. If you choose this route, be sure to tell the buyer that it's encrypted and he or she will have to wipe it all and start over, or just wipe it all yourself. 

We don't want to stick our heads in the sand and pretend that this type of data collection and theft isn't possible. We just want to clear up some of the confusion, and point you towards some tools that help fight the FUD.

 
There are 14 comments

Mtn_Scott says:

PANIC!!!!!!!!

I Thought my Angry Birds Stars were secured!!!!

icebike says:

Never sell your MicroSD card with the phone. Let the new user buy their own.

Of the apps linked to above only ShredDroid claims to overwrite system storage, and reviews seem mixed as to whether it does that at all. The rest only address the MicroSD.

For internal storage, simply wipe the phone then side load it FULL of innocuous photos, then wipe it again.

That will overwrite every user writable portion, and any recovery only gets landscapes of your vacation. And, NO, there is no need to overwrite storage many times like some of these apps seem to think. That hasn't been necessary since the demise of magnetic tape.

Your settings might still be erased (but not gone) from system storage.

Like Jerry says, the people who can get at that data are few and far between. But where are your email passwords stored? Might not hurt to change those when selling the phone.

Phones replaced by carriers are at special risk here, because sometimes its non-functional when turned in, and you can't wipe it. More than one of these has been shipped with data intact as a refurb.

Bolt473 says:

You could always plug the microSD card into your computer and use something like DBAN, dd, or Disk Utility to erase it 7 times. Personally, I would format it and encrypt it with TrueCrypt (because TrueCrypt writes random data in all empty space), then do a full format of the card.

OmarF82 says:

Whaattt my Angrybirds stars aren't secure either? OMFG

bacidath says:

photorec is a great tool for recovering "deleted" photos as well as other things... used it to pull long lost photos off a thumbdrive that had been formatted and rewritten to over many years...
http://www.cgsecurity.org/wiki/PhotoRec

TechW says:

Erasing a Flash drive or SSD is not the same as erasing magnetic media such as a standard hard drive. Using a standard wipe utility may not, in fact, eliminate all your data due to the differences in how the flash drives maintain the data.

Recommending any wipe utility without doing thorough testing on them seems a bit irresponsible. Encryption and physical destruction is probably the best answer for the moment.

mikemosh511 says:

I'll remember to physically destroy my phone to erase the data before I sell it to someone.

PacoBell says:

Right, I was wondering why Jerry was even talking about secure deletion on flash media. The internal controller does copy-on-write for wear-leveling purposes, so anything that claims to be able to "wipe" data on such devices is selling you snake oil. An forensics expert skilled in the art will be able to recover at least some data with a SEM.

squiddy20 says:

Or you could just use any number of Windows/Ubuntu/Mac programs that wipe hard drives, SD cards, thumb drives, or whatever else you need. Mac's own Disk Utility has this capability. For Windows I've found this: http://www.partitionwizard.com/ to be a PERFECT tool for reformatting/wiping memory cards. It even has options for erasing/rewriting that are supposedly comparable to military standards. I've used it to repartition my SD card for true apps to SD capability because my Samsung Moment only has 200 some-odd MB of internal storage.
As for erasing data on system folders, a complete wipe via recovery (custom or stock) should do the trick.

AdamOutler says:

The author is not a linux user? They system partition works like any other linux filesystem. Linux is better at data recovery than any other OS. Remount the system and you can recover any data.

cowbutt says:

The /system partition is normally mounted read-only, so there should never be any user data there, unless they've rooted and put it there manually.

/data and /cache, on the other hand, may (indeed, probably) hold user data, but those are wiped when doing a factory reset (either from within Android or recovery). I'm not sure whether those options just erase the superblock and rewrite it, or whether they actually fill those partitions with junk data first.

Any recovery tool that an attacker will have to use to attempt to recover data from those partitions will need to run natively on Android, though, or they're going to have to desolder the flash, which should mitigate things somewhat.

Synycalwon says:

"The same thing applies for your Windows computer. If you're using FAT (the default prior to Windows 7 and still in use by some OEMs)"

Windows XP would be more accurate, at least as a business AND consumer (home) operating system. Prior to that it would be Windows 2000, or going back further Windows NT, which were both business oriented operating systems that use NTFS as the default file system, not FAT. You have to go way back to the DOS based Windows ME/98/95 to find FAT/FAT32 as the default file system. :)

unl0rd says:

I agree with icebike.

Android has never been formatted with a FAT filesystem (except the SD card, which you'd have to be nuts to sell it with your phone, they don't cust much these days).
Android has always mostly used YAFFS, or a variant. Samsung untill recently used a proprietary FS.

Windows 7, Vista and XP all usually use NTFS and just like FAT, items can easily be undeleted.