stackoom
  简体   繁体   中英

How to wipe out data on SD card permanently

 原文  2014-10-23 05:43:43       android/ linux/ encryption/ filesystems/ sd-card

Question

I am developing an android app which allows users wiping data on SD card permanently. What is important is that the data removed CANNOT be recovered by CardRecover and the like software.

As far as I know, there are mainly two methods now.

  1. Using File.delete() method directly. See this thread .
  2. Using IMountService and ServiceManager to format SD card. See this thread .

However, CardRecover is able to recover data under these two situation.

I know if the whole SD card is overwrite, the data cannot be recovered any more. I tried this method, but the performance is hardly acceptable.

So how can I achieve this goal?

I have two ideas as following now, but am not sure if they are proper.

  • Encrypting all the files on SD card.
  • Break all the files on SD card like what virus does.

1 answers

solution1
 2 ACCPTED  2014-10-23 07:09:20

Deleting a file using File#delete() or reformatting the card is the equivalent of scribbling over the page number of a chapter in the index of a book, or tearing the index pages off. You can no longer find what you need easily , but the actual content (ie the data) is still there.

In order to remove the data itself you need to overwrite it byte-by-byte. It may no longer be necessary to use multiple passes ala shred , but you still need at least one pass, hence the low performance.

Keep in mind that if an SD Card is using any form of wear leveling , then overwriting the data does not actually guarantee its removal from the physical medium - a determined (and well-equiped) attacker might still be able to recover some data. The use of journaling filesystems (rather improbable on an SD card used with Android, but still...) may also cause similar issues.

Encryption is not really a solution, unless it is transparently performed by the OS or the application that creates the files. Encrypting a file after the fact would still require that the same amount of data is written and, unless it is performed in-place, would also leave you with the problem of securely deleting the original file. In addition, your applications would be unable to access the file until it is decrypted.

As for "breaking" the files, the effectiveness of the technique depends heavily on the specifics of the files in question. Video files, for example, can often be viewed on a decent player (eg VLC) even if significant parts of the file are corrupt. There is no generic technique that can render a file useless without overwriting it completely, especially against an attacker with specialized forensic tools. Destroying the files by eg overwriting just their headers only offers a false sense of security.

If I were you, I'd stick with what works and just keep overwriting the whole file...

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Android-Wipe out SD card programmatically How to wipe sd card in rooted android lollipop? how to write data in SD Card How to write SD card data in Lollipop? How to access specific raw data on SD card? How to read xml data on sd card? How to fill out the SD card using adb push How can i find out if my app is installed on SD card How to find out if an App has been moved to SD card on Android How to find Path of Internal Phone Storage, Personal Data, Internal SD Card, External SD Card and Memory Size?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM