skip to main content
research-article

Why Data Deletion Fails? A Study on Deletion Flaws and Data Remanence in Android Systems

Authors Info & Claims
Published:10 January 2017Publication History
Skip Abstract Section

Abstract

Smart mobile devices are becoming the main vessel of personal privacy information. While they carry valuable information, data erasure is somehow much more vulnerable than was predicted. The security mechanisms provided by the Android system are not flexible enough to thoroughly delete sensitive data. In addition to the weakness among several provided data-erasing and file-deleting mechanisms, we also target the Android OS design flaws in data erasure, and unveil that the design of the Android OS contradicts some secure data-erasure demands. We present the data-erasure flaws in three typical scenarios on mainstream Android devices, such as the data clearing flaw, application uninstallation flaw, and factory reset flaw. Some of these flaws are inherited data-deleting security issues from the Linux kernel, and some are new vulnerabilities in the Android system. Those scenarios reveal the data leak points in Android systems. Moreover, we reveal that the data remanence on the disk is rarely affected by the user’s daily operation, such as file deletion and app installation and uninstallation, by a real-world data deletion latency experiment. After one volunteer used the Android phone for 2 months, the data remanence amount was still considerable. Then, we proposed DataRaider for file recovering from disk fragments. It adopts a file-carving technique and is implemented as an automated sensitive information recovering framework. DataRaider is able to extract private data in a raw disk image without any file system information, and the recovery rate is considerably high in the four test Android phones. We propose some mitigation for data remanence issues, and give the users some suggestions on data protection in Android systems.

