When it comes to clearing data off mobile devices, there are a lot of myths floating around, writes Thomas Rayas, the senior vice president of marketing and customer success at FutureDial. Maybe you’ve heard about a magical place where cleared mobile data disappears. It’s a digital heaven beyond the cloud, where data goes — never to be seen again. You haven’t heard that one?
Although it makes for a great children’s book idea, sadly this data Shangri-La doesn’t exist. But in the real world, there are some more commonly heard myths about the thoroughness of mobile data clearing, and whether data is ever truly gone. It’s time to separate fact from fiction, and clear up all those old wives’ tales.
Myth: Clearing a phone or tablet is like wiping a computer drive
Researchers at the University of California, San Diego put out a study on reliably cleaning off flash-based solid state drives (SSDs), which are found in mobile devices. It states, “the internals of an SSD differ in almost every respect from a hard drive, so assuming that the erasure techniques that work for hard drives will also work for SSDs is dangerous.”
What’s the big difference between a Hard Drive versus SSDs? For starters, a standard mechanical hard disk drive (HDD) uses what’s called magnetic media, which requires a complete scrubbing of the drive to make it unreadable. Contrast this with smart phones and similar devices which use flash memory. Flash is a very different technology. It does not benefit from multi-pass overwrite, due to the way the chip set randomly stores data in memory.
There are also differences between flash drives and magnetic media in their thoroughness after a data clear. A flash drive stores data in the form of persistent electrical charge and over time that charge diminishes. However, magnetic media can have leftover data traces resulting from mechanical tolerances within parts of the drive.
Myth: Data is unrecoverable after an SSD clear
It takes a bit of technical knowledge to address this myth. SSD data clearing is typically performed through a set of commands to the device’s chipset, which ties into how and when data is written to the memory. A common practice is erasing a memory sector before writing to it, mainly for the performance gain (versus over-writing data on a used sector). These commands are packaged in a set of higher-level commands that are built in by the device manufacturer, and are dependent on the manufacturer of the flash memory chipset.
However, the added layer of command sets coupled with the complexity of smartphones leaves room for potential error. FutureDial has found that some mobile devices were not having everything cleared through the original equipment manufacturer (OEM) provided command sets. An untrained eye could easily miss this, leaving your data vulnerable.
Myth: It doesn’t matter whether cleared data is encrypted
Encryption is critically important to cleared data security. Hackers have at their disposal many common forensic tools that can recover data by reading directly from random locations in memory. Encryption offers another layer of security, making it nearly impossible to recover any data that is even remotely useful. Even the FBI and the NSA, with all the tools at their disposal, would have trouble recovering and making sense of cleared data.
Currently all iOS devices being shipped have encryption as a standard offering. Unfortunately, fragmentation in the Android marketplace means not all manufacturers turn the encryption services on as a default on their devices. But that’s changing as Google has mandated full-disk encryption for all devices running Android 6.0 Marshmallow. This trend towards device encryption is a positive sign in the fight against hackers looking to access long-cleared data.
Myth: It’s not worth having mobile data cleared professionally
You can always attempt to clear the data yourself, but there are major benefits to having your devices cleared professionally. One of them being peace of mind. FutureDial performs data clearing on mobile devices using both OEM command sets, as well as proprietary methods.
We sent mobile devices that were cleared using FutureDial software to a respected forensics analysis lab that performs data recovery services. They are regularly hired by law enforcement and investigative technical services for judicial proceedings. As part of our test, they attempted to recover any usable data from mobile devices that we had cleared (iPhones and Androids). The result was a zero percent recovery rate. They were wholly unsuccessful in recovering any data whatsoever.
Beyond the myths
Despite the misinformation out there, data clearing can be effective and thorough. When exploring options, keep in mind how the device was manufactured, the quality of the chipsets for flash memory and whether encryption is enabled in the device.
And lastly, know what to look for when searching for a reputable company that deals in mobile data clearing. They should have the knowledge and experience to invoke the right command sets (and other functions) while performing a data clear. Make sure they understand the intricacies of Flash Memory / SSDs and the fundamental differences between flash and magnetic media storage.
And if anyone tells you that your cleared mobile data goes to a magical place never to be seen again? Don’t believe them, it’s clearly a myth.
