Smartphones and Data Recovery

What happens to files I delete from a smartphone? Is there a chance to get them back after full factory reset? And when are you finally writing a data tool for my smartphone? With massive proliferation of smartphones, we are getting more and more of these questions every week. So we decided to write the definite article to (hopefully) answer most of these questions.

Smartphones and Data Recovery

Contents

  1. Smartphones Are Different
  2. iPhone Data Recovery: An Urban Legend
  3. BlackBerry Data Recovery: A Myth
  4. Android Data Recovery: We’re Getting Somewhere!
  5. Windows Phone 8 and 8.1: Half-and-Half

Smartphones Are Different

If you are using a smartphone, you may already know there are several major platforms ecosystems. Android and Apple iOS share the biggest piece of the pie, Microsoft Windows Phone competes eagerly for a place under the sun, while BlackBerry tries to survive with its BlackBerry OS.

Saying that these platforms handle deleted data differently is not saying anything. Android and iOS are literally on the opposite poles when it comes to deleting (and recovering) information. In this article, we’ll review how these vastly different platforms delete information, whether or not it can be recovered, and what exactly can be done to recover important data if you need it.

Let’s start with Apple iOS.

iPhone Data Recovery: An Urban Legend

It’s going to be short. I’ll say it outright: recovering information deleted from Apple smartphones and tablets (iPhones and iPads) is not technically possible. Even if you jailbreak it. Even in theory. Law enforcement can’t do this even if they use a $10,000 forensic kit. Apple themselves cannot do this, even if they are given the device and the passcode. If you delete a file from an Apple smartphone, it’s gone forever. If you do a factory reset, there is absolutely no way for anyone, including the FBI, to recover that information. Why is it so?

The answer lies in encryption. Starting with iOS 5, all Apple devices employ secure full-disk encryption. However, there is a trick. Each data block on the disk uses a unique decryption key. Apple implemented full-disk encryption so that it only keeps decryption keys for occupied (allocated) data blocks, and immediately discards keys for unallocated (released) data blocks that belong to deleted files. The actual (encrypted) data may still be there, but there is absolutely no possible way to decrypt it as Apple uses extremely strong encryption.

As a result, if you jailbroke your iPhone and saw that “data recovery” tool in Cydia, just be aware it’s a fake. Deleted files can’t be recovered, and any tool or service offering iPhone data recovery is a scam (we’re only talking about deleted files here; legitimate services exist that can extract the content of an iPhone including all user data except deleted files).

Apple smartphones and tablets never used SD cards, so there is no chance of taking a card out and reading its content.

However, iOS has a wonderful and truly convenient feature called “iCloud backup”. Thanks to this feature, your smartphone can automatically back up its entire content (complete with your apps and all their data, desktops, pictures, music and videos) in the cloud daily, every time you charge your iPhone at home. (Okay, a technically correct way of saying it would be “daily once your iPhone is connected to a charger, locked, and is within a proximity to a known Wi-Fi network”. In other words, every day you charge it at home.) The cloud keeps three last backup copies of all files stored in your iPhone, so you have some time to change your mind to reset your phone and restore it from the last backup. Once you do it, all files you used to have in your iPhone will be automatically restored from the backup.

There are tools on the market that can download such backups to your computer (e.g. Elcomsoft Phone Breaker); however, those are mostly used by the police and as such come with a corresponding price tag. So your best bet is saving everything from your iPhone to your computer with iTunes (you can even make a full offline backup just in case), resetting your device and recovering from iCloud. Just make sure not to “…charge your iPhone in a locked state within a proximity of a known Wi-Fi network”, or it may produce a new iCloud backup, overwriting the old copy.

BlackBerry Data Recovery: A Myth

BlackBerry smartphones were designed with one purpose in mind: to be secure. BlackBerries employed full-disk encryption from the beginning. BlackBerry smartphones generally can’t be jailbroken. Even extracting a decrypted raw image of a BlackBerry device is not technically possible at this time (a chip-off of the phone can read data from the flash chip, but all information will be encrypted securely and can’t be decrypted). However, even if someone managed to extract an image, they wouldn’t be able to decrypt it. BlackBerry security model is arguably even tighter than Apple’s, so there’s no chance of recovering deleted files from a BlackBerry smartphone (unless they were kept on an SD card, which you can take out and recover as usual).

Android Data Recovery: We’re Getting Somewhere!

As we said, Android is pretty much the opposite of iOS in many ways. First and foremost, many Android devices allow using micro SD cards as secondary storage. It’s easy to configure the phone to store pictures and videos onto an SD card instead of the main memory. If you deleted a file from an SD card, just pull that card out, insert it into a USB card reader connected to your computer, and use RS Photo Recovery for recovering pictures or RS Partition Recovery to recover all types of data from that memory card. It’s that easy.