References

  1. Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, and Patrick McDaniel. 2014. FlowDroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps. In Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI’14). ACM, New York, NY, 259--269. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Abdullah Azfar, Kim-Kwang Raymond Choo, and Lin Liu. 2015. Forensic taxonomy of popular Android mHealth apps. arXiv preprint arXiv:1505.02905 (2015).Google ScholarGoogle Scholar
  3. Abdullah Azfar, Kim-Kwang Raymond Choo, and Lin Liu. 2016a. An Android communication app forensic taxonomy. Journal of Forensic Sciences 61, 5, 1337--1350. Google ScholarGoogle ScholarCross RefCross Ref
  4. Abdullah Azfar, Kim-Kwang Raymond Choo, and Lin Liu. 2016b. Android mobile VoIP apps: A survey and examination of their security and privacy. Electronic Commerce Research 16, 1, 73--111. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Michael Backes, Sebastian Gerling, Christian Hammer, Matteo Maffei, and Philipp von Styp-Rekowsky. 2013. AppGuard: Enforcing user requirements on Android apps. In Proceedings of the 19th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS’13). Springer, Berlin, 543--548. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Steven Bauer and Nissanka Bodhi Priyantha. 2001. Secure data deletion for Linux file systems. In Usenix Security Symposium, Vol. 174. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Graeme B. Bell and Richard Boddington. 2010. Solid state drives: The beginning of the end for current practice in digital forensic recovery? Journal of Digital Forensics, Security and Law 5, 3, 1--20.Google ScholarGoogle Scholar
  8. Ing Breeuwsma and others. 2006. Forensic imaging of embedded systems using JTAG (boundary-scan). Digital Investigation 3, 1, 32--42. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Sven Bugiel, Stephan Heuser, and Ahmad-Reza Sadeghi. 2013. Flexible and fine-grained mandatory access control on Android for diverse security and privacy policies. In Usenix Security. 131--146. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. CWM. 2015. ClockworkMod Recovery. Retrieved December 6, 2016 from https://www.clockworkmod.com.Google ScholarGoogle Scholar
  11. Quang Do, Ben Martini, and Kim-Kwang Raymond Choo. 2015. A forensically sound adversary model for mobile devices. PloS One 10, 9, e0138449.Google ScholarGoogle ScholarCross RefCross Ref
  12. Nikolay Elenkov. 2014. Revisiting Android disk encryption. http://nelenkov.blogspot.com/2014/10/revisiting-android-disk-encryption.html. (2014).Google ScholarGoogle Scholar
  13. William Enck, Peter Gilbert, Seungyeop Han, Vasant Tendulkar, Byung-Gon Chun, Landon P. Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol N. Sheth. 2014. TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones. ACM Transactions on Computer Systems 32, 2, Article 5, 29 pages. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Ext4 Wiki. 2015. Ext4 and Ext2/Ext3) Wiki. Retrieved December 6, 2016 from https://ext4.wiki.kernel.org/ index.php/Main_Page.Google ScholarGoogle Scholar
  15. Kevin D. Fairbanks, Christopher P. Lee, and Henry L. Owen III. 2010. Forensic implications of EXT4. In Proceedings of the 6th Annual Workshop on Cyber Security and Information Intelligence Research. ACM, 22. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. ForensicsWiki. 2014. Solid State Driver Forensics. Retrieved December 6, 2016 from http://www.forensicswiki.org/wiki/Solid_State_Drive_(SSD)_Forensics.Google ScholarGoogle Scholar
  17. Stephan Heuser, Adwait Nadkarni, William Enck, and Ahmad-Reza Sadeghi. 2014. ASM: A programmable interface for extending Android security. In Proceedings of the 23rd USENIX Conference on Security Symposium (SEC’14). USENIX Association, Berkeley, CA, 1005--1019. http://dl.acm.org/citation.cfm?id=2671225.2671289 Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Felix Immanuel, Ben Martini, and Kim-Kwang Raymond Choo. 2015. Android cache taxonomy and forensic process. In IEEE Trustcom/BigDataSE/ISPA, Vol. 1. IEEE, 1094--1101. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. JEDEC. 2014. Flash Memory. Retrieved from http://www.jedec.org/category/technology-focus-area/flash- memory-ssds-ufs-emmc.Google ScholarGoogle Scholar
  20. Jinseong Jeon, Kristopher K. Micinski, Jeffrey A. Vaughan, Ari Fogel, Nikhilesh Reddy, Jeffrey S. Foster, and Todd Millstein. 2012. Dr. Android and Mr. Hide: Fine-grained permissions in Android applications. In Proceedings of the 2nd ACM Workshop on Security and Privacy in Smartphones and Mobile Devices. ACM, 3--14. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Dohyun Kim, Jungheum Park, Keun-gi Lee, and Sangjin Lee. 2012. Forensic analysis of Android phone using Ext4 file system journal log. In Future Information Technology, Application, and Service. Springer, 435--446. Google ScholarGoogle ScholarCross RefCross Ref
  22. Hyeong-Jun Kim and Jin-Soo Kim. 2012. Tuning the Ext4 filesystem performance for Android-based smartphones. In Frontiers in Computer Education. Springer, 745--752. Google ScholarGoogle ScholarCross RefCross Ref
  23. Christopher King and Timothy Vidas. 2011. Empirical analysis of solid state disk data retention when used with contemporary operating systems. Digital Investigation 8, S111--S117. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Kenneth C. Kung. 1993. Secure file erasure. (Nov. 23 1993). US Patent 5,265,159.Google ScholarGoogle Scholar
