Abstract
Smart mobile devices are becoming the main vessel of personal privacy information. While they carry valuable information, data erasure is somehow much more vulnerable than was predicted. The security mechanisms provided by the Android system are not flexible enough to thoroughly delete sensitive data. In addition to the weakness among several provided data-erasing and file-deleting mechanisms, we also target the Android OS design flaws in data erasure, and unveil that the design of the Android OS contradicts some secure data-erasure demands. We present the data-erasure flaws in three typical scenarios on mainstream Android devices, such as the data clearing flaw, application uninstallation flaw, and factory reset flaw. Some of these flaws are inherited data-deleting security issues from the Linux kernel, and some are new vulnerabilities in the Android system. Those scenarios reveal the data leak points in Android systems. Moreover, we reveal that the data remanence on the disk is rarely affected by the user’s daily operation, such as file deletion and app installation and uninstallation, by a real-world data deletion latency experiment. After one volunteer used the Android phone for 2 months, the data remanence amount was still considerable. Then, we proposed DataRaider for file recovering from disk fragments. It adopts a file-carving technique and is implemented as an automated sensitive information recovering framework. DataRaider is able to extract private data in a raw disk image without any file system information, and the recovery rate is considerably high in the four test Android phones. We propose some mitigation for data remanence issues, and give the users some suggestions on data protection in Android systems.
- Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, and Patrick McDaniel. 2014. FlowDroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps. In Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI’14). ACM, New York, NY, 259--269. Google Scholar
Digital Library
- Abdullah Azfar, Kim-Kwang Raymond Choo, and Lin Liu. 2015. Forensic taxonomy of popular Android mHealth apps. arXiv preprint arXiv:1505.02905 (2015).Google Scholar
- Abdullah Azfar, Kim-Kwang Raymond Choo, and Lin Liu. 2016a. An Android communication app forensic taxonomy. Journal of Forensic Sciences 61, 5, 1337--1350. Google Scholar
Cross Ref
- Abdullah Azfar, Kim-Kwang Raymond Choo, and Lin Liu. 2016b. Android mobile VoIP apps: A survey and examination of their security and privacy. Electronic Commerce Research 16, 1, 73--111. Google Scholar
Digital Library
- Michael Backes, Sebastian Gerling, Christian Hammer, Matteo Maffei, and Philipp von Styp-Rekowsky. 2013. AppGuard: Enforcing user requirements on Android apps. In Proceedings of the 19th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS’13). Springer, Berlin, 543--548. Google Scholar
Digital Library
- Steven Bauer and Nissanka Bodhi Priyantha. 2001. Secure data deletion for Linux file systems. In Usenix Security Symposium, Vol. 174. Google Scholar
Digital Library
- Graeme B. Bell and Richard Boddington. 2010. Solid state drives: The beginning of the end for current practice in digital forensic recovery? Journal of Digital Forensics, Security and Law 5, 3, 1--20.Google Scholar
- Ing Breeuwsma and others. 2006. Forensic imaging of embedded systems using JTAG (boundary-scan). Digital Investigation 3, 1, 32--42. Google Scholar
Digital Library
- Sven Bugiel, Stephan Heuser, and Ahmad-Reza Sadeghi. 2013. Flexible and fine-grained mandatory access control on Android for diverse security and privacy policies. In Usenix Security. 131--146. Google Scholar
Digital Library
- CWM. 2015. ClockworkMod Recovery. Retrieved December 6, 2016 from https://www.clockworkmod.com.Google Scholar
- Quang Do, Ben Martini, and Kim-Kwang Raymond Choo. 2015. A forensically sound adversary model for mobile devices. PloS One 10, 9, e0138449.Google Scholar
Cross Ref
- Nikolay Elenkov. 2014. Revisiting Android disk encryption. http://nelenkov.blogspot.com/2014/10/revisiting-android-disk-encryption.html. (2014).Google Scholar
