If you’re planning to sell or give away an old Android phone, be aware that a factory reset isn’t enough to safely wipe your data.
Security firm Avast reports that it’s possible to recover data from factory-wiped Android phones with the help of widely-available digital forensics tools. According to CNET, the firm purchased 20 Android phones on eBay and used various data extraction methods to recover e-mails, text messages and photos–including hundreds of nude male selfies.
“Although at first glance the phones appeared thoroughly erased, we were able to recover a lot of private data,” Avast wrote in its report.
Of course, Avast would like Android users to install the company’s security software, which is capable of performing a more thorough data wipe. But that’s not really necessary. As CNET points out, you can easily protect your data with Android’s built-in encryption tools just before getting rid of your phone.
To turn on encryption, go to Settings > Security and select “Encrypt phone.” Plug in the phone and set it aside, as the encryption can take an hour or longer. Once it’s finished, factory reset the phone like you normally would.
While this process won’t completely erase everything, it essentially locks up any data remnants and throws away the key, making it significantly harder for someone to recover sensitive information. You can also perform additional factory resets for added layers of protection, though this shouldn’t be necessary for most users.
The problem is that most people won’t know to take this extra step. The obvious fix would be to include a “thoroughly wipe phone” option at the time of the reset, so hopefully this is something Google will consider for future versions of Android.