User Data, Including Full Bitcoin Wallet Access, Retrievable From Secondhand Android Phones -

User Data, Including Full Bitcoin Wallet Access, Retrievable From Secondhand Android Phones


Bitcoinist_BitcoinUseCasesIn a new study by Cambridge University, user data is routinely retrievable from secondhand Android devices that have been wiped through a factory reset. Most Android devices offer no way of easily deleting user data such as access tokens, messages, images, and other content. The problem doesn’t affect only a small percentage of Android users, it affects an estimated 500 million Android devices, this poses a problem for companies that resell used Android devices. In addition to the 500 million affected devices, up to 630 million people do not properly wipe multimedia files in their devices prior to getting rid of them (through either sale, gift or disposal.) Researched examined 21 secondhand devices running OS versions 2.3-4.3 from five different manufacturers that had been wiped using the built in factory reset function.

Also read: Teaching Encryption Soon to Be Illegal in Australia

The problems faced by the OS also affect third-party data deletion applications, so Android users don’t have a good way to dispose of their data through either 3rd party applications or built-in OS options. Researchers were able to recover multimedia files, login credentials, and even the master token used to access Google account data such as Gmail, Adsense, Docs, and any other Google platform.

Even if the device is fully encrypted, this data can still be recovered. The problem comes from multiple issues including the fact that these devices use Flash memory which is considered to be one of the most un-volatile forms of memory (and fastest) available. It wouldn’t make sense to put a mechanical hard drive in a phone to use for storage, but things stored on flash memory are incredibly resilient, and the memory chips are very physical in nature.

When something is deleted off of a phone, it isn’t truly gone. Flash memory actually isn’t truly gone until it is overwritten. For example, if you delete an app on your phone, you will see that you have the extra space on your phone now, but the app won’t be truly deleted until you store something that would need the memory used by the deleted app. This property of flash-based memory is one of the only drawbacks of the cheap but powerful memory storage method. Data has been taken from discarded or secondhand flash drives that appear to be empty in the past due to the physical nature of the memory.Bitcoinist_Decryption

The problem with Android devices is a combination of the nature of flash based memory and an inherent problem with the OS in the ability to steal data after a full factory reset. Master tokens were retrievable in 80% of the devices with the faulty factory reset mechanism. Email accounts are a powerful thing these days, if someone has access to your email account, they will be able to access most online services you use through a forgot password function. This is a very serious issue that needs to be addressed quickly.

For Bitcoin users, this issue poses another threat. Fully encrypted wallet data is accessible (including passcodes to unlock wallets and spend funds.) With the popularity of mobile Bitcoin wallets and banking apps, Whoever owns your Android device (even after a factory reset) would have access to your banking accounts, your Bitcoin wallet, your email, and many images, texts, phone contacts, and other access data that belongs to you. Any application that lacks 2FA is totally out of your control at that point. As soon as someone has access to your Bitcoin funds, those transactions are irreversible.

To avoid these serious problems, hold out on selling or getting rid of your Android device, update to the latest OS version and wait until a hot fix has been put into place, and enable 2FA on any third-party application and service possible.

What do you think about the Android issue? Comment below!

Images via Android and Pixabay.

Drew Cordell

Drew is an undergraduate student at the University of Texas at Dallas, majoring in Business. He is an active member of the Cryptocurrency community, and enjoys collecting, trading, and writing about various coins. Outside of the digital currency world, Drew tends to spend his time with friends, playing video games, or studying. Feel free to email him with news tips or questions at [email protected]

  • Brandon Collins

    How are they able to access data that was stored inside of an applications isolated storage? I didn’t think this was possible.

  • Close_Observer

    This has good and bad sides.

  • Drew Cordell

    They are able to access login credential tokens. Unless the user data was encrypted before it ever hit the phone’s storage, they will have access to your wallet pin and/or password.

    If the wallet data is encrypted before it touches the phone’s storage then you will be alright. Unfortunately, not many mobile wallets do that yet.

    Access to the master token (Google) is (potentially) even worse than that since they would have access to your entire Google account (which Google would think that you are logging on from your own device and wouldn’t think it was a fraudulent login attempt. They would be able to do some damage before someone would have time to notice and recover the email with 2fa. Thanks for reading!

  • Brandon Collins

    So when you store data using:

    sharedPref = mContext.getSharedPreferences(
    mContext.getString(R.string.app_file_key), Context.MODE_PRIVATE);

    Is that data not encrypted by the OS?