- William Enck, Peter Gilbert, Seungyeop Han, Vasant Tendulkar, Byung-Gon Chun, Landon P. Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol N. Sheth. 2014. TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones. ACM Transactions on Computer Systems 32, 2, Article 5, 29 pages. Google Scholar
Digital Library
- Ext4 Wiki. 2015. Ext4 and Ext2/Ext3) Wiki. Retrieved December 6, 2016 from https://ext4.wiki.kernel.org/ index.php/Main_Page.Google Scholar
- Kevin D. Fairbanks, Christopher P. Lee, and Henry L. Owen III. 2010. Forensic implications of EXT4. In Proceedings of the 6th Annual Workshop on Cyber Security and Information Intelligence Research. ACM, 22. Google Scholar
Digital Library
- ForensicsWiki. 2014. Solid State Driver Forensics. Retrieved December 6, 2016 from http://www.forensicswiki.org/wiki/Solid_State_Drive_(SSD)_Forensics.Google Scholar
- Stephan Heuser, Adwait Nadkarni, William Enck, and Ahmad-Reza Sadeghi. 2014. ASM: A programmable interface for extending Android security. In Proceedings of the 23rd USENIX Conference on Security Symposium (SEC’14). USENIX Association, Berkeley, CA, 1005--1019. http://dl.acm.org/citation.cfm?id=2671225.2671289 Google Scholar
Digital Library
- Felix Immanuel, Ben Martini, and Kim-Kwang Raymond Choo. 2015. Android cache taxonomy and forensic process. In IEEE Trustcom/BigDataSE/ISPA, Vol. 1. IEEE, 1094--1101. Google Scholar
Digital Library
- JEDEC. 2014. Flash Memory. Retrieved from http://www.jedec.org/category/technology-focus-area/flash- memory-ssds-ufs-emmc.Google Scholar
- Jinseong Jeon, Kristopher K. Micinski, Jeffrey A. Vaughan, Ari Fogel, Nikhilesh Reddy, Jeffrey S. Foster, and Todd Millstein. 2012. Dr. Android and Mr. Hide: Fine-grained permissions in Android applications. In Proceedings of the 2nd ACM Workshop on Security and Privacy in Smartphones and Mobile Devices. ACM, 3--14. Google Scholar
Digital Library
- Dohyun Kim, Jungheum Park, Keun-gi Lee, and Sangjin Lee. 2012. Forensic analysis of Android phone using Ext4 file system journal log. In Future Information Technology, Application, and Service. Springer, 435--446. Google Scholar
Cross Ref
- Hyeong-Jun Kim and Jin-Soo Kim. 2012. Tuning the Ext4 filesystem performance for Android-based smartphones. In Frontiers in Computer Education. Springer, 745--752. Google Scholar
Cross Ref
- Christopher King and Timothy Vidas. 2011. Empirical analysis of solid state disk data retention when used with contemporary operating systems. Digital Investigation 8, S111--S117. Google Scholar
Digital Library
- Kenneth C. Kung. 1993. Secure file erasure. (Nov. 23 1993). US Patent 5,265,159.Google Scholar
- Jaeheung Lee, Junyoung Heo, Yookun Cho, Jiman Hong, and Sung Y. Shin. 2008. Secure deletion for NAND flash file system. In Proceedings of the 2008 ACM Symposium on Applied Computing. ACM, 1710--1714. Google Scholar
Digital Library
- Ming Di Leom, Kim-Kwang Raymond Choo, and Ray Hunt. 2016. Remote wiping and secure deletion on mobile devices: A review. Journal of Forensic Sciences 61, 6, 1473--1492. Google Scholar
Cross Ref
- Ming Di Leom, Christian Javier DOrazio, Gaye Deegan, and Kim-Kwang Raymond Choo. 2015. Forensic collection and analysis of thumbnails in Android. In IEEE Trustcom/BigDataSE/ISPA, Vol. 1. IEEE, 1059--1066. Google Scholar
Digital Library
- Yuhao Luo, Dawu Gu, and Juanru Li. 2013. Toward active and efficient privacy protection for Android. In Proceedings of the International Conference on Information Science and Technology (ICIST’13). IEEE, 924--929. Google Scholar
Cross Ref
- Tilo Müller and Michael Spreitzenbarth. 2013. FROST. In Applied Cryptography and Network Security. Springer, 373--388. Google Scholar
Digital Library
- Piriform. 2015. Recuva. Retrieved December 6, 2016 from https://www.piriform.com/recuva.Google Scholar
- Hal Pomeranz. 2010. Understanding ext4. Retrieved from http://digital-forensics.sans.org/blog/2010/12/20/digital-forensics-understanding-ext4-part-1-extents.Google Scholar
- Darren Quick and Kim-Kwang Raymond Choo. 2013a. Digital droplets: Microsoft SkyDrive forensic data remnants. Future Generation Computer Systems 29, 6, 1378--1394. Google Scholar
