Next time when you sell, recycle, or, retire your Android smartphone after performing a factory reset, keep in mind that the device may still contain some you thought you destroyed. That's because researchers at Cambridge University have found that the OS' factory reset feature is flawed and doesn't work as intended.
The feature was tested on 21 smartphones (sold by five manufacturers) running Google's mobile OS version 2.3.x to 4.3, and it was found that all devices retained at least some portion of the old data, including images, videos, SMS, emails, as well as contact information stored in phone app and third-party apps like Facebook and WhatsApp.
What's worth mentioning is that the researchers were able to access this data even if the device was protected with full-disk encryption. Additionally, in majority of the cases (around 80%), they were also able to retrieve the master token which is required to access Google user data.
Based on the experiment, it was estimated that around a whopping 500 million Android phones are at risk. The complete findings are available in a research paper titled Security Analysis of Android Factory Resets (click the Source link below).