How to Securely Wipe an Android Device – The Paranoid’s Guide

Our mobile devices are connected to all our online accounts and clouds, giving unfettered access to our lives. They are also often replaced. Since Android devices have a built-in mechanism to do a ‘Factory Reset’, many may believe that sufficient. I do not. I believe this will leave data recoverable, especially if you didn’t use device encryption from the start, and/or had used Fast Mode.

Thus, my personal procedure before returning or selling Android devices is, regardless of whether I previously used encryption, is to do a factory reset, then re-encrypt the device again, being sure not to use ‘fast mode’ so that all storage space is covered, then do another factory reset.

The steps are then, no matter where you start from (note that since the location of various settings keep changing with each Android release, I won’t even attempt to get them precisely right)…

Suggested Steps As Follows:

  1. Do a Factory Reset via the Settings / Backup and Reset menu
  2. Reboot (as it will force)
  3. Skip through new setup steps
  4. Set complex random lock screen password (or go directly to encryption)
  5. Go to Settings / Security / Encrypt device, be sure NOT to use ‘Fast Mode’
  6. It will reboot
  7. Do a Factory Reset
  8. Leave shut down

Of course, be certain to remove any SD and SIM cards. SD cards obviously need recovered. Used SIM cards won’t go far, but they can contain contact data that has been exported to them.

Then there you go. You can be reasonably confident that no part of your on-board storage can be recovered by even advanced analysis. If you are super-paranoid, rinse and repeat.