Phones have a variety of our most sensitive data, including private messages, pictures, passwords and contact info. But as many users upgrade their hardware to the newest and greatest Galaxy or Nexus, they’re often are not as careful with the device that’s on its way out as the one on its way in. When it’s time for your old Android to go either by selling or recycling it, users have relied on the “phone wipe” action. While using the “factory reset android phone” is one of the steps to wiping android phones, it’s not a complete data wipe, and is not enough.
According to a Cambridge study, the following are recoverable to hackers if you sell your android phone without a proper wipe.
- Photos and messages may still be on the hard disk, and are recoverable
- Passwords to email, social media. Google logins are recoverable after factory reset.
- App tokens act as a personal login (essentially a password) to apps for your phone., once app tokens are recovered by hackers, they can be used to login to Google accounts, Facebook, and more.
These data leaks can result in blackmail or selling the information in underground markets.
Why is factory reset for your android phone not enough?
Multiple studies have shown that this is not enough. A factory reset simply deletes the addresses of your data and tells your phone that it’s okay to write over your data, but doesn’t remove it. With recovery software, many hackers can simply recover this data from a phone purchased on Ebay or from a used phone store. To secure your personal data, you should encrypt before running a factory reset.
How to encrypt your Android data
So, should I encrypt my Android phone? The answer is yes. Encrypting your phone’s hard disk will scramble the data on it, making recovery nearly or fully impossible. Androids running 4.0 or later have the option to encrypt built in. Phones with Android 6.0 and above automatically encrypted. To encrypt your Android you’ll need to do the following:
- Plug your phone to a charger – encrypting it can take more than an hour.
- Go to Settings > Security > Encrypt phone
Factory resetting an Android
Android 5.0 & later? Read this first:
Google introduced an added layer of protection beginning with Android 5.0 called Factory Reset Protection, making it harder for thieves to reset a stolen Android. It requires the user to enter the username and password of the last Google account to access the phone. If you don’t have these credentials, you’ll need to first do the following:
- Disable the lock screen
- Remove Google accounts from the phone: Settings > Accounts > (Select account) > Remove
- Additional step for Samsung Galaxy users: full instructions to unlink your account: http://ccm.net/faq/36626-samsung-galaxy-s5-how-to-unlink-a-samsung-account
Now you’re ready to factory reset your phone, with much lower risk of compromising your data.
- Factory reset: Settings > Backup & reset > Factory data reset > Reset. This will basically wipe Android phone entirely.
Remember, you’re selling your phone, not the data that’s on it.