4

Is there a good way for shredding my Android's free space to ensure data cannot be recovered? I want to permanently shred my deleted files in free space. I have heard of secure eraser and ishredder.

Firelord
  • 25,084
  • 20
  • 124
  • 286
learner5482
  • 43
  • 1
  • 3
  • 1
    https://android.stackexchange.com/questions/231132/is-there-alternative-to-the-shred-unitlity-for-android#comment303472_231132 – Irfan Latif Feb 02 '21 at 01:12

1 Answers1

9

Managed flash memory

Most smartphones use managed eMMC memory which means the flash chip itself is performing the flash wear leveling (the eMMC chip has a small CPU integrated which performs the wear leveling). Effectively this means that you can not shred anything on such flash chips. If you try to overwrite a the data blocks that belongs to a file the newly written data is simply redirected to a new position in flash memory. Therefore the original data still exists but can no longer be accessed through the file-system.

The only way to erase at least large parts of the data with a high probability is to totally use-up all free space by writing one or more large files that use up all free space. But be careful - some devices "don't like it" if all flash memory is used (device crash, does not boot, ...). Therefore it is better to spare some KB and leave it unused.

The only safe way to totally erase data on a modern Android smartphone is to perform a factory reset. As modern Android devices are encrypted by default by performing a factory reset you erase and regenerate the encryption key (at least this is the way it should work).

Unmanaged flash memory

On some simple/cheap Android system it may happen that the flash wear leveling is not implemented inside the eMMC memory itself. Instead those devices use unmanaged flash memory and implement wear leveling in software inside the file-system driver. This require special file-systems that include the wear leveling such as YAFFS/YAFFS2/JFFS2. On such systems it would be possible with root permissions to really overwrite and therefore erase data of one specific file.

Robert
  • 20,025
  • 6
  • 47
  • 66
  • I found some articles telling about overwriting the free space with random data. So according to u this doesn't work(that data will end up in new space), and they are wrong right? – learner5482 Feb 02 '21 at 06:35
  • I have done shredding before by those apps and in the middle of shredding my system shows me storage running out notification. Is it for that thing? – learner5482 Feb 02 '21 at 06:37
  • 1
    I think they overwrite the whole free space with random data, not specifically. Am I right? – learner5482 Feb 02 '21 at 06:39
  • And I used termux. There is a command for shredding files and deleting. Any idea about this? – learner5482 Feb 02 '21 at 06:40
  • @learner5482 Would you mind telling us the "termux command for shredding files"? Otherwise it is difficult to say anything about it. – Robert Feb 02 '21 at 08:47
  • I used it long time ago but I think it is shred. --help for more.... – learner5482 Feb 02 '21 at 11:46
  • @learner5482: The manual for shred explicitly warns that it only works if the system overwrites files in place. – user2357112 Feb 02 '21 at 12:46
  • @user2357112supportsMonica O, it says that the file system itself will do the overwriting by getting the shred command, not the application. It works in android? Which type of file system does android own? – learner5482 Feb 02 '21 at 19:03
  • @learner5482: "Runs with no error messages" and "works" are very different things. It might have looked like it worked, but it almost certainly didn't. – user2357112 Feb 02 '21 at 19:08
  • Thanks for clearing my misunderstanding. – learner5482 Feb 02 '21 at 20:12
  • Connected my phone to Ubuntu via USB tethering. Tried wipe -rfiqQ 1 filename. Got open error: Operation not supported. Opened the file in VIM, deleted few characters and tried saving. Got "Can't open file for writing" error. rm -rf filename worked. But from this answer I understand that the original file is still there. Why didn't wipe work, but rm did? Isn't there ANY way to ensure that I can shred a particular file I choose (without installing an external app)? I hope something is done to fix this problem. – John David Dec 01 '23 at 10:08
  • @JohnDavid Most likely you use MTP virtual file system. MTP is a crap protocol by MS. Don't use it, use adb instead. If your device uses File Based Encryption then deleting should be enough, as every file has an own encryption key which is erased when deleting the file. This makes recovery very very complicated as file carving becomes impossible. – Robert Dec 01 '23 at 14:52