>From what I have read, many Android phones (say, the Nexus One and the Nexus S) use NAND flash storage, which recent research (FAST '11) from the Non-Volatile Systems Laboratory at UCSD indicates may be difficult to reliably sanitize due to unreliable controllers:
"Reliably erasing data from storage media (sanitizing the media) is a critical component of secure data management. While sanitizing entire disks and individual files is well-understood for hard drives, flash- based solid state disks have a very different internal architecture, so it is unclear whether hard drive techniques will work for SSDs as well. We empirically evaluate the effectiveness of hard drive-oriented techniques and of the SSDs’ built-in sanitization commands by extracting raw data from the SSD’s flash chips after applying these techniques and commands. Our results lead to three conclusions: First, built-in commands are effective, but manufacturers sometimes implement them incorrectly. Second, overwriting the entire visible address space of an SSD twice is usually, but not always, sufficient to sanitize the drive. Third, none of the existing hard drive-oriented techniques for individual file sanitization are effective on SSDs." http://cseweb.ucsd.edu/users/swanson/papers/Fast2011SecErase.pdf http://nvsl.ucsd.edu/sanitize/ Some questions: 1) How vulnerable are Android phones to this issue? The Nexus One and Nexus S specifically? 2) What happens when an 'android.intent.action.MASTER_CLEAR' is broadcast? I'm not having the easiest time navigating the source on this one. Thanks, Jacob -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
