Android free space wipe

Regarding the ability to recover old files, photos, etc., I have two questions.

If you purchase a used phone, and go through the procedure to return the phone to factory settings, is it still possible to recover information that had been on the phone before you bought it?

I would have assumed that this would not be possible, but from reading the above discussion, I'm no longer so sure.


In asking this, I'm mostly thinking of images, emails, and anything downloaded by an application, but I'd rather leave this as a generic question, that applies to anything and everything.

In my specific case, this would be a late model Android phone, but again I'd like to ask it as a generic question for anyone else who might be buying or selling used phones.

(I'd like to add that there are hundreds of sites on the internet that talk about things like this, but Wilderssecurity is the only place I've found so far where people seem to really understand what they're talking about. I'm glad I found this place!)

 

Flash memory is a lot better at NOT retaining deleted info, than magnetic media, but I'm not that up on the differences between phones and SSD's. Also, it seems that TRIM is only really truly implemented in JellyBean 4.3...so who knows what the flash controller was doing on earlier versions.

If I was going to get rid of a phone, I'd simply melt it - I don't need the money. Then again, just stick it in a drawer.

If you received a phone used, and just want to make sure the previous owners stuff is as gone as possible, I'd factory reset, then encrypt, then re-set again. Encryption is the best "wipe"

If you are lucky enough to own a Nexus device, I'd re-flash the whole thing with a factory image, encrypt, and re-flash again.

x942 is the resident phone guru, as well.

PD

 

A normal factory wipe would not permanently delete data. What we do in Guardian Rom is encrypt the device with a random key, wipe the device, encrypt again with a random key, wipe again, now encrypt with the key we are going to use. That should sufficiently randomize free space.

I would recommend encrypting from day one if possible just to be safe. Flash memory can be tricky to wipe although there are some solutions. I am working on porting shred over with a GUI front-end for example. Also working on patch recovery to wipe using /dev/urandom.

While you are correct there are some issue with wiping data on flash memory. Wear leveling is one. Again encrypt from day one

On your second point that works. We do this on Guardian Rom (as mentioned above).

Best thing for security: Nexus device (Galaxy Nexus is pretty cheap now) and a custom ROM. Guardian Rom stable is releasing today and makes all of this stuff easier.

 

Hmm, I wanted to keep my question generic, so the answer would "fit" as many people as possible.

I have a GNex, but have never rooted or installed a ROM. I'd like to learn how to do this, and I thought it would be a good idea to buy a used phone (wish I could find an inexpensive one with a cracked screen) for the sole purpose of practicing on. I found this thread, and got to wondering about what all might be on a used phone. Until now, I just blindly assumed that doing a fresh install would effectively "clean" the entire device. Now I see that I was wrong.

I don't think I should start off my learning process with encrypting, and so on, until after I feel comfortable with simply installing a new ROM. I don't want to practice on my own phone, as I need that working, but I thought it would be a great idea to buy yet another used phone - and if worst came to worst, and I turned it into a brick, unlikely but possible, I wouldn't be out so much money.

Supposing someone were to buy a used phone, reset it to factory settings, then fill it up with as many photos and videos as possible, to use up all the free memory. Since new Android phones without a memory card allow that portion of the main memory to expand as needed, my plan would be to fill up the entire phone with my own "stuff", then either delete what I put there, or restore it once more to factory settings. I figure that would leave the phone completely filled up between the new "system" stuff, and my "stuff", and after I empty it out, I should be good to go.


The information you guys posted also got me wondering about encrypting phones. Is there a "beginner's" thread here, that explains the basics of how this is done?

Most importantly, if anything goes wrong in the encryption process, is it still possible to get into the normal menu and reset the phone to like new?

 

None of the non-root apps really wipe free space sadly. Installing roms is pretty easy if you are interested I would check out xda-developers for tips and tricks. If you really want security and ease of use I would check out my other thread on Guardian Rom. We are launching a GUI installer for Windows and Mac OS X to make it really easy to install and setup encryption. Best of all it's free and open-source.

Filling up the the phone like that would leave untouched blocks and would never fill it 100%. You are much better zeroing out the phone with one of those free tools.

