Anyone selling, donating, or recycling a smartphone in 2026 faces a simple but high-stakes question: is a factory reset enough to stop someone from pulling personal data off the old device? The answer, according to federal sanitization standards and peer-reviewed forensic research, is that a standard reset alone often falls short. Devices that pair encryption-key destruction with a full erase offer far stronger protection against laboratory-grade recovery attempts, yet most consumers never take that extra step.
Why cryptographic erase outperforms a basic factory reset
A factory reset tells a phone to mark its storage as empty, but the underlying data can linger in certain partitions. Peer-reviewed forensic work published in recent empirical smartphone research found that artifacts can persist after a reset on modern Android devices, with results varying across OS versions and storage partitions. The finding confirms that “factory reset” is not a single, uniform guarantee of data destruction.
The gap between what consumers assume and what actually happens on the chip matters because smartphones now hold banking credentials, health records, two-factor authentication tokens, and years of private messages. When a device changes hands, any recoverable fragment becomes a potential identity-theft vector. The risk is not theoretical: forensic labs and data-recovery firms routinely attempt extraction from secondhand devices, and regulated organizations such as the IRS explicitly plan for “laboratory attack” threat scenarios in their own media-disposal rules.
The core technical hypothesis is straightforward. A phone that first encrypts all user data with file-based encryption and then destroys the encryption keys during an erase should resist recovery at higher rates than a phone that simply receives a standard factory reset. Storage age and prior usage volume should not change the outcome, because the security depends on key destruction rather than on overwriting every byte. Apple states this directly: its on-device erase process obliterates encryption keys in effaceable storage, rendering user data “cryptographically inaccessible.” Android’s file-based encryption follows a parallel design, with key destruction central to making stored data unreadable after a reset, according to the Android Open Source Project’s file-based encryption documentation.
Federal standards and vendor mechanisms behind secure phone erasure
The federal benchmark for media sanitization is NIST SP 800-88 Revision 2, which carries DOI 10.6028/NIST.SP.800-88r2 and holds a status of Final according to the NIST Computer Security Resource Center. That document defines three tiers of sanitization: Clear, Purge, and Destroy. For flash-based storage in smartphones, cryptographic erase falls under the Purge category, which targets data that should be infeasible to recover even with state-of-the-art laboratory tools.
These guidelines sit within a broader federal effort to raise cybersecurity skills and awareness, including initiatives coordinated by the National Initiative for Cybersecurity Education. While NICE focuses on workforce capabilities rather than specific phone features, the same threat models-adversaries with advanced tools and expertise-inform how agencies think about disposing of sensitive digital media.
The IRS applies similar principles when disposing of devices that held taxpayer information. Its media-sanitization guidance, which references NIST SP 800-88, defines laboratory attack threat scenarios, meaning the agency assumes an adversary with specialized equipment and significant time. For the average consumer, the practical takeaway is that if a federal tax agency considers a basic wipe insufficient for sensitive data, individual phone owners should treat their own devices with at least comparable caution.
On iPhones running modern iOS, the “Erase All Content and Settings” function triggers the cryptographic-key destruction Apple describes. The process is fast because the phone does not need to overwrite every storage block; it simply discards the keys that made the encrypted data readable. Android devices running file-based encryption handle the reset similarly. The operating system destroys or rotates the per-file and per-profile keys tied to user data, leaving behind ciphertext that is effectively random noise without the corresponding keys.
For anyone about to wipe a phone, the sequence matters. First, confirm that full-device encryption is active. On most Android phones sold after 2016, file-based encryption is enabled by default, but older or budget devices may still use partial encryption or none at all. If encryption is off, enable it before performing the reset; this ensures that when keys are destroyed, all user data is actually protected by those keys. On iPhones, hardware-backed encryption has been standard for years, so the erase command alone handles key destruction.
Second, use the built-in erase function rather than a third-party app. The operating system’s own reset triggers the secure key-disposal routine that third-party tools cannot reliably replicate, especially when they lack low-level access to hardware-backed keystores. Third, remove SIM and microSD cards separately, because the factory reset does not always clear external storage and may not touch data cached by the carrier on the SIM.
Gaps in testing and what phone owners should watch next
The strongest limitation in the current evidence is the absence of large-scale, independent laboratory testing on the newest devices. Published forensic studies have examined Android partitions and demonstrated that artifacts can survive a standard reset, but no publicly available peer-reviewed dataset covers post-2022 smartphones under controlled laboratory attack conditions using NIST Purge-level techniques. Apple’s and Google’s own documentation describes the architecture of key destruction, yet those descriptions are not a substitute for third-party verification across multiple hardware generations and vendors.
Another unresolved question is how consistently manufacturers implement encryption and erase routines on lower-cost hardware. While flagship devices from major brands generally ship with encryption enabled by default, budget phones may rely on older chipsets, inconsistent firmware, or vendor-modified Android builds. Each of these factors can alter how keys are stored and destroyed, and thus how resistant a “wiped” phone really is to forensic recovery. Without transparent, standardized testing, consumers must largely trust vendor claims.
Regulators and standards bodies are beginning to grapple with this gap. NIST SP 800-88 already offers a framework for classifying sanitization strength, but it does not certify individual devices. In practice, that leaves organizations and consumers to interpret the guidance and map it onto specific phones and operating-system versions. Future policy discussions could push for clearer labeling-such as indicating whether a device supports cryptographic purge that aligns with Purge-level expectations-or for voluntary testing programs that publish erase-resilience scores.
In the meantime, individual users can tilt the odds in their favor. Enabling full-device encryption, keeping operating systems up to date, and performing an on-device erase immediately before handing over a phone all reduce the window of opportunity for data extraction. For highly sensitive use cases-such as activists operating under repressive regimes or professionals handling regulated data-additional layers, including remote-wipe capabilities and careful management of cloud backups, can further limit exposure if a device is lost or seized.
Ultimately, the emerging consensus from standards documents, vendor architectures, and forensic casework is that cryptographic erase is not a luxury feature but the new baseline for safe smartphone disposal. A simple factory reset that fails to pair with reliable key destruction leaves too much to chance, especially as attackers gain access to more sophisticated recovery tools. Until independent testing catches up with the latest hardware, the safest course for phone owners is to assume that only devices with robust encryption and documented key-erasure mechanisms can truly let their old data go.
More from Morning Overview
*This article was researched with the help of AI, with human editors creating the final content.
