Securely wiping Android devices

!
Warning: This post is over 365 days old. The information may be out of date.

This post was last updated on January 26th, 2021. (Added information about the awipe project.)


When you sell your old Android devices, you want to make sure that your personal information is unrecoverable. On devices with proper flash firmware, the data cells are wiped with a delete command when you wipe the device from recovery. But how do you know that the firmware is doing what it’s supposed to be doing?

I searched for ways to securely wipe Android devices, but all the answers conflicted with each other. Some people said a factory reset through recovery was enough, while others said an encryption process was required before factory resetting, as the encryption process encrypts free space, leaving no data to be recovered. And some answers were more bleak, suggesting readers to just physically destroy the device if the data in question was extremely sensitive.

So, ordered in increasing levels of paranoia, here are all the ways of securely wiping your Android device.

Method 1 - Just wipe

If you have a recent Android device that is encrypted straight from the factory, just wipe!

If your device shipped with Android 10, then it must support FBE (file-based encryption).

To see if your device is encrypted with FBE, check for the following props: ro.crypto.state and ro.crypto.type set to file.

Method 2 - Encrypt and wipe

If you have a semi-recent Android device that supports FDE (full-disk encryption) then encrypt and wipe.

To see if your device is encrypted with FDE, check for the following props: ro.crypt.state.

Method 3a - dd

Original from this Reddit comment

Reading this comment I remembered most Android devices ship with a rudimentary version of Busybox, which includes the dd utility.

Thus, to quickly fill the device with pseudorandom data, one would simply run:

adb shell
cat /dev/urandom > random_file

Or, if you’re just as paranoid as the above Redditor, you can run multiple passes:

for i in 0 1 2 3 4 5 6 7 8 9; do cat /dev/urandom > $i; rm $i; done

Personally, I don’t really see the benefits of running this multiple times, given that flash memory can wear out, and I haven’t seen any articles about data being recovered from wear-leveling cells.

Method 3b - app

I had some free time and decided to turn method 3 into an app that users can run to overwrite free storage space.

There are a lot of apps on the Play Store that claim to do the same thing - but I can’t really trust them because they are proprietary. So I wrote an app myself that does mostly the same thing.

It’s called awipe, and it works by randomly generating data and writing it to a file on the internal storage. So functionally, it is the same as the dd command above.

The app is better than the other solutions for the following reasons:

  • You don’t need to enable USB debugging
  • You don’t need a computer around
  • The app can be sideloaded via a OTG adapter and a USB drive. Unlike Play Store apps, awipe does not require you to sign in with a Google account, as you can sideload it. Once it’s done overwriting free space, just wipe the entire device and no PII will remain.
  • The app shows you the progress, unlike dd
  • The app is open source
  • You don’t need to memorize that dd command
  • Everything happens on-device

Method 4 - Physical

If you are really, really paranoid and you want to remove any possibility of data recovery, then physically destroying the device would be an option.

If you know how to open up the device and would like to recycle the other components of your device, then grab a drill and make a hole in the flash chip. Refer to iFixit or teardown videos to see where those chips are located. Alternatively, remove the battery and burn the device.

comments