1

I am exchanging my old Android L phone for a new one. I have formatted the whole phone including bootloader and flashed its stock ROM using SP Flash Tool twice. I hope my data has been overwritten. Are there any chances that my data may still be recovered?

Improve this question

2 Answers 2

Reset to default
0

It can be recovered using complex sector scanning, however if you used Encryption, your Data partition may still have information on it, but it will still be encrypted.

The main source for recovering Data other than using Root Access to do a full sector scan of the Data / Cache Partitions, is to undelete data on the External SD Card..

You can do a sector scan of your storage without Root Access also, depending on your Android Version.

You should Overwrite the Data partition, not Delete the data and then Flash it again...

Deleting the Data Partition and the Flashing it again, doesn't actually Overwrite the old user data... Formatting it is not Overwriting it Either...

You need to do a Full format of every sector to Overwrite it...

Try writing over the internal storage with another file, repeatedly copy and paste a file until your device can not fit anything else ... Then format it ...

Improve this answer
1

I have formatted the whole phone including bootloader

Bootloader can't be overwritten, your device will be bricked. I think you meant boot partition which contains kernel. But that doesn't contain personal data you've been saving. That's saved on userdata partition which is mounted at /data and one of its directory /data/media/0 is exposed as /sdcard through emulation. So the major concern is to securely erase /data partition.

Are there any chances that my data may still be recovered?

  • Please note that on most newer device /data partition is encrypted by default (FBE/FDE enforced using forceencrypt or contents_encryption_mode flags in fstab). In this case your actual data is saved to /dev/block/dm-0 which is a logical volume mapped by device-mapper's crypt target over userdata partition. It means that data available on userdata block device is encrypted and not identifiable.
  • Secondly Android issues a scheduled/continuous TRIM command to flash storage (eMMC), which makes sure the deleted data is physically Erased from cells (which is a requirement before re-writing it; this is where Flash Media differs from HDDs).
  • Thirdly when you do a Factory Reset with stock recovery, BLKDISCARD or BLKSECDISCARD is issued before creating filesystem (formatting), which again makes sure the whole block device (userdata) is Erased. It means that all the Logical Block Addresses (LBAs) which belong to this partition will now return zeros if read.

If all of the three conditions meet on your device, be ensured that your data won't be recoverable.

Note that:

  • Overwriting data may not necessarily overwrite it, particularly on F2FS, which always writes data to new blocks as a part of it's wear-leveling strategy.
  • Simply formatting (creating filesystem) neither erases data nor overwrites it. It just recreates data structures (e.g. superblocks, file tables, directories, inode/block bitmaps, journals etc.). Formatting should be accompanied by TRIM or BLKDISCARD.
  • There is still a possibility that data is not Erased from physical cells (PBAs) even after issuing TRIM or BLKDISCARD, and it can possibly be recovered e.g. with chip-off forensics. There are a number of factors involved, including Over-Provisioning space, Wear-Leveling and Garbage Collection capabilities of the eMMC on your device.

For more details: How to make a complete factory reset, without anyone being able to retrieve my data?

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .