I am exchanging my old Android L phone for a new one. I have formatted the whole phone including bootloader and flashed its stock ROM using SP Flash Tool twice. I hope my data has been overwritten. Are there any chances that my data may still be recovered?
2 Answers
It can be recovered using complex sector scanning, however if you used Encryption, your Data partition may still have information on it, but it will still be encrypted.
The main source for recovering Data other than using Root Access to do a full sector scan of the Data / Cache Partitions, is to undelete data on the External SD Card..
You can do a sector scan of your storage without Root Access also, depending on your Android Version.
You should Overwrite the Data partition, not Delete the data and then Flash it again...
Deleting the Data Partition and the Flashing it again, doesn't actually Overwrite the old user data... Formatting it is not Overwriting it Either...
You need to do a Full format of every sector to Overwrite it...
Try writing over the internal storage with another file, repeatedly copy and paste a file until your device can not fit anything else ... Then format it ...
I have formatted the whole phone including bootloader
Bootloader can't be overwritten, your device will be bricked. I think you meant boot
partition which contains kernel. But that doesn't contain personal data you've been saving. That's saved on userdata
partition which is mounted at /data
and one of its directory /data/media/0
is exposed as /sdcard
through emulation. So the major concern is to securely erase /data
partition.
Are there any chances that my data may still be recovered?
- Please note that on most newer device
/data
partition is encrypted by default (FBE
/FDE
enforced usingforceencrypt
orcontents_encryption_mode
flags infstab
). In this case your actual data is saved to/dev/block/dm-0
which is a logical volume mapped by device-mapper'scrypt
target overuserdata
partition. It means that data available onuserdata
block device is encrypted and not identifiable. - Secondly Android issues a scheduled/continuous
TRIM
command to flash storage (eMMC), which makes sure the deleted data is physically Erased from cells (which is a requirement before re-writing it; this is where Flash Media differs from HDDs). - Thirdly when you do a Factory Reset with stock recovery,
BLKDISCARD
orBLKSECDISCARD
is issued before creating filesystem (formatting), which again makes sure the whole block device (userdata
) is Erased. It means that all the Logical Block Addresses (LBAs) which belong to this partition will now return zeros if read.
If all of the three conditions meet on your device, be ensured that your data won't be recoverable.
Note that:
- Overwriting data may not necessarily overwrite it, particularly on
F2FS
, which always writes data to new blocks as a part of it's wear-leveling strategy. - Simply formatting (creating filesystem) neither erases data nor overwrites it. It just recreates data structures (e.g. superblocks, file tables, directories, inode/block bitmaps, journals etc.). Formatting should be accompanied by
TRIM
orBLKDISCARD
. - There is still a possibility that data is not Erased from physical cells (PBAs) even after issuing
TRIM
orBLKDISCARD
, and it can possibly be recovered e.g. with chip-off forensics. There are a number of factors involved, includingOver-Provisioning
space,Wear-Leveling
andGarbage Collection
capabilities of theeMMC
on your device.
For more details: How to make a complete factory reset, without anyone being able to retrieve my data?