SOVEREIGN
← All guides/

Keeping it secure

What to Do If You Accidentally Reset Your Phone

4 min read

On a properly configured GrapheneOS device, a factory reset means your data is cryptographically destroyed. The encryption keys are wiped — and without them, the data is mathematically inaccessible to anyone, including us, and including forensic recovery tools.

This is the correct outcome. A phone that recovers from a 'accidental' wipe is a phone an attacker could also recover. But it doesn't have to be catastrophic. If you've set up the right backups, a factory reset is 30 minutes of inconvenience, not a permanent loss.

Why Data Is Unrecoverable

GrapheneOS encrypts storage with AES-256-XTS. Each user profile has unique, randomly-generated encryption keys stored encrypted with key encryption keys derived from your PIN or passphrase. A factory reset wipes these keys.

Without the keys, the raw encrypted storage is ciphertext. Forensic tools marketed for Android data recovery work by reading unencrypted data, or by cracking weak encryption. Neither applies here — the data is properly encrypted and the keys are gone. There is no recovery path.

What Triggers a Factory Reset

  • Manually initiating one: Settings → System → Reset options → Erase all data
  • Entering your duress password at the lock screen (if you've set one)
  • 20 consecutive incorrect PIN/passphrase attempts — GrapheneOS's Titan M chip enforces this automatically
  • Using the volume+power key recovery mode and selecting 'Wipe data'

What to Do After an Accidental Reset

The phone is now in factory state — GrapheneOS is still installed and working. Reinstall it from the GrapheneOS installer if you prefer a fresh OS install, but the installed OS is fine.

Go through first boot again: set your passphrase, verify Verified Boot, check for OS updates.

Then restore what you can from backups:

  • Contacts: import your .vcf backup from Proton Drive or local storage
  • Signal messages: restore from your encrypted local backup (Signal → Settings → Account → Local backup)
  • Proton apps: log back in — your emails, calendar, and files live in Proton's servers
  • Photos: restore from Proton Drive, Ente Photos, or wherever you store them
  • Apps: reinstall from Aurora Store, F-Droid, or sandboxed Play
  • Passphrase: if you wrote it down, use it — set the same passphrase or choose a new one

How to Set Up Backups Right Now

A wipe should not be catastrophic. Here's the minimum viable backup strategy for a SOVEREIGN device:

Contacts

Settings → Contacts → Export → save as .vcf to Proton Drive. Do this monthly.

Signal

Signal → Settings → Account → Local backup. Enable automatic backups. The encrypted backup file is saved to your phone's storage — copy it to Proton Drive. Signal's end-to-end encryption means Proton can't read it, but the backup password protects it regardless.

Photos and Files

Proton Drive is the default recommendation — end-to-end encrypted, no Google. Ente Photos is a strong alternative for photo-specific backups (open source, E2E encrypted). Do not use Google Photos — it sends your photos to Google.

Passwords

Proton Pass syncs to Proton's servers. Your passwords are safe even after a wipe — log back in on your restored device and all passwords return.

Frequently asked questions

Can SOVEREIGN recover my data?
No. We don't have your encryption keys and never did. We have no access to your device's data — before or after a wipe. This is a feature, not a limitation.
What if I didn't back anything up?
If there were no backups, the data is gone. Set up backups before this happens again — the guide above takes about 15 minutes to implement.
Does a factory reset affect my eSIM?
Yes. eSIM profiles are wiped in a factory reset. Contact your carrier afterwards for a replacement eSIM QR code. This is usually free and can be done via your carrier's app or website.
How do I make a triggered wipe less likely?
Know your duress password and keep it clearly distinct from your real PIN. Use a PIN with at least 8 digits that isn't a date, pattern, or something a family member could guess. The 20-attempt limit with hardware throttling means accidental triggers are nearly impossible in normal use.

Still have questions?

We answer personally — no ticket queue.

Contact us →