Blog: Android
Is a remote wipe any better than a factory reset on an Android device?
During our presentation at 44con
last week, we were asked if a remote wipe was different to a factory reset on the local device. We had to confess to not having checked, as it wasn’t key to our demo.
But in the spirit of thoroughness, we went to check:
Remote wipe is performed through the device administration API. You can check the device administrators in Device administration->Device Administrators. Google’s default one is “Android Device Manager”.
For an application to become a device administrator it must request the BIND_DEVICE_ADMIN permission and then define a list of policies – essentially device administrator permissions. For an application to wipe the device it needs to request the policy of “USES_POLICY_WIPE_DATA”.
To actually perform the wipe, the application can call DevicePolicyManager.wipeData, with an optional flag to state whether external media ought to be wiped too.
We can see the source of wipeData in the DevicePolicyManager.java source (https://android.googlesource.com/platform/frameworks/base/+/android-4.4.4_r2.0.1/core/java/android/app/admin/DevicePolicyManager.java):
if (mService != null) {
try {
mService.wipeData(flags, UserHandle.myUserId());
} catch (RemoteException e) {
Log.w(TAG, “Failed talking with device policy service”, e);
}
}
}
So it just makes a call to the DevicePolicyManager service; (which we can see the source for at https://android.googlesource.com/platform/frameworks/base/+/android-4.4.4_r2.0.1/core/java/android/app/admin/DevicePolicyManager.java) which calls wipeDeviceOrUserLocked, which calls wipeDataLocked:
// If the SD card is encrypted and non-removable, we have to force a wipe.
boolean forceExtWipe = !Environment.isExternalStorageRemovable() && isExtStorageEncrypted();
boolean wipeExtRequested = (flags&DevicePolicyManager.WIPE_EXTERNAL_STORAGE) != 0;
// Note: we can only do the wipe via ExternalStorageFormatter if the volume is not emulated.
if ((forceExtWipe || wipeExtRequested) && !Environment.isExternalStorageEmulated()) {
Intent intent = new Intent(ExternalStorageFormatter.FORMAT_AND_FACTORY_RESET);
intent.putExtra(ExternalStorageFormatter.EXTRA_ALWAYS_RESET, true);
intent.setComponent(ExternalStorageFormatter.COMPONENT_NAME);
mWakeLock.acquire(10000);
mContext.startService(intent);
} else {
try {
RecoverySystem.rebootWipeUserData(mContext);
} catch (IOException e) {
Slog.w(TAG, “Failed requesting data wipe”, e);
}
}
}
Which ultimately calls RecoverySystem.rebootWipeUserData; which is what manually requesting a factory reset does.
So, in answer to the question: Is a remote wipe any better than a factory reset on an Android device?
…they’re the same wiping process. If the Android flavour you have doesn’t offer a decent wipe or encryption, then your data is still potentially exposed.
