Bad news! Your Android data may be retrievable even after wiping it.

A Cambridge University study has revealed that user data is routinely retrievable from second-hand Android devices that have been wiped through a factory reset.

Most Android handsets offer no easily accessible way of deleting user data including access tokens, messages, images and other content, researchers said.

An estimated 500 million Android handsets are affected by the factory-reset shortcomings uncovered by researchers at the Cambridge University and they pose a problem for organisations that routinely resell such devices.

These 500 million handsets may not properly sanitise the data partition where credentials and other user data is stores, while up to 630 million handsets may not properly sanitise the internal SD card where multimedia files are generally saved.

The researchers examined 21 second-hand devices running Android versions 2.3 to 4.3 from five manufacturers that had been wiped using the operating system’s built-in factory reset feature and were able to recover data including multimedia files and login credentials from wiped phones, and many of the handsets yielded the master token used to access Google account data, such as Gmail.

The researchers were able to recover the master token in a device and found that after reboot, it successfully re-synchronised contacts, emails and other data.

The master token, used to access Google accounts, was found to be retrievable in 80 percent of the devices that had a flawed factory reset mechanism.

Actual solutions for users at the moment are currently scarce.

[Via]