Advanced data extraction (Android)
MOBILedit Forensic includes an Advanced Data Extraction feature designed to retrieve data from sandboxed Android applications—without the risk of losing user data. This feature utilizes one or both of two known CVEs (Common Vulnerabilities and Exposures) to bypass app sandboxing protections. The effectiveness of each method depends on the Android version and the device's security patch level (SPL).
Exploit Methods Used
Method 1 – Supports Android 9 through 15 with a security patch level lower than June 2024.
Method 2 – Supports Android 12 and 13 with a security patch level lower than October 2024.
During the extraction process, both methods are automatically attempted based on the device's specifications to maximize success.
How to Use Advanced Data Extraction
There are two ways to activate this feature:
Logical Extraction > Full Content
Select the checkbox for Advanced Data Extraction.
This will attempt to extract data from all supported sandboxed apps automatically.
Logical Extraction > Specific Selection > Applications
Tick the checkbox for Advanced Data Extraction.
Choose “Let me choose” (radio button) to manually select which apps to target.
This provides greater control and is useful when focusing on specific apps only.
Execution Details and Prompts
A pop-up reminder informs you that the device may restart, or our Forensic connector application may be installed on the device. You will need to confirm to continue. This warning is shown again during the extraction because if the device restarts and you do not know the PIN, you will be locked out.
Once extraction begins, you will be prompted to enter the device’s screen lock password. This is required because the device may restart multiple times, and the screen lock password is used to decrypt the app data.
You will be notified that the device has disconnected, and it will reconnect automatically.
During the extraction process, the Summary_full report will indicate which method (1 or 2) was successfully used to extract the data.