If your smartphone was running on the older Jelly Bean version of Android and you performed a factory reset on it before selling it off, your data is probably still out there. According to a new study by Cambridge University researchers, they managed to recover content from 21 used handsets running on Android 2.3 to 4.3. And all these devices had factory reset performed on them before the team tried their hand at extracting their previously stored data.
Based on this, it’s likely that 500 million Android phones out there may not fully erase disk partitions containing sensitive information. Additionally, 630 million devices running on Google’s mobile OS might just be leaving behind content on internal SD cards. The vulnerability could allow hackers to acquire people’s Gmail passwords, photos, text, chats and so on, from second-hand, stolen or misplaced handsets, reports Ars Technica.
The 21 Android smartphones tested by the Cambridge University researchers covered units from 5 different mobile brands. All of these devices contained bits of data even though their previous owners had hit factory reset. What’s more, it was possible to retrieve the master token Android makes use of for providing access to Google user data like Gmail and Calendar. Even re-synchronizing contacts and emails was achievable.
This is not the first time such an issue has popped up with smartphones and it won’t be the last. Some questions have been left unanswered however. The team from Cambridge University don’t know if the same flaw which exposes data even after a factory reset, exists on KitKat or Lollipop. There’s no explanation as to why the study has been restricted to Android devices only.