Arstechnica has a report that should worry you if you've sold an old Android phone. In 80% of devices tested data was left accessible on internal storage after a hard reset.
That includes both the Master Android and Google tokens, either of which would allow an attacker to access data from the associated Gmail account.
Given the level of information being stored on phones and the level to which email accounts are used to recover lost logins, that's a disturbing piece of news.
The issue affects Android phones dating back as far as the Gingerbread release of the OS and could potentially amount to half a billion devices.
Enough to put you off buying (and selling) an Android phone?