The factory reset (or factory reset) of Android has been found to be ineffective in completely deleting user data and information.
A research paper entitled “Security Analysis of Android Factory Resets"(PDF) by researchers at the University of Cambridge revealed some very interesting information regarding privacy on Android devices.
The factory reset feature, which is supposed to be the last step before selling an old device, was found to fail in the 21 test conducted by researchers from five different manufacturers.
The devices used for the research were rather old and ran versions of Android below version 4.4, but the researchers are confident that the issues security that they discovered are still present in newer versions of the operating system.
According to the research paper, the devices tested after the reset kept data SMS, e-mails, contacts, authorized accounts and information from various applications such as Facebook and WhatsApp.
By digging deeper, the researchers were able to retrieve Google's master token used to authenticate applications such as calendar and device contacts.
The researchers report that the drivers required to completely erase the device's data may not have been installed by manufacturers, who generally tend to customize only the necessary (for them) operating system functions, implying that it is not only problem of Google.
Researchers suggest users who want to get rid of old data to encrypt them before using factory reset.