Sorry about the delay…
I reached out to one of our R&D guys for a better response to your question Aaron. He has far greater expertise than I, and here is his response/thoughts:
“Comes down to what is meant by “wipe”. Let’s go back to basics. If you have an old hard drive and you dispose of it, you might format it before you recycle it…just in case. However, basic formatting does nothing other than tell the file system that all the files are gone. With some undelete software you can recover everything. So let’s say you perform a full format, writing data to all parts of the disc. That procedure is better, but if you cracked open the hard drive and performed a forensic recovery using dedicated hardware, you can get back the data which has been overwritten.
To try and thwart that technique there’s software you can buy which will write to every area of a hard drive three times, making recovery of old data much harder. That background gives you the basis for paranoia when it comes to data on mobile devices.
Now, a Smartphone uses flash and flash doesn’t work like a hard drive. Flash also has an “interesting” characteristic, which means that every memory location has an expected lifetime for the number of writes which can be performed to it. To stop the flash failing, there is an algorithm which spreads the data over the flash evenly to prevent wear out. Your data is spread all over the flash chips and some clever logic coverts it into a readable format that looks like a hard drive file system. Now you want to do a “wipe”. Well, deleting all the files has a few problems:
1. If every delete of a file resulting in lots of writes it would wear the flash unnecessarily.
2. Many devices, such as an iPhone, only let a program you load write to its own space. For example, a calendar app can only write to files for itself, not other apps or data.
So, we stick a client on there which does a “remote wipe”. Well, in fact, on iPhone, you can’t do it. Apple says you can ask the OS to return to factory or you can delete just the files associated with your own app.
If somebody were to then do a “forensic” recovery by reading every memory location on the flash, then yes, they could conceivably recover the files on there. Coming back to the question – whether there’s software to do a full write to every location to permanently remove data. Honestly, I don’t see how that could be done well.
My advice would be simple. If you have a device with very sensitive data on it, then that data needs to be inside of an application which, by its very nature, encrypts the data. That way even if the data is recovered, it’s useless.”
Hope that helps!