Skip to Content
MIT Technology Review
  • Featured
  • Topics
  • Newsletters
  • Events
  • Podcasts
    • Sign in
    Uncategorized

    CSI: Smart Phone

    For criminals who use Android smartphones, irretrievably wiping incriminating information is surprisingly easy.
    August 9, 2010

    An international criminal mastermind being chased by Interpol has only to initiate the uninstallation of a single application on his Android phone - completion of which takes less than five seconds - in order to irretrievably wipe out all incriminating information from the device, says a new paper just unveiled at the Digital Forensic Research Conference.

    The secret to this nefarious sauce is a relatively simple application that takes advantage, paradoxically, of the security built into the Android OS.

    In Android, all applications are “sandboxed” so that they can’t interfere with one another, except through actions requiring that permission be granted explicitly. Within an application, a “private folder” can be created to which incriminating data from the phone is routed.

    “Anti-forensics” applications can then use a feature built right into Android OS: when the application that owns one of these folders is uninstalled, the folder itself is automatically deleted.

    Of course, deleting a folder off of a disk is rarely the end of the story, and often even “erased” data can be retrieved from a disk - but the internal memory is not nearly as accessible as, say, a hard drive.

    In theory, a disk-level image of the phone’s internal memory would reveal the contents of such a folder, which is invisible at the OS level. But even if such an image could be obtained, the researchers say that forensic examiners would have to be able to identify the contents of the folder amidst the jumble of other information on the internal memory, which means that an invisible private folder is automatically a kind of steganography.

    More importantly, to date no tools can reliably extract the full contents of a phone’s internal memory (in contrast to, for example, external storage like an SD card). As a result, the researchers’ attempts to recover data after the successful uninstallation of their own data-deletion tool, called AFDroid, were completely unsuccessful.

    Here’s an image of the phone’s MMS cache before uninstallation of AFDroid.

    And here’s an image of the same cache after AFDroid has been uninstalled, automatically deleting the private folder that held the phone’s critical data.

    Now if only Tiger Woods had known about this…
    Android image cc Diarmuid Miklos

    Follow Mims on Twitter or contact him via email.

    Keep Reading

    Most Popular

    Here’s how a Twitter engineer says it will break in the coming weeks

    One insider says the company’s current staffing isn’t able to sustain the platform.

    Technology that lets us “speak” to our dead relatives has arrived. Are we ready?

    Digital clones of the people we love could forever change how we grieve.

    How to befriend a crow

    I watched a bunch of crows on TikTok and now I'm trying to connect with some local birds.

    Starlink signals can be reverse-engineered to work like GPS—whether SpaceX likes it or not

    Elon said no thanks to using his mega-constellation for navigation. Researchers went ahead anyway.

    Stay connected

    Illustration by Rose Wong

    Get the latest updates from
    MIT Technology Review

    Discover special offers, top stories, upcoming events, and more.

    Thank you for submitting your email!

    Explore more newsletters

    It looks like something went wrong.

    We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.