Recently, the use of Android OS-based smartphones, wearable devices and IoT(Internet of Things) devices are rapidly increasing. The IoT devices generate various data in the process of providing convenience to users and store them in the cloud and devices. Since the stored data includes user personal information, it is exposed to threats such as information leakage, and there are cases in which personal information was leaked by recovering data deleted from an actual used Android smartphone. However, previous studies focus on data extraction, and studies from the perspective of personal information protection such as data management and permanent deletion are insufficient.
Therefore, this paper analyzes the change in filesystem metadata before and after file deletion for permanent deletion on the Android Platform, and derive the recoverability through traces remaining after file deletion. This shows the possibility of personal information leakage if files are not permanently deleted from smartphone using the Android Platform. After, we proposed a method of deleting the Journal Area of the filesystem for permanent deletion of user personal information, and a method of deleting both the unallocated Area and the Journal Area of the filesystem. The proposed method was verified on Samsung Galaxy S9 + (Android 9, 64GB) and PC Ubuntu 16.04 LTS environment.