Android"s factory reset feature has been found to be ineffective in clearing out user information and data.
A research paper titled "Security Analysis of Android Factory Resets" from researchers at the Cambridge University has revealed some interesting and somewhat shocking piece of information regarding privacy on Android devices.
The factory reset feature, which is assumed to be the final step before selling off an old device, has been found to be flawed by the researchers who tested it on 21 devices from five manufacturers. The devices used for the research were rather old and ran builds of Android lower than version 4.4 but the researchers are confident that these issues might still persist in the newer versions of the OS.
According to the research paper, the devices that were tested retained data SMS data, emails, contacts, authorized accounts and information from various apps such as Facebook and WhatsApp. Digging deep into retained data, the researchers were able to obtain Google"s master token used for authenticating apps such as Calendar and Contacts on the device, as well.
It is said that the drivers required for completely wiping the device might not be included by the manufacturers, who generally tend to customize the standard functioning of the operating system, making it not just Google"s problem.
The researchers have recommended that users who wish to offload their old phones should use encryption prior to factory reset, fill up the partitions with junk data or simply destroy the device if there is still any doubt in the mind of the user.
Source: Cambridge University via Ars Technica