Android’s factory reset feature is supposed to wipe all the data off your device, ensuring none of your personal data is left. You should be able to sell or dispose of your device in confidence after using it.
Unfortunately, Android may not always wipe everything — and people who are determined enough may be able to recover some of your personal data afterwards. But you can ensure your personal data is completely wiped if you know what you’re doing.
Why Can Data Be Recovered?
When you delete files from any hard drive or flash drive (whether on an Android phone, computer, or elsewhere), the files aren’t actually wiped from the drive. Instead, they’re marked as deleted and hidden. The operating system will write data over those files in the future, but it leaves the deleted data lying around. Wiping the data when you don’t need to would take longer. This doesn’t apply to solid-state drives, which use TRIM to automatically wipe the bits of files you choose to delete.
You can later use specialized deleted-file-recovery or data forensics tools to scan a drive for bits of deleted files and try to recover them. This is how deleted-file-recovery tools like Recuva work on Windows.
Android’s “factory reset” feature seems to work similarly. Your device’s system files are restored to their default state, but bits of your photos, emails, and other personal data may be lurking on the device’s internal storage. This data can then be recovered with data forensics tools that examine the device’s internal storage for these bits of deleted files, as Avast! demonstrated.
If you’re selling or disposing of your phone, someone could examine its internal storage to find emails, photos, texts, and other personal data stored on it.
The Solution: Encrypt Then Wipe
The iOS operating system on Apple iPhones and iPads has to deal with a similar problem. To ensure a user’s data can be quickly and completely wiped when the device is factory reset, it has a trick up its sleeve. All data on the device is encrypted by default using the hardware encryption feature. When you choose to set up encryption, the device is protected with your own encryption key. Even if you never set up encryption, the files are stored on the device in encrypted form so any bits of deleted files appear as random gibberish on the device’s storage after it’s reset. The data can’t be recovered.
Android won’t automatically do this for you, but you can do it for yourself. To do this, just encrypt your device’s storage before you perform a factory reset. Open the Settings app, tap Security, and tap Encrypt phone or Encrypt tablet to encrypt your device. This will take an hour or more, depending on how much data your device has on it. Afterwards, open the Settings app, tap Backup & reset, and tap Factory data reset to wipe the device normally. The device will be wiped. Any bits of leftover files will be encrypted, so they’ll appear as random gibberish and their data can’t be recovered.
If your device’s storage is already encrypted, you can just factory reset it.
This process takes a bit longer, but it’s pretty easy to remember. Be sure to do this before you get rid of Android smartphones and tablets in the future.
Some websites recommend you attempt to fill up the device’s storage with fake data afterwards, and then encrypt and wipe it again — but this is a bit silly. It shouldn’t be necessary at all — all you need is one sweep of encryption and a wipe.
Other Data-Wiping Tools
Avast! called attention to this because they sell a product that can fix the problem for you. Avast!’s anti-theft app has the ability to perform a “thorough wipe” of an Android device, which is an alternative factory reset that ensures your files can’t be recovered.
We like Avast!’s Android security tools — their anti-theft is a great product that can even use root access to hide itself in the system partition so it can survive factory resets — but it just isn’t necessary here. Rather than using their anti-theft tool, you can perform a safe reset using the encryption and factory-reset features found in Android itself. You don’t need any additional software for this, whether it’s Avast! or any other anti-theft app.
This is a problem with Android, but it can be easily bypassed by encrypting your device’s storage before wiping it. Google will hopefully fix the problem in the future by making Android’s factory reset feature more comprehensive.
Until then, just remember: encrypt and then reset.