If, however, the files you deleted were stored in the phone’s main memory, recovering them becomes more complicated. With very few exceptions, Android smartphones do not use full-disk encryption by default (you can enable it in the settings, but with the exception of Nexus devices few manufacturers set that option as default).

As a result, when you delete a file from an Android smartphone, its content may remain recoverable – at least for a while. If you manage to image your Android smartphone quickly, or have a rooted device and use a data recovery tool for rooted phones, you may be able to recover the data… or maybe not.

Let’s see what happens to information when you delete a file from an Android device.

All fairly recent Android smartphones and tablets released since Android 2.3 Gingerbread use eMMC flash for their permanent storage. Unlike “plain” flash chips, eMMC are a combination of NAND flash memory and an integrated storage controller. That storage controller is responsible for all the reading and writing, as well as for maintaining the flash chip in good health.

Without going too deep into technical details, flash memory has several unique properties. First, you can only write new data into an empty flash memory cell. In other words, flash cells must be erased before they can accept new data. Second, NAND flash memory is much slower to erase cells than to write information, which made flash manufacturers implement smart garbage collection algorithms to erase emptied cells in background while mapping an already empty cells to logical addresses that contain deleted data. Finally, flash cells have a limited number of writes they can sustain; the job of the built-in controller is leveling wear equally among flash cells (which may require moving existing information from one cell to another, erasing and reusing a memory cell that used to contain valid data).

All those smart algorithms make the recovery… tricky. What makes the recovery iffy is the fact that each eMMC module has more physical storage compared to advertised storage capacity. In other words, there are certain cells inside that don’t have logical addresses assigned to them. Those blocks are NOT accessible to any data recovery program or app. They will NOT become part of a raw image if you dump or back up its content. These areas won’t be visible even at the time of JTAG or chip-off acquisition – simply because JTAG and chip-off requests are still passed through the controller!

So once again, what happens when you delete a file? The operating system makes a change to the file system, releasing sectors that are no longer used. At the same time, the operating system will pass a “trim” command to the eMMC controller to indicate that certain logical blocks are no longer used. The eMMC controller receives that command, and assigns those blocks the “do not care” status. Until now, everything looks pretty straightforward.

The interesting part happens next. In order to ensure that the system can write new data back to the just-released physical block, the eMMC controller can remap the logical address to a different (empty) physical block! As a result, if you are the OS, you’ll ‘see’ that the sectors you’ve just released are suddenly empty – even if you know that actually emptying (erasing) in reality them takes a long time.

So where do the blocks go that contain deleted data? They are remapped to other logical addresses or (more likely) pushed out of the addressable space into the so-called overprovisioned area, where they’ll be erased in background when the microcontroller is not busy doing other things such as serving read and write requests.

If all that was a bit too technical, I can simply say that in Android (unlike Apple iOS) deleted files may be recoverable – at least for a while. Many Android phones will trim partitions during shutdown, so if you act fast you may be able to recover that deleted file after all.

What exactly is needed for Android data recovery? First and foremost, you’ll need a rooted device. Without root access, a data recovery tool won’t be able to read the phone’s storage on low enough level to be able to recover files. You’ll also need a data recovery tool for rooted devices (I can’t recommend any specific tool, but I’ve seen a few in Google Play Market). Finally, you’ll need to insert an SD card, an OGS flash drive, or just connect the device to your computer as the data recovery tool should not save files being recovered onto the same storage it’s recovering them from (or it may overwrite data that belongs to other files waiting to be recovered).

Many customers are asking if we’ll be releasing a data recovery tool for Android. We don’t plan to, and we don’t have anything in the works. The reason is simple: the market for this is extremely small. There are VERY few rooted Android devices around. Rooting the latest versions of Android is extremely difficult and rarely possible. Just get used to making regular backups of your device, activate cloud uploads for your Camera Roll, and you’ll never need a data recovery tool in the first place.

Windows Phone 8 and 8.1: Half-and-Half

Windows Phone is a relatively new smartphone OS. It’s a well-balanced system that borrowed a lot from both Android and iOS. It has many things in common with iOS (including private application data space and no residual garbage upon uninstalling an app) while offering access to shared files (e.g. music, videos or e-books that you don’t have to import into a specific app to use – with that app only). Windows Phone does not generally allow installing application from sources other than Windows Store (unless developer-unlocked).

Unlike iOS smartphones, Windows Phone devices can be developer-unlocked free of charge for installing unsigned apps. However, unlike in Android, the apps will not have administrative-level access since Windows Phone devices cannot be rooted or jailbroken.

As a result, you cannot have (or write) an app for recovering deleted files. An app like that would not work due to insufficient privileges and missing API’s to access the disk in low enough level.

