Android SQLite & deleted record recovery

Question

From my reading of some android forensic articles i understand that sqlite records can be recovered but only if sqlite wasnt compiled with SQLITE_SECURE_DELETE option (override deleted content with '0') or no vacuum had been triggered (to give back to OS unalocated space) + there is also option on sqlite to do automatic vacuum.

What do you know about Android in terms of recovering deleted records? Was it compiled with this options? Opinions, links, anything is welcomed

PS. I know also about other way to delete, by marking a specific flag in row as deleted .. but data is still there.. so i am not interesting in that!

Answer 1

So i did these test but only on emulator with android 2.2 (i dont have rooted mobile)

Sent 15 SMS, deleted them all, send 5 new SMS.. conclusions:

• deleted SMS are not viewable by generic SQLite Viewers
• deleted but not overwritten SMS are still present in db file & can be viewed unaltered using hex tools (winHex) or more professional apps (Oxygen Forensic SQLite something..)
• a deleted SMS will be overwritten just by a new insert on same table (the SMS & MMS table).. meaning that inserts on other tables from the mmssms.db database will not overwrite nothing from SMS-MMS table
• SMS are overwritten in order of deletion (they are added to a 'free space stack'..and overwritten in order of adding them here or 'deletion')
• So total SMS recovery is possible (if no new SMS got received or send..since they are booth stored in same table .. same for MMS..same table)
• partial SMS recovery is not possible (full space of deleted SMS is occupied by new SMS of filled with padding, so looking with hex tools you cant find leftovers from old deleted SMS)
• conclude with: SQLITE_SECURE_DELETE option not used & vacuum() is not triggered

Gracias