Our smartphones are privy to some of our most important secrets. Sensitive business emails, financial details, contact information, and perhaps even a risqué photo are not things you want falling into the wrong hands. When the security firm Avast bought 20 Android smartphones from eBay, for example, it was able to recover photos, Google searches, emails, text messages, and contact details. So the next time you want to sell or discard your smartphone, make sure you’re factory resetting properly. We’re going to show you how to fully wipe your Android phone, to make sure it doesn’t have any of your personal info remaining.
Factory Reset Protection
You’ll want to start by removing Factory Reset Protection (FRP). Google introduced FRP in Android 5.0 Lollipop as an extra layer of security. It’s designed to prevent thieves from being able to steal your phone, wipe it, and then use it or sell it.
When you factory reset a phone with FRP enabled and try to set it up as a new device, you’ll be prompted to enter the username and password for the last Google account that was registered on the device. If you don’t have those details, then the phone will remain locked and you can’t gain access. Obviously, this is no good if you’re trying to sell it or give it away.
There will be slight variation depending on what Android device you’re using but can be done by navigating to similar settings.
Here’s how to disable it:
- Turn off your screen lock by accessing your lock screen/biometrics settings. This includes your fingerprint scanner, pin, or pattern lock.
- The next thing you must do is remove your Google account. This can be done by accessing your accounts settings and tapping Remove account.
- If you’re on a Samsung device, you’ll want to remove your Samsung account as well. This can be conveniently done when you start factory resetting your phone.
Once your Google account is removed, you can proceed with the factory reset.
How does a factory reset work?
When you do a factory reset on your Android smartphone, it’s supposed to wipe it clean, but it doesn’t. It deletes the addresses of all of your data, so it no longer knows where it’s stored, but it doesn’t actually overwrite the data. That being the case, it’s possible for someone to employ off-the-shelf recovery software and get some of that data back. Let’s look at how to wipe your Android smartphone properly.
Encrypt your data
The first step is to encrypt your data. This option is built into Android, and requires you to enter a PIN or password every time you turn your phone on. It means that anyone attempting to recover data from your phone after you will need a special key to decrypt it, and they won’t have the key.
- Fully charge your phone or keep it plugged into the charger while this process is running, because it can take several hours depending on how much data you have.
- The exact method for navigating this next step will differ slightly from phone to phone. It will generally be Settings > Security > Encrypt phone. But on a Samsung Galaxy, for example, you want to go to Settings > Biometrics and security > Encrypt or decrypt SD card. Note that this can only be done with a micro SD card that has enough storage to hold your data.
If your phone came with Android 6.0 Marshmallow or above, it should be encrypted by default, and you can skip to the next section. If you’re unsure about which version of Android your phone is running, then take a look in Settings > About device/phone > Software info. Keep in mind that it will only be encrypted by default if Android 6.0 Marshmallow was installed out of the box.
Factory reset the phone
Make sure that you have anything you want to keep backed up before you do this because it will wipe everything. The steps are similar for most Android devices, but some manufacturers like to be different.
- On a Samsung Galaxy, go to Settings > General management > Reset > Factory data reset and then tap Reset device.
- On a Huawei phone, go to Settings > System > Reset > Factory data reset and then tap Reset Phone.
- On a Google Pixel, it’s Settings > System > Advanced > Reset options > Erase all data (factory reset) and then tap Reset phone.
When the process is done, your phone will be wiped and any data that could be recovered will be encrypted and should be impossible to decrypt. It’s now safe to sell your smartphone or pass it along to someone else.
Overwriting with junk data
If you want to be absolutely certain, you can overwrite the encrypted data with junk data and then perform another factory reset; then it would be genuinely impossible to recover any of your old data. This is probably overkill. If you want to do it, however, then simply load a bunch of dummy data onto your phone until the storage is full — a few large videos should do the trick — and then perform another factory reset.