The problem results from multiple issues, including the inherent difficulty of fully deleting data from the flash memory used in smartphones, something due to the physical nature of such memory chips, according to the research.

Other issues include vendors’ failure to include necessary drivers or failures introduced by their modifications of Android for individual devices.

As a proof-of-concept, the researchers recovered the master token in a device and found that after reboot, it successfully re-synchronised contacts, emails and other data.

The master token, used to access Google accounts, was found to be retrievable in 80 percent of the devices that had a flawed factory reset mechanism.

Devices protected with encryption can still be accessed, because the file storing the decryption key is not erased, making it accessible to cracking, the study said.

READ ALSO:

New Superlens Can Show 'Invisible' Objects