oaktrees
asked on
Extra Level of Erasure for Used Android Phone
Other than Factory Reset, what precautions can I use to DEEPLY erase a used Android Phone that I've gotten? Need some EXTRA level of erasing before I apply all my data to it.
One idea that occurred to me: activate phone with a dummy account. Turn on video, and just let it run until all the memory has been written over.
Then: Factory Reset again, add REAL account.
What's a good way?
Many thanks,
OT
One idea that occurred to me: activate phone with a dummy account. Turn on video, and just let it run until all the memory has been written over.
Then: Factory Reset again, add REAL account.
What's a good way?
Many thanks,
OT
If you're worried about having remnants of someone else's data on it, you can encrypt the phone, then perform a factory reset as instructed here: https://www.zdnet.com/article/heres-how-to-securely-wipe-your-android-smartphone-for-resale/
If you're worried about potential malware or spyware that could monitor your use of the phone, well...it's technically possible that the Factory image has been modified to automatically install some monitoring software or something similar, so I guess not getting a used android phone would be the best way to avoid that. Realistically, though, the likelihood of something like that actually existing in the install image you have is fairly remote.
If you're worried about potential malware or spyware that could monitor your use of the phone, well...it's technically possible that the Factory image has been modified to automatically install some monitoring software or something similar, so I guess not getting a used android phone would be the best way to avoid that. Realistically, though, the likelihood of something like that actually existing in the install image you have is fairly remote.
Although encrypting the device and then doing a factory reset is generally enough to erase all the data securely, doing a bit extra doesn’t hurt. To do this, set up the smartphone after factory resetting it. Only this time, make sure no email details are added.
Once the setup is complete, record a junk video for as long as the internal storage on the device doesn’t get filled up. Doing this will overwrite the free space with throwaway data.
You can also perform another factory reset after adding fake content to your device. Then you can additional fake content and continue to reset and reload the device with fake content as many times as you would like. Each time you do it, you are adding layers of protection and confusion that protect the original content you had on your phone.
Once the setup is complete, record a junk video for as long as the internal storage on the device doesn’t get filled up. Doing this will overwrite the free space with throwaway data.
You can also perform another factory reset after adding fake content to your device. Then you can additional fake content and continue to reset and reload the device with fake content as many times as you would like. Each time you do it, you are adding layers of protection and confusion that protect the original content you had on your phone.
Bean, the person bought a used phone. They are not looking to sell their used phone.
Íf the concern is not for malware/compromise, is the concern that the phone had illeagal content?
Why not do the opposite and try to recover data from the phone which may help clear things up.
Why not do the opposite and try to recover data from the phone which may help clear things up.
The only way to completely erase the user-accessible contents of a used phone is to pull every memory chip off the circuit board and replace them with fresh-from-the-factory new ones. That'll deal with both the flash and the RAM. As a side effect it'll probably brick the phone because the Android operating system will go away along with the flash memory chips.
But even that won't clear the ... well, let's call it a BIOS. The firmware. The phone's equivalent of a BIOS that gets the thing running. The firmware can't be cleared because that would turn the phone into a brick. Even loading a new revision of firmware onto the phone won't erase everything, because there are some areas of the firmware flash EPROMs that are reserved.
<opinion>
At some point you have to say "That's as far as this can go practically," and hope that the Chinese phone manufacturer wasn't instructed to put in backdoors, and the Chinese chip manufacturer wasn't instructed to put in backdoors, and the firmware doesn't have backdoors (e.g., Computrace in PCs), and the CIA isn't interested in you, and your wife trusts you, and ... ad infinitum, ad nauseam, you get the idea. There are no guarantees when dealing with anything that is smarter than a pocket calculator.
No offense is intended, but I/M/O a used smartphone is not a good idea for anyone concerned about security.
</opinion>
But even that won't clear the ... well, let's call it a BIOS. The firmware. The phone's equivalent of a BIOS that gets the thing running. The firmware can't be cleared because that would turn the phone into a brick. Even loading a new revision of firmware onto the phone won't erase everything, because there are some areas of the firmware flash EPROMs that are reserved.
<opinion>
At some point you have to say "That's as far as this can go practically," and hope that the Chinese phone manufacturer wasn't instructed to put in backdoors, and the Chinese chip manufacturer wasn't instructed to put in backdoors, and the firmware doesn't have backdoors (e.g., Computrace in PCs), and the CIA isn't interested in you, and your wife trusts you, and ... ad infinitum, ad nauseam, you get the idea. There are no guarantees when dealing with anything that is smarter than a pocket calculator.
No offense is intended, but I/M/O a used smartphone is not a good idea for anyone concerned about security.
</opinion>
Sure, missed that. Rather I will change the other detachable phone parts like battery and reload new firmware after factory reset.
ASKER
Hi All,
Excellent insight and and advice!
My key concern is as Adam wrote:
I do understand there's a point of continual divisibility here - hoping to find any one or two best practices beyond factory reset. Cant root the phone. (Just an aside of extra info there. :) )
Many thanks,
OT
Excellent insight and and advice!
My key concern is as Adam wrote:
If you're worried about potential malware or spyware that could monitor your use of the phone...
I do understand there's a point of continual divisibility here - hoping to find any one or two best practices beyond factory reset. Cant root the phone. (Just an aside of extra info there. :) )
Many thanks,
OT
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks, ALL! :)))))))))))))))
ASKER
Also! On everyone's advice...I got a new phone! :D Factory sealed! :)))))))))))))
It sounds as though your concern is that if the phone you got might be compromised..
hacked/trojan virus , etc.
Or potentially a complete fake.