Android – Making your data inaccessible

Want to retire your Android device? Planning to sell it?

Be aware that a factory reset on Android up to 4.4 does not wipe all your data.  The data is only marked as deleted, it can be “undeleted” by an person with the right skills and tools. Read this interesting blog from Avast.

My advice is always to use encryption on your mobile device from the start. Yes this forces you to use an annoying password on your device but it secures your data. Data that can be restored (“undeleted”) or accessed offline via other methods (rooting a stolen device) is still protected by encryption. The option to encrypt your device can be found under Settings -> Security -> Encrypt Device.

If you didn’t use encryption from the start you can still encrypt your device before the factory reset. It is important to not choose fast encryption because fast encryption encrypts only storage that is currently in use. You want to encrypt all storage, even storage that is currently marked as unused because this storage could contain data from files that have been deleted earlier.

When you perform a factory reset the encryption key will be deleted making it very difficult to recovery any useful data from the device. Data that can be recovered will still be encrypted rendering it unreadable.

New phone -> use encryption from the start.
Never used encryption -> encrypt with full encryption before the factory reset.