User's data can be extracted from smartphones post factory reset

Security experts bought some second-hand smartphones, and were able to extract a lot of data, including selfies of those showing off their 'hardware'

1 minute & 23 seconds read time

If you think that using the factory reset function on your smartphone will clear your data, you're in for a pleasant surprise! Czech-based security company Avast purchased several phones via eBay to evaluate if they can extract data from it, especially the ones that had a factory reset done by the previous owner.

User's data can be extracted from smartphones post factory reset |

The factory reset is supposed to be a one-touch feature which should secure erase all the data, settings and other user-related details from the photo and return it to a 'rolled out of the factory' state. But the experiment by Avast proved that this is not entirely true.

The company conducted this experiment by purchasing 20 smartphones from eBay. The experts at Avast were able to extract data from these smartphones, though the company didn't disclose if that was the case with all the smartphones. The experts were able to extract 40,000 photos, out of which 1,500 of those were family photos and others included selfies with their manhood.Other data included emails, text messages, Google search history and even browser history. Avast also added that the factory reset feature does not wipe out the data from the phone. Rather, it only erases the index information.

According to what was found, the data can be easily extracted even after using the factory reset option using forensic tools that can be easily purchased online. The only way you can ensure that these private and even embarrassing data are properly erased is by over-writing the phone with new data.

Avast specifically pointed out Android smartphones, to which Google went on a defensive. The search giant said that this experiment did not reflect the security protections in Android operating systems that are used by majority of the users. Google also recommended enabling encryption on Android-powered smartphones before hitting the factory reset to make sure these files cannot be accessed. Unlike Apple phones since iPhone 3GS, encryption on Android phones are not enabled by default. Other security experts said that destroying the phone is the best course of action if the user doesn't want any data to be recovered.


After being a long time PC enthusiast and a former contributor for many Indian based PC and Tech forums, Roshan now joins TweakTown covering tech news and also any developments from India. Like many enthusiasts, with years of being involved in many Indian tech forums and running his own tech site, he's commonly referred by his forum nickname 'The Sorcerer' by many old and new fellow PC enthusiasts, followed by few companies from time to time. He's also the winner of the TweakTown's Computex 2012 Taipei trip. If any free time is left, Roshan prefers to play FPS games.

Newsletter Subscription

Related Tags