The factory reset option on Android has been found to be inadequate in removing user data. A research paper entitled “Security Analysis of Android Factory Resets” by researchers at Cambridge revealed shocking information in regards to Android privacy.
The researchers tested devices from five different manufacturers. After factory resetting them, it was ascertained that the devices retained SMS data, contacts, email, Facebook and Whatsapp information. After conducting deep testing of the data stored, researchers were able to retrieve the Google Master token utilized to validate apps such as Calendar and Contacts. They were reasonably confident that the flaw could be replicated in the latest version i.e 5.0 Lollipop.
Furthermore, researchers suggested that the device should be encrypted prior to selling it. If the user still has doubts, it was recommended that the device be physically destroyed.
