An answer (Data deleted after encryption - recoverable?) came to conclusions, which triggered some questions for me.
Link to the paper: https://www.cl.cam.ac.uk/~rja14/Papers/fr_most15.pdf
Cambridge University researchers tested a range of Android devices running Android and found that in all cases they were able to recover account tokens – which are used to authenticate the 1st time you enter a password (Google, Facebook and WhatsApp). In 80% of cases, they were able to recover the master token, which practically is the main key to the device. Once the master token is recovered, the user’s credential file can be restored and all your data re-synced to the device: that means e-mails, cloud-stored photos, contacts and calendars. So you just offered access to everything!
Is the Master Token the Master Encryption Key used for encrypting the storage when writing data? I don't quite understand this explanation, but I don't think so (?).
Devices with built-in encryption are not safe from such a problem because they don't provide the required software to fully correctly wipe flash storage.
The paper only discusses Android 2.3 - 4.3 (which are 6 - 9 years old by now).
"Android L (Android 5) is expected to include hardware protection for disk encryption keys, as well as hardware acceleration for encrypted disk access." (https://nelenkov.blogspot.com/2014/10/revisiting-android-disk-encryption.html)
The paper doesn't take that into account I suppose?
Isn't the key stored in the TEE by now, which includes a hardware-backed key storage?
...after reset, fill the device with useless data to overwrite anything sensitive like the tokens and crypto keys left in flash storage and you should do it without re-registering with Google. You can do this fill by copying something or just by recording a video for as long as you can, at the highest possible resolution, until all your available space is full.
Overwriting doesn't work that way on flash storage, I thought (because of wear leveling)?
