According to identity theft researcher Robert Siciliano, Android smartphones are considerably less secure than a BlackBerry or Apple device, even after you “follow protocol” and use the built-in data wipe function.
As most Android smartphone users will know, there is an option in the settings menu to perform a factory reset. Presumably, this means that all of your personal data, customizations, and apps will be deleted from the on-board memory. However, Siciliano is saying that this data is not fully deleted. He purchased 30 smartphones for his test and he was able to access personal data from 15 of them with the assistance of a forensic expert.
His recommendation is never to sell your used Android phone, but I’m not so sure. In order to hack into half of the random phones he purchased, Siciliano had to make use of his own hacking abilities and he needed the help of a forensic expert. The random buyer on Craigslist has neither of these available to him. Even so, I think that Google should take this information to heart and provide a true “factory reset” and data wipe in an upcoming update. Or, someone can design an app (will need to be rooted of course) that wipes the data then writes zeros over the empty data, similar to desktop data security.[Source]