This is FUD. Flash is fundamentally easier to wipe than hard disk drives. You’re just using a defective mental model for the process. While magnetic recording needs to be overwritten, flash memory does not. Flash has a dedicated erase command. Flash can only be written if it was erased. You can erase an entire flash device in a split second.
I guess it is true that you can erase an entire flash device in a split second.
But that doesn't help you if the erase command was not implemented correctly.
And I am sure that you cannot implement an erase command from within the operating system. It has to be implemented in the flash memory controller. So if your hardware manufacturer got it wrong, you can't fix it.
"Our results lead to three conclusions: First, built-in commands are effective, but manufacturers sometimes implement them incorrectly. [...]
We tested ATA commands for sanitizing an entire SSD, [...]. We find that while most implementations of the ATA commands are correct, others contain serious bugs that can, in some cases, result in all the data remaining intact on the drive."
No matter what protocol they are using to communicate, it is quite conceivable that the erase commands are not properly implemented. In fact, as the comment you're replying to pointed out, there have been many devices found historically which do not properly implement erase commands. Since you can't(*) bypass the flash controller and see what's actually in the flash, there is no way to verify whether or not the data has in fact been deleted.
Just encrypt your device. It's so damn simple.
(* Yes of course you can desolder the memory or hook up to it directly and bypass the flash controller that way, like the authors of the paper in GP, but that's far beyond the capabilities of even the average HNian)
No, I don't know how they communicate exactly. However, I imagine between the processor and flash memory proper there sits a flash memory controller (provided by the flash memory manufacturer) that speaks some protocol akin to ATA. That way manufacturers would be able to replace flash memory A by flash memory B with relative ease, because the abstraction of the protocol allows them to ignore how that specific flash memory is implemented exactly.
Is that wrong? Does the OS on smartphones generally have direct access to the flash memory proper?
Edit: I remembered another protocol that I would guess is used in smartphones for communication with the flash memory, namely UFS (which is also utilized with SD cards).
Edit 2: Note that it is irrelevant whether the protocol used is ATA, UFS, or something different.