A number of tests carried out on Android's data wiping processes have discovered it is possible to retrieve sensitive data from tablet devices that have previously been deleted. In some instances, the factory reset option only removed the list of where information was stored - leaving everything else on the tablet. Researchers also found a flaw - related to the Rockchip processor - in Tesco's Hudl tablet that left it open to attack on files saved to the device's memory.
Tests were carried out by the BBC on second-hand tablets selling on eBay and other online stores. Other tests were performed on Android devices to see how data could be retrieved from devices. A study by security company Avast resulted in it retrieving thousands of images, emails, text messages and contact details from Android devices.
While tablet owners must activate encryption on their devices themselves, the next release of Android - the L-release - is believed to have this enabled.
Sven Boddington, vice president for global marketing and client solutions at Telepla, believes resellers need to take responsibility for correctly preparing devices for resale. 'To say it's worrying to find tablet devices are being sold with data still on them is an understatement. This is not the first instance, we’re constantly seeing this kind of story in the news,' he said.
As consumers become increasingly reliant on mobile devices, from basic communications, social media, to mobile banking and payment transactions, the data they carry is more and more sensitive, he explained.
He said that businesses that process mobile devices - such as smartphones and tablets - for use as second-hand products have a responsibility to the sellers, and buyers of these devices, to ensure that the 'proper security procedures are applied so that personal data is thoroughly and permanently destroyed'.
'It’s not good enough to delete the personal data to only a basic standard or worse still, not at all, as there is an obligation to comply with data protection laws,' he emphasised.
'One way of doing this is to meet recognised industry standards such as the Device Renewal Forum Certification Compliance criteria for Data Sanitisation for mobile devices,' he added.
Mobile contacted Google for comment. A company spokesperson said: 'If you sell or dispose of your device, we recommend you enable encryption on your device and apply a factory reset beforehand.' This has been available on Android for over three years.
A Tesco spokesperson told Mobile: 'Customers should always ensure all personal information is removed prior to giving away or selling any mobile device. To guarantee this, customers should use a data wipe program.'
The spokesperson said that tablets returned to Tesco would have all personal data removed by the retailer.
The supermarket directed consumers to the Government's Get Safe Online website for further guidance on protecting their personal data.