Shouldn't be a surprise
This shouldn't be news to a technology professional worth a grain of salt. All non-volatile computer storage, whether it be hard disk or flash memory, work the same way -- deleting the file doesn't make the data disappear, any more than throwing that top secret memo in your trash can makes it disappear. Or taking it home and giving it to your 3-year-old to color on.
Android's factory reset (and the factory reset for almost any device, Android or otherwise) isn't a "wipe." That's a simplistic layperson misconception. The purpose of factory reset is to reset the system software to its original state. It does this mostly by deleting files, and restoring other files from an original image or state.
Factory reset is NOT a security function. If you want a security erase, there are specific tools for that. They use repetetive, slow algorithms to specifically eradicate all remains of the data. Be sure you use one that's flash-memory-aware, though, because the automatic "cycling" of flash memory -- done to preserve it's lifetime -- can render such algorithms mostly useless.
Again, not news to any technology professional worth a grain of salt. I don't know what IW's target audience is, but if there are CTOs, CIOs, MISes, IT directors, and other technology-managing types who didn't already know this fundamental storage hardware fact, our technology infrastructure is in deep doo-doo.