Analysis of Android Factory Resets

Abstract

Smartphones are our every day companions. We use them to communicate, perform payments, track activities, or perform work-related tasks. With 2.5 billion Android devices in circulation, it’s not surprising that there also exists a substantial second hand market for smartphones. For example, in 2017 18% of people opted to sell their old device. The fact that private or company data resides on smartphones is a potential risk to privacy or confidentiality when selling or discarding an old phone. Because phyisical destruction is not an option if the phone is to be sold, the only viable alternative is logical sanitization. For this purpose, Android provides the factory reset functionality, which is supposed to delete all personal data. In this paper we take a look at the factory reset implementation of Android from versions 5 to 9. We look at how the flash memory is wiped and which concrete operations are performed. We identify major changes between the versions and document them. Additionally, we look at the factory reset implementations of three popular alternatives whose factory reset implementation is based on Androids, namely LineageOS, OxygenOS and KaiOS. We found no apparent issues in Android versions 5 to 8. We found that in Android 9 a change to the factory reset implementation causes the use of the non-secure ioctl(BLKDISCARD) instead of it’s secure counterpart BLKSECDISCARD. We also identified some minor issues in the other operating systems.

Publication
TU Wien