I can post a thread on Android Encryption if you want and cover all of the basics and how to keep the device secure. If encryption fails it auto-matically wipes the phone to factory, it's pretty much fool proof.

 

I think a thread like that would be extremely helpful, probably to a lot of people.

Please include one answer that I think many people would find re-assuring - if anything goes wrong, for whatever reason, can a person bring the phone back to life by doing a factory reset? Or, is the ability to even get to the factory reset setting hidden behind the "encryption"?

(Just this question by itself probably shows you how little I know about this.)

 

Yes. Android has a failsafe built in - If encryption fails it automatically resets to factory. It checks if it succeeded at the very end of the process. Even if that doesn't work properly you can always boot into recovery or Bootloader and reset to factory easily.

 

I'll wait for your new thread before asking too many more questions. Just two quick ones for now....

a) which of those "free tools" might you consider to be better than the others, and

b) to properly encrypt a phone (as you'll be describing), is this something that has to be done when you first set up a phone, or can it be done any time, even after you've been using the phone for a while?


I guess one more generic question would be whether the entire phone gets encrypted, or only the user partition? Once the encryption is done, can I still access the phone from my PC, perhaps to upload/download photos? I think I'm getting ahead of myself though, and maybe I should just wait for you to post the write-up.

 

a) The only one I have seen that works okay is ShredDroid. But I haven't run any forensics test on it. I only did some preliminary tests on the others and they left obvious traces behind.

B) You can set it up any time. Just remember Android by default encrypts inplace so any old data my remain behind. Also any freespace isn't encrypted until it's used. Guardian Rom wipes all freespace randomly so you cannot differentiate between where encrypted data begins and ends.

Only user partition is encrypted. /System is left untouched (no userdata is stored there and it's read-only anyways). You can still mount with the computer after you have booted the phone and are passed the lockscreen. Lockscreen disables mounting so if your phone is on you data is can't be pulled over USB without the PIN.

 

I think I'm missing something here. Let's say I buy a GNex. I plan to follow your advice on setting it up with encryption. From what you've written, any data that I store on the phone's user area, will be encrypted from then on. Let's say my data takes a total of 2 gigs, and that my 16-gig GNex now has 14 gigs free.

If I understand you correctly, that 14 gigs is considered "free space", and presumably will have whatever data was on it before I set up the phone and the encryption. If I understand you correctly, I need either a way to wipe all the user space before setting up the phone, or a way to wipe the free space (all the phone memory that I'm not yet using).



If I'm on the right path so far, would I want to use something like "ShredDroid" on the phone before I start installing my apps and data?

(If you ever create a rough draft of the article you're thinking of writing, I'd love to read it ahead of time, before you get it polished and finished.)

 

I found ShredDroid on Google Play:
https://play.google.com/store/apps/details?id=ch.ethz.infsyssec.sddroid&hl=en


From there, I got to the developer's website:
http://www.securedeletion.com/


Apparently the new version has a new name, "Secure Delete Android":
https://play.google.com/store/apps/details?id=ch.secdelapp


It's under $3 to buy it, so that's no issue at all, but there are so few reviews, some of which aren't favorable, that I'm not sure if I'd want to use it. I guess there's nothing to lose by installing it on a used phone - I can always re-install Android and be off and running on a "cleaner" phone.

 

Yes. The 14GB is freespace. Since it is not randomized an attacker can gain information from the phone. In this case the will know exactly where the encrypted data starts and ends.

 

Well, in under three weeks I will have a used Samsung Galaxy Nexus, with a damaged screen, and the plan is to use it for learning all these things, including installing a custom ROM.

Let's assume that I will follow your suggestions for encryption (or at least try to) which applies to anything I put on the phone after I receive it. That sounds reasonably easy to do, but knowing me it won't be...

If I want to "wipe" all the remaining space, before or after I restore the phone to factory settings, is there anything you would recommend for this?

The best answer I think I've learned from this discussion is:

"Secure Delete Android":
https://play.google.com/store/apps/d...d=ch.secdelapp ​

Trying all this out on a "spare" phone isn't going to worry me, as it's just a learning tool, and the cracked screen makes the whole exercise reasonably affordable.