19

I have just sold online my old Nexus 5 (Android Lolipop) and need to post it tomorrow morning. I would like to make sure the new owner can't access my files.

What should I do?

techraf
  • 9,141
  • 11
  • 44
  • 62
  • 1
    If its not in your hand, there's nothing more to do directly to phone stored data. You may change the account passwords if they were not removed from the phone. – Nikhil_CV Oct 04 '15 at 12:01
  • I still haven't delivered it yet. Thanks for the comment, I have updated the question. –  Oct 04 '15 at 12:03
  • 1
    Full Disk Encryption (FDE) and then Factory Reset? And enable FDE by default in the future... – SEJPM Oct 04 '15 at 12:20
  • To add you can remove an SD's zero them out to the extend you want and have the phone reformat it for the new user as well. – Shane Andrie Oct 07 '15 at 16:15
  • https://support.google.com/a/answer/173390?hl=en Follow the procedure from Google. Problem easily solved. – David- Oct 13 '15 at 16:15

4 Answers4

19

Factory resets reset your phone to a stock like state but does not remove your data, just applications. This leaves some data behind. The best way to prevent this data from being recovered is to encrypt the phone, and use wipe data/factory reset from the recovery menu. This way you don't have to download a ton of data and you can be fairly certain your things are secure.

If you're not that worried, encrypting, and data/factory reset from the recovery menu is probably enough.

EDIT: Whoops forgot to mention why the recovery mode data/factory reset. It formats the user data areas as well as the application area, and is far more thorough/secure than the one inside of the android OS and will prevent you from download junk data. It just flat out gets rid of it.

To get to the recovery console on the Nexus 5 for resetting:

  1. If your phone is on, turn it off.

  2. Press and hold the Volume Down and Volume Up buttons, and then press and hold the Power button at the same time until the phone turns on. You'll see the word "Start" with an arrow around it.

  3. Press the Volume Down button twice to highlight "Recovery."

  4. Press the Power button to start Recovery mode. You'll see an image of an Android robot with a red exclamation mark and the words "No command."

  5. While holding the Power button, press and release the Volume Up button once.

  6. Press the Volume Down button twice to highlight "wipe data/factory reset" and press the Power button to select it.

  7. Press the Volume Down button seven times to highlight "Yes - erase all user data" and press the Power button to select it.

  8. After the reset is complete, press the Power button to select the option to reboot your device.

Robert Mennell
  • 6,968
  • 1
  • 13
  • 38
  • On Android 4.1.2 the `Setup data encryption` screen has `Memory Card Encryption` and `Device Data Encryption`. Do I want both of these or just device data? If I select Memory Card I get a dialog saying "Encrypts all personal data on your device. From now on, all files saved to your memory card will be encrypted. *Existing files remain unaffected*..." – User May 22 '16 at 09:25
  • You want to do both – Robert Mennell May 22 '16 at 16:38
  • I assume by `Memory Card` it means the removable SD card. I did a wipe from the recovery menu however this did not touch any files on my sd memory card. If it doesn't wipe memory card files and existing files aren't affected by encryption then I'm not sure why you would want to select `Memory Card Encryption` as part of an erase process prior to selling the phone. Unless it means internal memory and not the SD card. – User May 23 '16 at 01:16
  • It means internal memory. A section if the memory is marked as an SD card even though it isnt. You can also find a sport in the storage marked emulated that points to that section. It means that section – Robert Mennell May 23 '16 at 01:26
9

Usually Factory Reset is probably enough for removing almost all data stored internally by the Android phone.
Menu> Settings> Privacy> Factory data reset> Erase phone storage
Un-tick backup if not necessary.

To be double sure(Extra paranoid mode):

  1. Do the Factory reset and then Menu> Settings> Security> Encrypt phone> Encrypt phone(read the description)
  2. Now download random data from internet, like images, music, files, programs etc till device memory is filled to 100%.
  3. When the phone memory is full, redo factory reset again.

A tool I found (free) is iShredder

Some related already asked questions:
how-do-i-delete-all-data-from-my-android-phone
i-have-sold-my-phone-on-ebay-what-should-i-do-before-i-send-it-off

This assumes external SD card is not transferred with the device.

Community
  • 1
Nikhil_CV
  • 856
  • 5
  • 14
3

Let's start with a TL;TR: Factory resets and data sensitization are depending on many factors and research has shown that they might fail. Your case comes down to risk assessment, answer the three questions at the end and make a decision appropriately.

Some good answers are already posted, but do not give the full picture. Unfortunately, the only real answer to give is: You can not really be sure. I am going to elaborate why.

First of all, a good read on this topic is the paper Security Analysis of Android Factory Resets by Simon and Anderson University of Cambridge. In that paper, the authors present the results of their study. Their analysis covered 21 smartphones with Android v2.3 to v4.3. Unfortunately there are smartphones that do not properly sanitize the data.

The differences between the factory reset in the settings menu and the one in the recovery boot is that the later does not sanitize external storage. No that is not really an issue for the Nexus 5 because it has no external storage. So whether you take the easy way in the menu, or the more complicated way in by booting into recovery, you will always trigger the same action!

The bad news follow now. First, there is the slight chance that the manufacturer included an error which results in a failed wipe. This is one reason why it is hard to say if your factory reset is really successful. You would need to analyze this - or find someone who already did this. Second - and this is so often forgotten, we are dealing with a flash memory media. What this means is that the storage management is far more complex than the one of a regular disk. Your memory chip has a logic that copies around your data (without your knowledge!) in order to assure longlivety of your memory chip. In general, flash memory only deletes a sector if it is marked as such, but it will never write data to the exact same location. Hence people telling to just download a huge set of data or use a secure erase tool (often named solution for laptops) are wrong. Even when you completely fill the disk space, the logic might keep some spare bytes which is used for management that can contain your data. For more on that topic, I suggest reading Reliably Erasing Data From Flash-Based Solid State Drives by Wei et. al.

Now, what can you do? First, the introduced default encryption in Android 5.0 (not mandatory) is a great solution to the second issue. Basically your data is not stored in cleartext and thus not copied around in cleartext by the memory management logic. Unfortunately, with your Nexus 5 that won't be the case.

However, in your case it all comes down to a simple risk assessment.

  • What sensitive information have you stored and how critical would it be if that could be recovered by someone?
  • How likely is your buyer to go and take your device apart in order to retrieve this sensitive information?
  • How likely is the factory reset of your Nexus 5 going to fail?

I would answer the last one with unlikely - I am not aware of anyone encountering this issue at the moment. If you consider the first one to be either a High, or a Medium and the second also a Medium, I would reconsider selling the device.

Zonk
  • 458
  • 2
  • 6
0

I don't suggest you erase your phone using factory reset as it also can't destroy the personal data completely. But some professionl data wiper tool maybe useful to you, such as iShredder or DroidErase.

maybe these guides are helpful: https://play.google.com/store/apps/details?id=com.projectstar.ishredder.android.standard&hl=en&gl=US

https://www.fonemoz.com/erase-android-phone-before-selling.html

williams45
  • 1