Using the "factory reset" option to wipe Android phones may leave behind data, and also can fall short when used to remotely wipe a phone that has been lost or stolen, Cambridge University researchers say. Now that millions of people buy and sell smartphones secondhand and use them for everything from banking to dating, it’s important to able to sanitize your phone. You need to clean it when you buy it. The factory reset function of your phone could be an answer, but is seems that it doesn't work as it should.

Researchers were able to retrieve the Google master cookie from the great majority of the 21 Android phones they tested after a factory reset. The phones were running Android versions 2.3 to 4.3. A master cookie could allow anyone to log on to the previous owner’s gmail account. In most of the phones tested, data generated by apps for WhatsApp and Facebook was left behind, the researchers said. In addition, images, videos and text messages were also recoverable.

The researchers said that new phones are generally better than old ones, and Google’s own brand phones are better than the OEM offerings.

Attacks on a sold phone that could not be properly sanitized are one example of "ser-not-present" attacks. Another is when your phone is stolen. Many security software vendors offer a facility to lock or wipe your phone remotely when this happens, and it’s a standard feature with mobile antivirus products.

But still, those solutions don not always work. Antivirus software that relies on a faulty factory reset can only go so far, and there’s only so much you can do with a user process.

Google declined to comment on the findings.

However, the search firm has acknowledged that Android 3.0 brought in an improved erasing mechanism to prevent data being retrieved. Updates to the reset system have also been brought in with Android 5.1 that was released earlier this year.