If you sell or gift your old Android phone to someone, is it enough to do a factory reset to wipe all your sensitive data? And if your Android gets stolen, how sure are you that your anti-theft solution will do a good job wiping it and/or locking the device?
Consumers generally have no insight in how well these features work. Their only option is to trust the manufacturers' and developers' assurances, and wait for security researchers to test the solutions.
Now, two researchers from the Security Group at the University of Cambridge Computer Laboratory have published two papers that answer those questions.
The first one details the results of a security analysis of Android's Factory Reset option, tested on 21 second-hand Android smartphones from 5 vendors running Android versions v2.3.x to v4.3.
In the second paper, they revealed the results of their testing of the top 10 mobile anti-virus apps' anti-theft functions (“remote wipe” and “remote lock”). Again, the results are bad: they found flaws that undermine MAV security claims and highlight the fragility of third-party security apps. more