We address the problem of secure data deletion on logstructured file systems. We focus on the YAFFS file system, used on Android smartphones, and on the flash translation layer (FTL), used in SD cards and USB memory sticks. We show that neither of these systems provide temporal data deletion guarantees and that deleted data remains indefinitely on these systems if the storage medium is not used after the data is marked for deletion. Moreover, the time that data remains on log-structured file systems increases with the storage medium's size. We propose two user-level solutions that achieve secure deletion: purging, which ensures that all data is deleted, and ballooning, which reduces the expected deletion latency. We show that these two solutions can be combined to guarantee the periodic, prompt secure deletion of data regardless of the storage medium's size and with acceptable wear of the memory. As these solutions require only user-level permissions, they enable the user to securely delete data even if this feature is not supported by the kernel or hardware, over which users typically do not have control. This, for example, allows mobile phone users to achieve secure deletion without violating their warranties or requiring non-trivial technical knowledge to update their firmware with a customized kernel. Our solutions empower users to ensure the secure deletion of their data without relying on the manufacturer to provide this functionality. We implement these solutions on Nexus One smartphones and show that they succeed in secure deletion. When used properly, our solutions neither prohibitively reduce the longevity of the flash memory nor noticeably reduce the device's battery lifetime.