G+_Joe K Posted July 9, 2014 Share Posted July 9, 2014 So I'm listening to the All About Android episode with Padre right now and I think the next project should obviously be How To Securely Wipe My Phone. Link to comment Share on other sites More sharing options...
G+_Pat Sheerin Posted July 9, 2014 Share Posted July 9, 2014 I would have though the best option is to encrypt your device then when you rest the key gets removed and so your device is just full if random bits. Link to comment Share on other sites More sharing options...
G+_Joe K Posted July 9, 2014 Author Share Posted July 9, 2014 Pat Sheerin I agree, definitely the best option. However, there is a performance penalty to whole phone encryption, plus we are talking real users, daily driven phones, etc. I'd venture to say that the vast majority of users have no idea there even is an Encryption section under security. Much less actually understand the importance of it. Tom Krauska we aren't talking simple wipes here. Similar to SSD wiping, RAM wiping, and even HDD wiping, a simple delete doesn't actually wipe anything. It simply marks that sector as available for rewriting. Ie, it pretends to "forget" what's there, and leaves the space open to be written over. It doesn't wipe it clean. Link to comment Share on other sites More sharing options...
G+_Fr. Robert Ballecer, SJ Posted July 10, 2014 Share Posted July 10, 2014 Thermite... Total security. :) Link to comment Share on other sites More sharing options...
G+_bryant thompson Posted July 10, 2014 Share Posted July 10, 2014 ha ha ha! Link to comment Share on other sites More sharing options...
G+_John Mink Posted July 16, 2014 Share Posted July 16, 2014 Fr. Robert Ballecer, SJ yes but I hear the environmentalists aren't exactly a fan. What about creating a dummy profile and filling up the phone with random garbage/noise? Or what about encryption...I remember Steve talking about how the iPhone simply deletes the encryption key, does Android do something similar? Or do we need to encrypt the drive, wipe the phone, then encrypt and rewipe WITHOUT adding any actual (fake account & garbage or whatnot)? Link to comment Share on other sites More sharing options...
G+_Fr. Robert Ballecer, SJ Posted July 16, 2014 Share Posted July 16, 2014 The problem is that it's possible to recover bits from flash even AFTER it's been overwritten because of the way that NAND handles writes. This is one of the peculiarities of flash memory. Encryption could work, but only if it's enabled from the factory. If you can only turn it on AFTER you've initialized the phone, then at least some of your personal data will be recoverable after a factory reset. Link to comment Share on other sites More sharing options...
G+_John Mink Posted July 16, 2014 Share Posted July 16, 2014 I thought read after overwrite was impossible (or at best semi-theoretical) with NAND.... oh, wait you are saying that flash memory doesn't really write the way you think it will because it will try to minimize writing and such, right? And something tells me there's no built in low level secure wipe like with some SSDs. Link to comment Share on other sites More sharing options...
G+_Joe K Posted July 16, 2014 Author Share Posted July 16, 2014 With Jellybean, they introduced an android version of "TRIM" to manage wear leveling, nand wiping of available storage to prevent the same sectors from getting written to over and over, as well as going around and performing "garbage collection"; cleaning up the sectors marked for deletion. That last process isn't instantaneous however. So during the long period between a file being marked for deletion, and the sector it inhabits getting wiped back to it's "0" state, there is still a basically perfectly intact file sitting there, waiting to be recovered. Link to comment Share on other sites More sharing options...
Recommended Posts