Factory reset doesn't delete your data.
It marks the space as "available." The actual bits stay on the flash storage until something overwrites them. And if you're selling or trading in your phone, that means whoever gets it next might be able to recover your photos, messages, passwords, and everything else you thought was gone.
This isn't speculation. It's documented.
The Research
Three sources that should make you uncomfortable:
Blankesteijn et al. (2023) — Won Best Paper at a forensics conference for demonstrating that encrypted data remnants and unwiped partitions persist on modern Android 11 & 12 devices after factory reset.
NIST SP 800-88 Rev. 2 — The U.S. government's official media sanitization guidelines classify factory reset as insufficient for devices leaving your control. They recommend "purge" (overwriting) instead.
University of Hertfordshire (2019) — Bought 100 secondhand phones from eBay. 19% had recoverable personal data from the previous owner.
One in five. From eBay. After factory reset.
The Tool
We built Android Secure Wipe — an open-source tool that actually overwrites your phone's storage before you hand it to someone else.
What it does:
- Uses ADB to execute low-level storage overwrites after factory reset
- Writes random data across the device's storage multiple times
- Targets partitions typically missed by standard resets
- Aligns with NIST "purge" sanitization standards
Two modes:
- Quick Wipe — ~15 minutes, 3 overwrite passes
- Full Wipe — 1-2+ hours, fills entire storage capacity
Cross-platform:
- Windows (.msi)
- macOS (.dmg)
- Linux (.deb, .rpm, .AppImage)
- CLI scripts if you prefer terminal
How It Works
The process is straightforward:
- Backup your data (Google, Samsung Smart Switch, or manual ADB)
- Remove cloud accounts (Google, Samsung, etc.)
- Factory reset (destroys encryption keys on Android 6.0+)
- Enable USB debugging (Settings → Developer Options)
- Run the secure wipe (this is what actually overwrites the data)
- Final factory reset and power off
The app walks you through each step with a wizard interface. Real-time progress monitoring. You can abort a Full Wipe mid-process if you need to stop and do something else — but anything already overwritten is gone. No undo button.
Why This Matters
Phone trade-in programs are everywhere. Carriers, manufacturers, third-party services — they all want your old device. And most people just factory reset and hand it over, trusting that their data is gone.
It's not.
The refurbished phone market is massive. Your old phone might end up with someone who knows exactly how to pull data off "wiped" devices. Maybe they won't bother. Maybe they will.
The point isn't paranoia. It's that a simple 15-minute overwrite removes the risk entirely.
Honest Limitations
We're not claiming perfection. Here's what you should know:
Flash storage has wear-leveling. Some data blocks might be marked as "bad" by the controller and skipped during overwrites. This is why we do multiple passes — to increase the probability of hitting all accessible blocks.
Physical destruction is the only 100% guarantee. If you're disposing of a phone that had state secrets or blackmail material, don't trust software. Shred the thing.
This requires ADB access. You need to enable Developer Options and USB debugging. If your phone is locked and you can't access settings, this tool won't help.
For everyone else selling a personal phone? This is the right level of security aligned with what the U.S. government recommends for non-classified devices.
The Stack
Built with Rust and Tauri. MIT licensed. Fully open source.
We love the open source community, so here it is. We'll save the SaaS for the enhancements. ;)
GitHub: github.com/OnlyParams/android-secure-wipe
One Over the Goal Line
If you've read the about page, you know my GitHub is full of unfinished projects. I don't finish things — I build better ways to start the next one.
This one actually shipped. Factory reset doesn't delete your data. Now there's a tool that does.
~ OnlyParams Dev