The default data wipe tool in Android may not be enough to permanently eliminate personal data on your old device.
A study from security software vendor Avast has suggested that the factory reset option built into the Android operating system isn’t effective in eradicating your personal data from old devices. The firm purchased 20 used Android smartphones on eBay and was able to recover more than 40,000 photos, 750 emails and text messages, and 250 contacts, along with the identities of four of the previous device owners, and even a completed loan application. To make matters worse, Avast employees were using readily available data recovery software to get the job done.
While Avast and other companies like it offer data deletion tools, there are other steps you can take to securing your personal data when performing a factory reset.
Step one: Encrypting
I recommend encrypting your device before you are getting ready to wipe it. The encryption process will scramble the data on your device and, even if the wipe doesn’t fully delete the data, a special key will be required to unscramble it.
To encrypt your device on stock Android, enter settings, click on Security, and select Encrypt phone. The feature may be located under different options on other devices.
Step two: Perform a factory reset
The next thing you will want to do is perform a factory reset. This can be done on stock Android by selecting Factory data reset in the Backup & reset option in the settings menu. You should be aware that this will erase all of the data on your phone and that you should backup anything you don’t want to lose.
Step three: Load dummy data
Following step one and two should be enough for most people, but there’s an extra step you can take to add another layer of protection when erasing your personal data. Try loading fake photos and contacts on your device. Why you ask? We will address that in the next step.
Step four: Perform another factory reset
You should now perform another factory reset, thus erasing the dummy content you loaded onto the device. This will make it even harder for someone to locate your data because it will be buried below the dummy content.
Still feeling a little paranoid? Repeat steps three and four as many times as you like. As I mentioned above, though, for most people simply following steps one and two should be enough. Without the encryption pin, which is overwritten in the initial factory reset, it will be almost impossible to unscramble your data.
Then again, you could always take a hammer to your phone or toss it in the toilet. You know, if you aren’t interested in selling it.