Flawed Android factory reset leaves crypto and login keys ripe for picking | Ars Technica
TLDR:
Data is easy to recover from previously used phones even after a factory reset. Even if your device was encrypted all that is needed is the encryption password to regain access even after a factory reset. A short password can be cracked in a few hours.
The big takeaway is before you sell your phone:
1) encrypt the device with a very long password (11+ characters) of letters and numbers
2) then do a factory reset
TLDR:
Data is easy to recover from previously used phones even after a factory reset. Even if your device was encrypted all that is needed is the encryption password to regain access even after a factory reset. A short password can be cracked in a few hours.
The big takeaway is before you sell your phone:
1) encrypt the device with a very long password (11+ characters) of letters and numbers
2) then do a factory reset