Google Find My Device Doesn't Actually Wipe Internal/External SD Storage on TWRP

[mik1011984]

• [X] I am running an official build of TWRP, downloaded from https://twrp.me/Devices/
• [X] I am running the latest version of TWRP
• [X] I have read the FAQ (https://twrp.me/FAQ/)
• [X] I have searched for my issue and it does not already exist

Device codename: WHYRED TWRP version: twrp-3.6.0_9-0-whyred.img

WHAT STEPS WILL REPRODUCE THE PROBLEM?

Go to Google's find my device. Initiate a secure erase and confirm.

WHAT IS THE EXPECTED RESULT?

The expected result is that the entire device is wiped, including the Internal SD and ideally any external SD card present.

WHAT HAPPENS INSTEAD?

A normal wipe is performed (/data, /cache, /dalvik or art) The SD cards both internal and external are left intact. Users would expect their in my test case, everything on the internal SD/flash memory was still accessible after booting the phone up, and running through the wizard to set up the device. So this isn't secure in the least. Users pictures, media, etc would all remain accessible to a thief or other nosey individual.nformation to be completely removed from the phone on a secure & erase command issued from Google's find my phone feature, since they are likely doing this because the phone is lost or stolen, and don't want other people to be able to access their data. In my test case, everything on the internal SD/flash memory was still accessible after booting the phone up, and running through the wizard to set up the device. So this isn't secure in the least. Users pictures, media, etc would all remain accessible to a thief or other nosey individual. I wouldn't be surprised if this same thing applies to other phones as well.

The fix will be running a wipe of \data\media and the external SD after running the initial wipe, then rebooting.

[CaptainThrowback]

Add a password on boot and this will work fine.

[mik1011984]

Nope. I have a password on boot and it's actually worse that way because it won't wipe without the password to decrypt when TWRP starts up (making the feature even more useless than it is with no boot password set).

[CaptainThrowback]

Nope. I have a password on boot and it's actually worse that way because it won't wipe without the password to decrypt when TWRP starts up (making the feature even more useless than it is with no boot password set).

It should wipe when you hit the Cancel button at the decryption prompt. If it doesn't, please post logs.

[mik1011984]

I'll double check that next week post back when I get my test device back. I had to loan it out last night because my friend broke his phone. I originally tested it yesterday afternoon before I loaned it out, since I had to wipe it anyway.