As a test, Avast purchased 20 used and supposedly wiped Android phones and discovered that it was able to recover vast amounts of personal user data. My colleague Brian Fagioli wrote about this earlier in the week.
Google responded to the news, stating: "This research looks to be based on old devices and versions (pre-Android 3.0) and does not reflect the security protections in Android versions that are used by the vast majority of users". It went on to offer users advice on how to make sure that you aren’t also gifting your personal data to buyers when selling an old mobile phone.
Google says would-be sellers should "enable encryption on your device and apply a factory reset beforehand; this has been available on Android for over three years".
Simply performing a factory reset on its own won’t prevent your data from being recovered.
What you need to do is go into Settings > Security and select Encrypt device. Anyone who tries to access your data will need to enter a password. With that done, you can then use the factory reset option to wipe the device and return it to its default settings.
Alternatively, there are several Android apps available that can securely erase your data and prevent recovery.
Secure Deletion for Android (£1.70) forces your Android phone to overwrite sections of storage so the data kept there cannot be recovered.
Nuke My Device (£0.61) deletes everything on your internal SD card, then writes encrypted data to the entire partition, before wiping that data.
Avast Anti-Theft offers an option to wipe memory to keep your private data safe.
Secure Erase with iShredder 3 will wipe and securely erase the free space of your device.
iOS users can go to Settings > General > Reset > Erase all Content and Settings. iShredder 3 used to offer users a secure way of fully wiping an iOS device, but Apple has since removed this from the App Store.
For more on this topic, check out: You are your phone: Why smartphone security is of paramount importance.