[guardian-dev] Is a secure wipe possible on Android?

[Nathan Freitas]

Please tell me why this won't work[1], is a bad idea, or why this very
simple app doesn't exist yet for Android devices with 'dd' on them. For
most people, I could see this as a way to just zero out memory from time
to time after they delete sensitive data. The most extreme case is a
full wipe and zero/random of both internal and external memory.

(1. I know flash memory works differently than platter drives, but I
believe filling up all the empty memory is still a useful thing to do)


The App Main Screen
- Clean Options
--- SDCard
--- Internal Memory
- Erase & Clean Options (Requires Root)
--- SDCard
--- App Data
--- All Installed Apps

Screen 2
-- Are you SURE!?
-- How Paranoid Are You? Slider: 1 to 7
-- Fast (Zero out) or Slow (Random out)

This then kicks off the following shell command from 1 to 7 times
where FILE_PATH is /mnt/sdcard or /data/app or /data/data
and "zero" could also "urandom"

cd /mnt/sdcard
dd if=/dev/zero of=zero.small.file bs=1024 count=102400
dd if=/dev/zero of=zero.file bs=1024
sync ; sleep 60 ; sync
rm zero.small.file
rm zero.file

Is this an app that should be built, or should we just focus/support
efforts to offer completely encrypted file system?

On a related note, I found this company viaforensics who is already
promoting their forensics capabilities on Android devices. They have a
pretty interested, but dated, presentations up on what they have been
able to recover using adb and other simple tools:
http://viaforensics.com/services/mobile-forensics/android-forensics

Thanks for any comments!

+n8fr8