I sold my old Oreo but I'm paranoid. I had about twenty old photos
(nothing special) and I deleted them, even from the trash. Then
factory reset.
That should be enough. As explained on security.SE:
All android 7+ devices are enrolled with File Based Encryption (FBE)
that encrypts /data partition from first boot. FBE keys are bound to
TEE [Trusted Execution Environment] and user screen lock authentication.
On factory reset, TEE clears stored keys and OS wipes the data.
At this point, even if your screen
lock password is known, it's not possible to decrypt recovered data.
Should I trust that the Android factory reset actually erases my data?
So yes, a factory reset is enough to delete everything - because the data is encrypted, and the reset throws away the key.
I know, Oreo is FBE but I still don't know if those encrypted files
remain there or are deleted via garbage collection with the use of the
phone.
The encrypted files may remain, but it does not matter, as the key is gone.
My real question is this: in 6 months will those stupid encrypted
files still be on the phone or will they have already been removed?
Will they be there forever inaccessible?
Maybe they will, but again, it does not matter.
Barring any bugs in the implementation, the data is gone forever.
One caveat would be: This does not necessarily apply to data on the external SD card. So if you have one, make sure to wipe it separately (or just take it out :-) ).
