In our final Android 6.0 Compatibility Definition Document post, we'll be looking at a small[-ish] clause added in the security section of the CDD. Previously, Google had not actually defined any particularly specific requirements about factory resets for Android devices. While all devices have such a function, they may differ in their efficacy and level of security post-wipe. And while we don't have any reason to believe a particular manufacturer is not already meeting these new requirements (a point I will stress), it's good to see Google is at least laying down a clear mandate on this issue going forward.
Basically, it was possible, pre-Android 6.0, for a manufacturer to merely conduct a logical wipe when doing a factory reset of a device. Without getting technical (i.e., well out of my pay grade), a logical wipe could theoretically allow unencrypted "erased" data to be retrieved from a device after a reset. Why exactly, aside from espionage or law enforcement purposes, anyone would go through this trouble isn't really the issue so much as it just isn't considered good security practice.
The Android 6.0 CDD now makes it clear that the factory reset feature on Android devices must conduct both a logical and physical erasure of all data.
9.12. Data Deletion
Devices MUST provide users with a mechanism to perform a "Factory Data Reset" that allows logical and physical deletion of all data. This MUST satisfy relevant industry standards for data deletion such as NIST SP800-88. This MUST be used for the implementation of the wipeData() API (part of the Android Device Administration API) described in section 3.9 Device Administration. Devices MAY provide a fast data wipe that conducts a logical data erase.
Basically, you need to give users a factory reset option that meets certain standards or you can't get Google Mobile Services (e.g., the Play Store). Again, there's no reason we have to specifically believe any major phone manufacturer was not doing this already, but it's now a flat requirement that they do. And so long as they offer that option, Google is allowing OEMs to include a quick logical-only wipe if they should so desire. I can't say I've ever seen that on an Android phone, though (someone is about to come in here and show me one, aren't they?).
- Android 6.0 CDD