  25. Jaeheung Lee, Junyoung Heo, Yookun Cho, Jiman Hong, and Sung Y. Shin. 2008. Secure deletion for NAND flash file system. In Proceedings of the 2008 ACM Symposium on Applied Computing. ACM, 1710--1714. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Ming Di Leom, Kim-Kwang Raymond Choo, and Ray Hunt. 2016. Remote wiping and secure deletion on mobile devices: A review. Journal of Forensic Sciences 61, 6, 1473--1492. Google ScholarGoogle ScholarCross RefCross Ref
  27. Ming Di Leom, Christian Javier DOrazio, Gaye Deegan, and Kim-Kwang Raymond Choo. 2015. Forensic collection and analysis of thumbnails in Android. In IEEE Trustcom/BigDataSE/ISPA, Vol. 1. IEEE, 1059--1066. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Yuhao Luo, Dawu Gu, and Juanru Li. 2013. Toward active and efficient privacy protection for Android. In Proceedings of the International Conference on Information Science and Technology (ICIST’13). IEEE, 924--929. Google ScholarGoogle ScholarCross RefCross Ref
  29. Tilo Müller and Michael Spreitzenbarth. 2013. FROST. In Applied Cryptography and Network Security. Springer, 373--388. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. Piriform. 2015. Recuva. Retrieved December 6, 2016 from https://www.piriform.com/recuva.Google ScholarGoogle Scholar
  31. Hal Pomeranz. 2010. Understanding ext4. Retrieved from http://digital-forensics.sans.org/blog/2010/12/20/digital-forensics-understanding-ext4-part-1-extents.Google ScholarGoogle Scholar
  32. Darren Quick and Kim-Kwang Raymond Choo. 2013a. Digital droplets: Microsoft SkyDrive forensic data remnants. Future Generation Computer Systems 29, 6, 1378--1394. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Darren Quick and Kim-Kwang Raymond Choo. 2013b. Forensic collection of cloud storage data: Does the act of collection result in changes to the data or its metadata? Digital Investigation 10, 3, 266--277. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. Joel Reardon, David Basin, and Srdjan Capkun. 2013. Sok: Secure data deletion. In Proceedings of the IEEE Symposium on Security and Privacy (SP’13). IEEE, 301--315. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. Joel Reardon, Claudio Marforio, Srdjan Capkun, and David Basin. 2012. User-level secure deletion on log-structured file systems. In Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security. ACM, 63--64. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. SourceForge. 2013. extundelete. Retrieved December 6, 2016 from http://extundelete.sourceforge.net/.Google ScholarGoogle Scholar
  37. SourceForge. 2015. Foremost. Retrieved December 6, 2016 from http://foremost.sourceforge.net/. (2015).Google ScholarGoogle Scholar
  38. SQLite. 2015. SQLite3 File Format. Retrieved December 6, 2016 from https://www.sqlite.org/fileformat.html.Google ScholarGoogle Scholar
  39. TWRP. 2015. Team Win Recovery Project. Retrieved December 6, 2016 from http://teamw.in/project/twrp2. (2015).Google ScholarGoogle Scholar
  40. Zhaohui Wang, Rahul Murmuria, and Angelos Stavrou. 2012. Implementing and optimizing an encryption filesystem on Android. In Proceedings of the IEEE 13th International Conference on Mobile Data Management (MDM’12). IEEE, 52--62. Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. Michael Wei, Laura M. Grupp, Frederick E. Spada, and Steven Swanson. 2011. Reliably erasing data from flash-based solid state drives. In Proceedings of the 9th USENIX Conference on File and Storage Technologies (FAST’11). USENIX Association, Berkeley, CA, 8--8. http://dl.acm.org/citation. cfm?id=1960475.1960483 Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. Wikipedia. 2014. Flash Memory: SSDs, UFS, e.MMC. Retrieved December 6, 2016 from http://en.wikipedia.org/w/index.php?title=Flash_memory.Google ScholarGoogle Scholar
  43. Chiachih Wu, Yajin Zhou, Kunal Patel, Zhenkai Liang, and Xuxian Jiang. 2014. AirBag: Boosting smartphone resistance to malware infection. In Proceedings of the 21st Annual Network and Distributed System Security Symposium (NDSS’14). Retrieved from http://www.internetsociety.org/ doc/airbag-boosting-smartphone-resistance-malware-infection.Google ScholarGoogle ScholarCross RefCross Ref
  44. XDA Developers. 2015a. Rooting. Retrieved December 6, 2016 from http://forum.xda-developers.com/wiki/Root.Google ScholarGoogle Scholar
  45. XDA Developers. 2015b. Android Recovery Wiki. Retrieved December 6, 2016 from http://forum.xda-developers.com/wiki/Recovery.Google ScholarGoogle Scholar
  46. R. Xu, H. Saidi, and R. Anderson. 2012. Aurasium: Practical policy enforcement for Android applications. In Proceedings of the 21st USENIX Conference on Security. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Why Data Deletion Fails? A Study on Deletion Flaws and Data Remanence in Android Systems

    Recommendations

    Comments

    Login options

    Check if you have access through your login credentials or your institution to get full access on this article.

    Sign in

    Full Access

    PDF Format

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader
    About Cookies On This Site

    We use cookies to ensure that we give you the best experience on our website.

    Learn more

    Got it!