Well, it should come as no surprise that the factory wipe on some android cell phones doesn’t actually delete everything as expected. After all, cell phones exist in a world where unlimited data means a paltry two or three gigabytes. Depending on the plan used, unlimited phone calls means anything after 7:00PM. Now, tech security firm Avast did a forensic analysis on 20 factory wiped Android cell phones and found many of them still had naked selfies which standard forensic tools are easily capable of retrieving. This is because the factory wipe function on second generation android phones wasn’t designed to delete data in user space.
In fact, Avast was able to retrieve over 40,000 pictures of which 1,000 involved women various levels of dress from scantily clad to nude along with pictures of men displaying the family jewels. Pictures at times included Exchangeable image file format (EXIF) data which could be used to piece together a person’s residence. In a few select cases, the EXIF data revealed the previous owner’s identify. One can only imagine what risks this might expose a person to if the information fell into the hands of a perv. Also, a person obtaining a used Android phone might find a trove of photographs to post on the web.
As per Google, this is a problem that affects only 15% of the market and is not a problem for people using Android versions 4.0 or greater. However, data encryption must be enabled for the factory wipe to truly work. The trouble is that encryption is an optional feature which means people might still be exposed to this problem. By comparison, older Apple iPhones up to the 3G would actually write digital 1s on the physical data. Newer phones create an AES 256 encryption key for the data and upon factory wipe, the encryption key is deleted making it impossible to decipher the data. In other words, the Apple iPhone and iPod touch were always secure for 100% of users not just 85% of the installed base that remembers to turn on the optional encryption.