Wipe function both local and remote

C

ctk

New member
I am testing Android OSs for approval for use within our company and I am concerned with a finding. When using the ActiveSync wipe or when selecting the Factory Data Reset option under Privacy it says this will erase all data from the phone and it appears that it does not. Any pictures or files saved to the phone remain along with tracking data the phone seems to collect.

Factory Data Reset says this will erase all data and it does not giving a false sense of security.

Worse yet the factory reset accomplished via any of these methods removes the password you may have put on the phone so now access to the files is free and clear.

The only way I have found to erase all data on the phone is to use the format SD card and storage functions for both onboard memory and any SD card inserted.

Think of all the people that use the reset function which says it will erase all data believing their phone has been wiped of all content and then sell it with all those pictures still on them.

Seems pretty scary to me. Am I missing something? Does this concern anyone else?
 
You're missing something

When you say any pictures saved on the phone are not deleted, this is true, because there aren't any stored on the phone itself. The pictures are saved on the SD card which is removable. The only exception to this is the Samsung Galaxy S range of phones which have a permanent SD card.

So just like if you wipe your PC or reinstall Windows this would not effect any USB Flash Drive that happened to be connected to your PC at the time.

The password was never required to access files on the SD card. Anyone with physical access to the phone could remove the SD card and use a card reader on any PC to read the files anyway.

People probably do forget to wipe their SD cards when they sell phones, yes. But this doesn't concern me - it's something I have and will always remember to do. Or more accurately I'd remove the memory card and not sell that with the phone. Even formatting it or deleting all the files off it, like with any drive, only effectively hides the files. They're very easy to recover.
 
I believe the HTC Android phone functions the same way in that it has ram on-board that is not wiped either. At least it seems to me the slot was not populated on the one I had for a day or so of testing.

Putting that point aside it seems to me that having a fucntion clearly state that this wipes all data from the device and then not do it is miss leading. It should state that is it not deleting data from the SD card and even better direct them to the sd format function as well. Most users are not phone/computer literate enough to know this.

This is one case where the internal only ram on the iPhone wins because it is not a removable card and it is wiped when it says it will. The wMobile devices also at least wipe the internal ram.

Ideally from corporate perspective it would be best if the remote wipe did wipe the loaded SD card as well as the internal RAM. I understand this is not fool proof but it does give us a chance of getting the wipe to it before a casual theif gets far enough to remove the card. Even better yet would be honoring the ActiveSync functions to block the use of SD cards because they can contain data and can be removed. I know many people don't like MS but the fact remains their Exchange systems and therefor ActiveSync is very popular in the business world and their tools through ActiveSync to manage and cotrol phone use are a very good step in the right direction from and enterprise perspective and more complete support would allow the Andorid based phones to unseat BlackBerry devices in the Enterprise.

Right now we continue to ban the Anderoid and the iPhone is moving in in record numbers over BlackBerry devices. This is too bad because the Android is a wonderful device to use.
 
For more support of the position stated above. Here is the text directly from the MS support forums on how the wipe was expected to work.

In addition to resetting the mobile phone to factory default condition, a remote device wipe also deletes any data on any storage card that's inserted in the mobile phone. If you're performing a remote device wipe on a mobile phone in your possession and want to keep the data on the storage card, remove the storage card before you initiate the remote device wipe.

From an enterprise perspective this is ideal. Not fool proof, nothing is, but the best possible option.
 
There are a number of apps available on the Market that can do full remote wipes, including the SD card. I don't recall any names off the top of my head, but I do recall reading about them. Perhaps someone else can help here? WaveSecure maybe?

Alternatively, why not make it corporate policy to not use SD cards?
 
We are heading down that path now but it seems to me that it would make more sense to have the functionality native to the OS. The functionality exists in the phone in the form or SD format so why can't the wipe funtion call that instead like all the other phone vendors currently do? How do I get this request to the developers?

I know Google and MS are not the best of friends but for the good of the Enterprise users this would be a huge improvement.

I am hoping that is enough interest in the Android community that this get successfully get to Google. At this point we are looking at paying a vendor like Wave Secure (McAfee) $20 a pop for functionality that seems to already be 90% complete.

The polcy path won't work without a way to enforce it whihc again if the full ActiveSync impementation where there would be available and that would not work for those phones that have a built in SD card such as the Increditble and the one you mentioned earlier.
 
You can request features or search existing requests here: http://code.google.com/p/android/issues/list

Click the New Issue link to create a request. Make sure it's not already requested in some form though. You may be waiting a year or more for the fix to appear of course. Even if they fixed it tomorrow it may be 6 months to a year before it appears in an update released for your phone, assuming it ever gets it.
 
Back
Top