Digital Library
- Darren Quick and Kim-Kwang Raymond Choo. 2013b. Forensic collection of cloud storage data: Does the act of collection result in changes to the data or its metadata? Digital Investigation 10, 3, 266--277. Google Scholar
Digital Library
- Joel Reardon, David Basin, and Srdjan Capkun. 2013. Sok: Secure data deletion. In Proceedings of the IEEE Symposium on Security and Privacy (SP’13). IEEE, 301--315. Google Scholar
Digital Library
- Joel Reardon, Claudio Marforio, Srdjan Capkun, and David Basin. 2012. User-level secure deletion on log-structured file systems. In Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security. ACM, 63--64. Google Scholar
Digital Library
- SourceForge. 2013. extundelete. Retrieved December 6, 2016 from http://extundelete.sourceforge.net/.Google Scholar
- SourceForge. 2015. Foremost. Retrieved December 6, 2016 from http://foremost.sourceforge.net/. (2015).Google Scholar
- SQLite. 2015. SQLite3 File Format. Retrieved December 6, 2016 from https://www.sqlite.org/fileformat.html.Google Scholar
- TWRP. 2015. Team Win Recovery Project. Retrieved December 6, 2016 from http://teamw.in/project/twrp2. (2015).Google Scholar
- Zhaohui Wang, Rahul Murmuria, and Angelos Stavrou. 2012. Implementing and optimizing an encryption filesystem on Android. In Proceedings of the IEEE 13th International Conference on Mobile Data Management (MDM’12). IEEE, 52--62. Google Scholar
Digital Library
- Michael Wei, Laura M. Grupp, Frederick E. Spada, and Steven Swanson. 2011. Reliably erasing data from flash-based solid state drives. In Proceedings of the 9th USENIX Conference on File and Storage Technologies (FAST’11). USENIX Association, Berkeley, CA, 8--8. http://dl.acm.org/citation. cfm?id=1960475.1960483 Google Scholar
Digital Library
- Wikipedia. 2014. Flash Memory: SSDs, UFS, e.MMC. Retrieved December 6, 2016 from http://en.wikipedia.org/w/index.php?title=Flash_memory.Google Scholar
- Chiachih Wu, Yajin Zhou, Kunal Patel, Zhenkai Liang, and Xuxian Jiang. 2014. AirBag: Boosting smartphone resistance to malware infection. In Proceedings of the 21st Annual Network and Distributed System Security Symposium (NDSS’14). Retrieved from http://www.internetsociety.org/ doc/airbag-boosting-smartphone-resistance-malware-infection.Google Scholar
Cross Ref
- XDA Developers. 2015a. Rooting. Retrieved December 6, 2016 from http://forum.xda-developers.com/wiki/Root.Google Scholar
- XDA Developers. 2015b. Android Recovery Wiki. Retrieved December 6, 2016 from http://forum.xda-developers.com/wiki/Recovery.Google Scholar
- R. Xu, H. Saidi, and R. Anderson. 2012. Aurasium: Practical policy enforcement for Android applications. In Proceedings of the 21st USENIX Conference on Security. Google Scholar
Digital Library
Index Terms
Why Data Deletion Fails? A Study on Deletion Flaws and Data Remanence in Android Systems
Recommendations
A survey of confidential data storage and deletion methods
As the amount of digital data grows, so does the theft of sensitive data through the loss or misplacement of laptops, thumb drives, external hard drives, and other electronic storage media. Sensitive data may also be leaked accidentally due to improper ...
From System Services Freezing to System Server Shutdown in Android: All You Need Is a Loop in an App
CCS '15: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications SecurityThe Android OS not only dominates 78.6% of the worldwide smartphone market in 2014, but importantly has been widely used for mission critical tasks (e.g., medical devices, auto/aircraft navigators, embedded in satellite project). The core of Android, ...
Enforcing File System Permissions on Android External Storage: Android File System Permissions (AFP) Prototype and ownCloud
TRUSTCOM '14: Proceedings of the 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and CommunicationsMobile devices are fast becoming critical information management tools often storing a range of personal and corporate confidential data often synced from online and cloud based storage services. Mobile device operating system designers are increasing ...






Comments