I've created a plugin that might help debug this. Among other things, it lists information available through the data API about resources (e.g. whether Joplin still thinks the resources are encrypted) and allows deleting resources permanently.
It does, however, require a Joplin 3.x pre-release to work on mobile.