I have just sold online my old Nexus 5 (Android Lolipop) and need to post it tomorrow morning. I would like to make sure the new owner can't access my files.
What should I do?
I have just sold online my old Nexus 5 (Android Lolipop) and need to post it tomorrow morning. I would like to make sure the new owner can't access my files.
What should I do?
Factory resets reset your phone to a stock like state but does not remove your data, just applications. This leaves some data behind. The best way to prevent this data from being recovered is to encrypt the phone, and use wipe data/factory reset from the recovery menu. This way you don't have to download a ton of data and you can be fairly certain your things are secure.
If you're not that worried, encrypting, and data/factory reset from the recovery menu is probably enough.
EDIT: Whoops forgot to mention why the recovery mode data/factory reset. It formats the user data areas as well as the application area, and is far more thorough/secure than the one inside of the android OS and will prevent you from download junk data. It just flat out gets rid of it.
To get to the recovery console on the Nexus 5 for resetting:
If your phone is on, turn it off.
Press and hold the Volume Down and Volume Up buttons, and then press and hold the Power button at the same time until the phone turns on. You'll see the word "Start" with an arrow around it.
Press the Volume Down button twice to highlight "Recovery."
Press the Power button to start Recovery mode. You'll see an image of an Android robot with a red exclamation mark and the words "No command."
While holding the Power button, press and release the Volume Up button once.
Press the Volume Down button twice to highlight "wipe data/factory reset" and press the Power button to select it.
Press the Volume Down button seven times to highlight "Yes - erase all user data" and press the Power button to select it.
After the reset is complete, press the Power button to select the option to reboot your device.
Usually Factory Reset
is probably enough for removing almost all data stored internally by the Android phone.
Menu> Settings> Privacy> Factory data reset> Erase phone storage
Un-tick backup if not necessary.
To be double sure(Extra paranoid mode):
Menu> Settings> Security> Encrypt phone>
Encrypt phone(read the description)
A tool I found (free) is iShredder
Some related already asked questions:
how-do-i-delete-all-data-from-my-android-phone
i-have-sold-my-phone-on-ebay-what-should-i-do-before-i-send-it-off
This assumes external SD card is not transferred with the device.
Let's start with a TL;TR: Factory resets and data sensitization are depending on many factors and research has shown that they might fail. Your case comes down to risk assessment, answer the three questions at the end and make a decision appropriately.
Some good answers are already posted, but do not give the full picture. Unfortunately, the only real answer to give is: You can not really be sure. I am going to elaborate why.
First of all, a good read on this topic is the paper Security Analysis of Android Factory Resets by Simon and Anderson University of Cambridge. In that paper, the authors present the results of their study. Their analysis covered 21 smartphones with Android v2.3 to v4.3. Unfortunately there are smartphones that do not properly sanitize the data.
The differences between the factory reset in the settings menu and the one in the recovery boot is that the later does not sanitize external storage. No that is not really an issue for the Nexus 5 because it has no external storage. So whether you take the easy way in the menu, or the more complicated way in by booting into recovery, you will always trigger the same action!
The bad news follow now. First, there is the slight chance that the manufacturer included an error which results in a failed wipe. This is one reason why it is hard to say if your factory reset is really successful. You would need to analyze this - or find someone who already did this. Second - and this is so often forgotten, we are dealing with a flash memory media. What this means is that the storage management is far more complex than the one of a regular disk. Your memory chip has a logic that copies around your data (without your knowledge!) in order to assure longlivety of your memory chip. In general, flash memory only deletes a sector if it is marked as such, but it will never write data to the exact same location. Hence people telling to just download a huge set of data or use a secure erase tool (often named solution for laptops) are wrong. Even when you completely fill the disk space, the logic might keep some spare bytes which is used for management that can contain your data. For more on that topic, I suggest reading Reliably Erasing Data From Flash-Based Solid State Drives by Wei et. al.
Now, what can you do? First, the introduced default encryption in Android 5.0 (not mandatory) is a great solution to the second issue. Basically your data is not stored in cleartext and thus not copied around in cleartext by the memory management logic. Unfortunately, with your Nexus 5 that won't be the case.
However, in your case it all comes down to a simple risk assessment.
I would answer the last one with unlikely - I am not aware of anyone encountering this issue at the moment. If you consider the first one to be either a High, or a Medium and the second also a Medium, I would reconsider selling the device.
I don't suggest you erase your phone using factory reset as it also can't destroy the personal data completely. But some professionl data wiper tool maybe useful to you, such as iShredder or DroidErase.
maybe these guides are helpful: https://play.google.com/store/apps/details?id=com.projectstar.ishredder.android.standard&hl=en&gl=US
https://www.fonemoz.com/erase-android-phone-before-selling.html