Theoretically, a Windows Phone can be extracted via JTAG or chip-off acquisition. You could then run a data recovery tool such as RS Partition Recovery on extracted image. Since Windows Phone is a Windows-based OS, it uses NTFS as its file system, so standard data recovery tools would work on extracted images. Note, however, that many of the same eMMC-specific issues we discussed in the Android sections will equally apply to Windows Phone devices, making the recovery possible but not guaranteed.

Notably, many Windows Phone smartphones (with counted exceptions) support micro SD cards. Windows Phone allows not only storing music and saving photos and videos onto SD cards, but fully supports installing apps on SD cards. As a result, and especially if you are using an entry-level device with limited main storage capacity, you may simply take the SD card out, connect it to your computer via a card reader and recover deleted files from the SD card. You can use RS Photo Recovery for recovering pictures or RS File Recovery to recover all types of data.

Frequently Asked Questions

Yes, data can often be recovered from a damaged or broken smartphone. There are specialized data recovery services and software available that can retrieve data from a variety of smartphone issues, such as water damage, screen damage, or hardware failure. However, the success of data recovery depends on the extent of the damage and the specific circumstances of the situation. It is recommended to consult a professional data recovery service for the best chance of recovering data from a damaged smartphone.
The common causes of data loss on smartphones include accidental deletion, software or system updates, physical damage to the device, water damage, malware or virus attacks, factory resets, and hardware failures. Other factors such as battery failure, software glitches, and syncing errors can also contribute to data loss on smartphones. It is important to regularly back up data and take necessary precautions to prevent data loss.
Yes, it is possible to recover deleted photos or messages from a smartphone. There are various methods and software available that can help retrieve deleted data. However, the success of recovery depends on factors such as the type of smartphone, the length of time since the data was deleted, and whether the data has been overwritten. It is recommended to act quickly and seek professional assistance if needed.
To prevent data loss on your smartphone and ensure data backup, you can follow these steps: 1. Regularly backup your data to a cloud storage service like Google Drive or iCloud. 2. Enable automatic backup settings on your device to ensure regular backups. 3. Use a reliable data backup app or software that allows you to backup and restore your data easily. 4. Keep your device's software and apps up to date to avoid any compatibility issues. 5. Avoid downloading suspicious apps or files that may contain malware or viruses. 6. Consider using a password or biometric authentication to protect your device from unauthorized access.
Updated:
4.94/120
Den Broosen

Written by Den Broosen

Author and site editor for RecoverySoftware. In his articles, he shares his experience of data recovery on a PC and the safe storage of information on hard drives and RAID arrays.
Adam Bean

Approved by Adam Bean

Adam is site editor. He carries more than 12 years of expertise in digital forensics and data recovery. He also continues to research and share the most recent developments in the fields of data recovery and secure storage.

Comments (2)

  1. hard disk data recovery says:
    02/03/2020 at 15:03

    I think the admin of this web site is actually working hard in favor of his web page, as here every material is quality based
    material.

  2. Sam says:
    03/16/2020 at 19:25

    Hi there I’ve read your post and I’ve done my own research and I have found countless Mobile forensics companies that can recover permanently deleted iPhone photos.
    The say that the data there that has not been over written is not encrypted at all and always recover permanently deleted photos from iPhones that data may not show on your phone any more and storage will say there is space there but that old data is still in the allocated space until it is over written.

Leave a comment

Related Posts

Recovering Data with Read/Write Errors
Recovering Data with Read/Write Errors
If you cannot access data stored on a properly configured computer, receiving errors or having your computer freeze for several seconds (or hang up completely), you may have a problem with the hard drive (assuming you’re not having a virus, … Continue reading
Swap file in Windows 10: optimal size, how to change, move, disable or delete it?
Swap file in Windows 10: optimal size, how to change, move, disable or delete it?
Windows users have often heard about some page and swap file. In this article, we will discuss what it is, what it is used for, and how to set it up correctly.
External Drive Failed: Data Recovery from USB and Network Disks
External Drive Failed: Data Recovery from USB and Network Disks
Single-drive attached storage options such as personal clouds, USB 3.0 and SATA enclosures are becoming increasingly popular among home users and in small offices. WD, Buffalo, Shuttle, Synology, Qnap and many other manufacturers offer a wide range of sealed and … Continue reading
Recovering Data from VMWare vSphere ESXi Virtual Machines
Recovering Data from VMWare vSphere ESXi Virtual Machines
You can lose Datastore data through a user’s error or a hypervisor failure. How to recover data of a VMWare vSphere ESXi virtual machine? Below, we will try to explain what should be done in case it happened.
Online Chat with Recovery Software