Whether you are sending your phone in for repairs or finally selling it to upgrade to a new flagship, you are going to need to make sure all of your personal data is removed from your device.
Deleting your messages and pictures manually is a good to protect yourself from average users, but in the hands of someone with the right set of skills, they are all easily recoverable. While there is no definite way to securely and permanently remove all of your data other than throwing the thing in a microwave (don't do that!), there are some measures you can take to make sure a majority of your data is wiped clean from your device.
How you go about doing this depends on if you have a stock or rooted Android. If you have a stock device, you can simply encrypt it, then erase your data through your Settings app. But if you have a rooted device with TWRP loaded as your recovery image, then you can use its Wipe menu to factory reset your Android. Both methods provide the same level of protection from intruders, so stick with whatever process is easier for you.
If you are doing this just to send your device in for repairs and plan on using it again once it is returned to you, then you may consider creating a nandroid to return your rooted device back to its current settings, but if you are going to switch devices, you can simply use ADB to back up your data.
Keep in mind that ADB backups can be restored to any device no matter if it's rooted or stock.
Before getting started with the wipe, you'll need to encrypt the data on your Android device. Unlike a normal lock screen which only prevents people from accessing your device through USB, encryption works by scrambling your data and locking it using a special cryptographic key. That means all data on your phone and anything created afterwards will require that key in order to be opened, which is great if someone was trying to copy all of your data onto their computer.
Starting the encryption process requires three things:
- A lock screen password (can be enabled in Security settings)
- A charged battery
- The device must be plugged into a charger
With those out of the way, you can device-encryption by going to Settings -> Security where you'll see the option to "Encrypt phone." After starting the encryption process, do not try to stop it because doing so will cause some or all of your data to be lost. Once completed (about a hour or so), your Android will reboot and you will prompted for your password in order to begin using your device.
With all of the data on your device using an encryption key, there is even less of a chance someone would be able to access it even after recovering it from its wiped state, so all that is left to do is to actually wipe all of your data.
To wipe your stock Android device, head to the "Backup & reset" section of your Settings app and tap the option to for "Factory Data Reset."
The wiping process will take some time, but once it's finished, your Android will reboot and you will see the same welcome screen you saw the first time you booted it up. All that is left to do is power it down and get it ready to be shipped off or sold.
Keep in mind the stock user wipe procedure will work for rooted devices as well, but if you'd rather use TWRP to perform the wipe, that will also work.
After booting into TWRP by pressing and holding the Power and Volume Down buttons for ~15 seconds, head to the Wipe menu.
From there, tap Advanced Wipe and select Cache, Dalvik Cache, Data, and Internal Storage. If the person you are selling the Android to requested a new ROM to be flashed on the device prior to the sale, then you will also need to select System before you Slide to Wipe. Once the wipe completes and after you've flashed a new ROM, if necessary, power off your device and it will be ready to go.
The above steps can be done on any Android to return them to stock settings, but if you'd rather be sure that your device is indistinguishable from a brand new phone, you may want to check one of our device specific guides:
These precautions should prevent the average user from recovering your wiped data, but if you really want to stop even the most tech-savvy hacker, your best bet is to keep your device and repurpose it to something like a media center for your living room.