The study reveals that about 500 million Android phones are at risk.
If you frequently buy and sell Android smartphones (or review a different one every few weeks), it's likely that you're leaving traces of personal data even if you use the phone's factory reset feature, before passing on the phone to someone else.
According to a new study titled 'Security Analysis of Android Factory Resets' by Cambridge University, Android's factory reset option does not let you get rid of all your personal data. As part of the study, researchers tested 21 smartphones made by five different device makers running Android 2.3 to 4.3.
They found that all devices retained a part of the users' old data which included sms, e-mails, pictures and videos and contact information from third party apps such as Facebook and WhatsApp.
What's more worrying was that this data was accessible even if full-disk encryption was used. Also, in most smartphones, researchers were even able to get access to the master token to access the user's Google data.
The study estimates that about 500 million Android phones are at risk.