What’s the last thing on your phone you’d want a stranger to see? Your text messages? Contacts? Photos? If you want to keep those things private, you need to wipe your phone properly before selling it.
With new iPhones already available from Apple, and new Android hardware expected next month from Google, you might be seriously considering a phone upgrade. And to offset the cost, you might also be looking into reselling your old phone.
As with many security challenges in the smartphone world, iPhones tend to be easier to wipe than the rest.
“I would erase my phone (with the built-in reset function) and put it on eBay tomorrow,” says Jonathan Zdziarski, an iPhone and Mac forensics expert. “Apple’s got a lot of stuff they’re not good at, like headphone jacks, but on encryption, they have some of the brightest minds.”
Wiping an iPhone or iPad is much easier than wiping an Android, confirms Collin Mulliner, mobile-phone security researcher and a co-author of the Android Hacker’s Handbook. “On the iPhone, if you press wipe, it’s good enough,” he says.
Although mobile devices are generally easier to wipe today than in years past, many types often retain far more user data, post-wipe, than users expect. Here’s what you need to do before selling your old hardware.
Back up your iPhone or iPad
You can back up your iOS device either wirelessly or directly to your computer. If you prefer to do it wirelessly, connect to a Wi-Fi network to reduce your mobile data usage. Tap Settings, then iCloud. Choose Backup, and make sure that iCloud Backup is turned on. Then select Back Up Now.
To ensure that the backup is complete, go to Settings, iCloud, Storage, Manage Storage, and then choose your device.
To directly back up an iOS device to your computer, connect via USB to your computer, and open iTunes. Select the phone in the left column. On the sidebar, choose Summary, then Select Back Up Now under Manually Back Up and Restore.
Back up your Android device
The following backup instructions for Android are standardized for Nexus phones and other “unadulterated” Android devices. Many manufacturers make changes to Android’s Settings menus, so you may have to search for specific instructions for your device.
Tap Settings, then Personal, then Backup and reset, and make sure that both Backup My Data and Automatic Restore are checked. Then go back to Settings, and under Personal, Accounts and Sync, choose your Google account. Check all of the options listed to ensure that all available data is synced.
If you’d rather rely on third-party apps for backup, there are a plethora of options. Likewise, there’s a cottage industry of third-party apps for wiping your phone at the level of government standards.
“Apple’s got a lot of stuff they’re not good at, like headphone jacks, but on encryption, they have some of the brightest minds.” — Jonathan Zdziarski, iPhone and Mac forensics expert
Wipe your iPhone or iPad
To wipe your iOS device, go to Settings, General, Reset, and choose Erase All Content and Settings. That should be sufficient, Mulliner says. “All of the modern iPhones have the flash memory encrypted. When you throw away the key, the data is basically gone.”
One word of caution from Zdziarski: If you’ve jailbroken your iPhone or iPad, you’ll have to restore it to factory settings before wiping it. Jailbreaking, he says, also “breaks a lot of Apple’s encryption.”
To un-jailbreak your iPhone or iPad, connect it to your computer, and open iTunes. In the left column, select your iPhone or iPad, and choose Summary, then Restore.
Wipe your Android device
The easiest way to wipe your Android, Mulliner says, is ensure that your disk is encrypted, then wipe it.
Most modern Android devices, starting with Android Lollipop (5.0), are equipped with some form of full-disk encryption as an option. And like iOS devices, many Android 6.0 devices have full-disk encryption enabled by default.
To check if your Android phone is encrypted—and start the encryption process, if not—go to Settings, then Security. If your disk is encrypted, it will indicate so here.
If it isn’t, tap Encrypt Phone. A warning screen will appear, and you’ll have to again tap Encrypt Phone at the bottom of the warning. The process takes about an hour, and it requires plugging in your Android device to a power source.
To wipe your Android, go to Settings, then Backup and Reset. Choose Factory Data Reset, and finally tap Reset.
Buying a used phone? Wipe it too
Mulliner offers one last tip: If you’re buying a phone off of eBay or another third-party retailer, wipe it before you start entering your information. This will eliminate any malware potentially existing on it. It will also ensure that the device’s settings, data, and apps are associated with you alone. You’ll get a clean start.