A reported 500 million or more Android phones have current issues within their factory reset procedures, with Cambridge University researchers Laurent Simon and professor Ross Anderson reporting that all of your data may not be completely wiped when carrying out this operation.
These researchers were able to recover data even when full-disk encryption was switched on, reporting the ability to recall data at will after factory resets were carried out. They further discovered that the file storing decryption keys on the tested phones were not removed through a factory reset, meaning that with access to this file, a hacker is able to recover the 'crypto folder' enabling them to "brute-force the user's PIN offline and decrypt the device" as reported by IT news.
The 500 million phone number is an estimate and is coupled with an estimate of 630 million phones not properly deleting SD card data.
The testing involved 26 different Android phones running operating systems ranging from 2.3 to 4.3 and spread over 5 different manufacturers.
In this day and age of technology you should probably understand that its highly likely your data is not safe no matter what you do with it, you certainly need to be careful.