Allie Coyne reported for iTnews about Android’s factory reset flaw.

Twenty-six second-hand Android phones running versions 2.3 to 4.3 of the operating system, sold by five handset makers, were tested.

The researchers found that all retained at least partial amounts of data from contacts information, images and video, SMS, email, and data from third-party apps like Facebook.

They were able to recover Google authentication tokens in all devices with flawed factory reset, and were able to access master tokens in 80 percent of cases.

To test their findings, they used one of the recovered master tokens from a reset to restore the credential file.

“After the reboot, the phone successfully re-synchronised contacts, emails, and so on,” they wrote.

“We recovered Google tokens in all devices with flawed Factory Reset, and the master token 80 percent of the time. Tokens for other apps such as Facebook can be recovered similarly. We stress that we have never attempted to use those tokens to access anyone’s account.”

Good luck, Android users.