However according to researchers at Cambridge University (via BGR), it turns out that factory resetting your phone does not completely wipe its data, and that hackers or computer experts who know what they’re doing can still retrieve some of the data that’s left behind.
According to a report from ITNews, “[Researchers] found the file storing decryption keys on devices was not erased during the factory reset. With access to that file, an attacker could recover the “crypto footer” to brute-force the user’s PIN offline and decrypt the device.”
The researchers claim that they were able to access data that was supposed to be deleted, such as photos, videos, text messages, and in some instances even Google authentication tokens, which in turn allowed them to sync up data the previous user had with Google’s services including emails.
It seems that this is an issue found on Android devices. It is unclear if this is because the flaw is found only on the Android platform, or it is because the researchers only covered Android, but either way this leaves more than 500 million phones at risk, but hopefully this is something Google will take note off and work to correct it.