Extra Level of Erasure for Used Android Phone

oaktrees
oaktrees used Ask the Experts™
on
Other than Factory Reset, what precautions can I use to DEEPLY erase a used Android Phone that I've gotten?  Need some EXTRA level of erasing before I apply all my data to it.

One idea that occurred to me: activate phone with a dummy account.  Turn on video, and just let it run until all the memory has been written over.

Then: Factory Reset again, add REAL account.

What's a good way?

Many thanks,

OT
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Distinguished Expert 2017

Commented:
It seems your concern will not be addressed through erasure of the data
It sounds as though your concern is that if the phone you got might be compromised..
hacked/trojan virus , etc.
Or potentially a complete fake.
Adam BrownSenior Systems Admin
Top Expert 2010

Commented:
If you're worried about having remnants of someone else's data on it, you can encrypt the phone, then perform a factory reset as instructed here: https://www.zdnet.com/article/heres-how-to-securely-wipe-your-android-smartphone-for-resale/

If you're worried about potential malware or spyware that could monitor your use of the phone, well...it's technically possible that the Factory image has been modified to automatically install some monitoring software or something similar, so I guess not getting a used android phone would be the best way to avoid that. Realistically, though, the likelihood of something like that actually existing in the install image you have is fairly remote.
btanExec Consultant
Distinguished Expert 2018

Commented:
Although encrypting the device and then doing a factory reset is generally enough to erase all the data securely, doing a bit extra doesn’t hurt. To do this, set up the smartphone after factory resetting it. Only this time, make sure no email details are added.

Once the setup is complete, record a junk video for as long as the internal storage on the device doesn’t get filled up. Doing this will overwrite the free space with throwaway data.

You can also perform another factory reset after adding fake content to your device. Then you can additional fake content and continue to reset and reload the device with fake content as many times as you would like. Each time you do it, you are adding layers of protection and confusion that protect the original content you had on your phone.
Expert Spotlight: Joe Anderson (DatabaseMX)

We’ve posted a new Expert Spotlight!  Joe Anderson (DatabaseMX) has been on Experts Exchange since 2006. Learn more about this database architect, guitar aficionado, and Microsoft MVP.

Distinguished Expert 2017

Commented:
Bean, the person bought a used phone. They are not looking to sell their used phone.
Distinguished Expert 2017

Commented:
Íf the concern is not for malware/compromise, is the concern that the phone had illeagal content?

Why not do the opposite and try to recover data from the phone which may help clear things up.
Dr. KlahnPrincipal Software Engineer

Commented:
The only way to completely erase the user-accessible contents of a used phone is to pull every memory chip off the circuit board and replace them with fresh-from-the-factory new ones.  That'll deal with both the flash and the RAM.  As a side effect it'll probably brick the phone because the Android operating system will go away along with the flash memory chips.

But even that won't clear the ... well, let's call it a BIOS.  The firmware.  The phone's equivalent of a BIOS that gets the thing running.  The firmware can't be cleared because that would turn the phone into a brick.  Even loading a new revision of firmware onto the phone won't erase everything, because there are some areas of the firmware flash EPROMs that are reserved.

<opinion>
At some point you have to say "That's as far as this can go practically," and hope that the Chinese phone manufacturer wasn't instructed to put in backdoors, and the Chinese chip manufacturer wasn't instructed to put in backdoors, and the firmware doesn't have backdoors (e.g., Computrace in PCs), and the CIA isn't interested in you, and your wife trusts you, and ... ad infinitum, ad nauseam, you get the idea.  There are no guarantees when dealing with anything that is smarter than a pocket calculator.


No offense is intended, but I/M/O a used smartphone is not a good idea for anyone concerned about security.
</opinion>
btanExec Consultant
Distinguished Expert 2018

Commented:
Sure, missed that. Rather I will change the other detachable phone parts like battery and reload new firmware after factory reset.

Author

Commented:
Hi All,

Excellent insight and and advice!  

My key concern is as Adam wrote:

If you're worried about potential malware or spyware that could monitor your use of the phone...

I do understand there's a point of continual divisibility here - hoping to find any one or two best practices beyond factory reset.  Cant root the phone. (Just an aside of extra info there. :) )

Many thanks,

OT
Exec Consultant
Distinguished Expert 2018
Commented:
I will at getting an Android to check for "eastern egg". At times infected phone may have that changed as malware author may like to leave a mark..

https://www.google.com/amp/s/www.pocket-lint.com/apps/news/google/138312-how-to-access-android-easter-egg.amphtml

Author

Commented:
Thanks, ALL! :)))))))))))))))

Author

Commented:
Also!  On everyone's advice...I got a new phone! :D  Factory sealed! :)))))))))))))

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial