Our smartphones are privy to some of our most important secrets. Sensitive business emails, financial details, contact information, and perhaps even a risqué photo are not things you want falling into the wrong hands. When the security firm Avast bought 20 Android smartphones from eBay, for example, it was able to recover photos, Google searches, emails, text messages, and contact details. So the next time you want to sell or discard your smartphone, make sure you’re factory resetting properly. We’re going to show you how to fully wipe your Android phone, to make sure it doesn’t have any of your personal info remaining.
Factory Reset Protection
You’ll want to start by removing Factory Reset Protection (FRP). Google introduced FRP in Android 5.0 Lollipop as an extra layer of security. It’s designed to prevent thieves from being able to steal your phone, wipe it, and then use it or sell it.
When you factory reset a phone with FRP enabled and try to set it up as a new device, you’ll be prompted to enter the username and password for the last Google account that was registered on the device. If you don’t have those details, then the phone will remain locked and you can’t gain access. Obviously, this is no good if you’re trying to sell it or give it away.
There will be slight variations depending on what Android device you’re using, but the process can be done by navigating to similar settings.
Here’s how to disable it:
- Turn off your screen lock by accessing your lock screen/biometrics settings. This includes your fingerprint scanner, pin, or pattern lock.
- The next thing you must do is remove your Google account. This can be done by accessing your account settings and tapping Remove account.
- If you’re on a Samsung device, you’ll want to remove your Samsung account as well. This can be conveniently done when you start to factory reset your phone.
Once your Google account is removed, you can proceed with the factory reset.
How does a factory reset work?
When you do a factory reset on your Android smartphone, it’s supposed to wipe it clean, but it doesn’t. It deletes the addresses of all of your data, so it no longer knows where it’s stored, but it doesn’t actually overwrite the data. That being the case, it’s possible for someone to employ off-the-shelf recovery software and get some of that data back. Let’s look at how to wipe your Android smartphone properly.
Encrypt your data
The first step is to encrypt your data. This option is built into Android and requires you to enter a PIN or password every time you turn your phone on. It means that anyone attempting to recover data from your phone after you will need a special key to decrypt it, and they won’t have the key.
- Fully charge your phone or keep it plugged into the charger while this process is running, because it can take several hours depending on how much data you have.
- The exact method for navigating this next step will differ slightly from phone to phone. It will generally be Settings > Security > Encrypt phone. But on a Samsung Galaxy, for example, you want to go to Settings > Biometrics and security > Encrypt or decrypt SD card. Note that this can only be done with a microSD card that has enough storage to hold your data.
If your phone came with Android 6.0 Marshmallow or above, it should be encrypted by default, and you can skip to the next section. If you’re unsure about which version of Android your phone is running, then take a look in Settings > About device/phone > Software info. Keep in mind that it will only be encrypted by default if Android 6.0 Marshmallow was installed out of the box.
Factory reset the phone
Make sure that you have anything you want to keep backed up before you do this because it will wipe everything. The steps are similar for most Android devices, but some manufacturers like to be different.
- On a Samsung Galaxy, go to Settings > General management > Reset > Factory data reset and then tap Reset device.
- On a Huawei phone, go to Settings > System > Reset > Factory data reset and then tap Reset Phone.
- On a Google Pixel, it’s Settings > System > Advanced > Reset options > Erase all data (factory reset) and then tap Reset phone.
Once you complete these steps, your phone will be clean. Any previously recoverable data will be encrypted and should be impossible to decrypt. According to most tech experts, it’s now safe to sell your smartphone or pass it along to someone else. For some people, though, a factory reset isn’t enough reassurance.
Overwriting with junk data
Another way to be absolutely sure that your information is gone is to overwrite the encrypted data. You can do this by loading the device up with junk data, then performing another factory reset. By encrypting and then overwriting your data, you’re making it impossible to recover the wiped information. It’s likely overkill — but if you want to go this route, it’s a simple enough process. First, you’ll load a bunch of data onto your phone — dummy data, or meaningless content like a few large videos — until the storage is full. At this point, performing another factory reset encrypts the junk data “on top” of your previous encryption.
If you want to go this route, there are apps out there that will overwrite with junk data, so you don’t have to manually. In the Play Store, you can check out Shreddit, Secure Erase with iShredder 6, and the newer AVG Cleaner.
It doesn’t matter which type of information you need to wipe from your Android; you can get this done in a few different ways. Whether you utilize factory resets, encryption, or you try out junk overwriting, you should have a device that is wiped clean.