Physical Access Required,
Mobile Phone / Hand-held Device
Loss of Confidentiality
Android contains a flaw that is triggered when the built in factory reset feature fails to properly remove all information from the system, when ran from either the recovery console or inside. This may allow a physically present attacker to gain access to potentially sensitive information from a locked device, by first performing a factory reset and then recovering the information.
According to the researcher upgrading to Honeycomb (3.x) or Ice Cream Sandwich (4.x) or higher, will correct this vulnerability. An upgrade is required as there are no known workarounds.