I have a drawer full of old Androids and iPhones because I’m too paranoid to sell them. The idea of some stranger running a data recovery tool on my old Galaxy and finding a cached 2FA code or a photo of my driver’s license keeps me up at night. Standard “Factory Resets” are deceptive; they often just wipe the file table, leaving the actual binary data sitting on the flash storage until it gets overwritten. I finally cleared out my backlog yesterday, and here is the only way I trust to actually wipe a device.
Why Just Clicking “Reset” is Negligence
Flash storage uses wear leveling. When you tell the OS to delete a file, it lazily marks the space as available but rarely zeros out the actual sectors immediately. I’ve run recovery software on “wiped” phones bought from eBay and pulled entire contact lists. The only way to be safe is to ensure the data is encrypted before you wipe it. If the data is encrypted, a factory reset destroys the decryption key. Without that key, your old data is just random digital noise, and no amount of recovery software can fix that.
The Protocol
Do this in order. Do not skip the account removal step, or you will create a paperweight.
- Remove the Accounts (Crucial): Go to Settings > Accounts (or “Passwords & Accounts” on iOS) and remove every single Google or iCloud account. The first time I tried to sell a Pixel, I wiped it without removing my Google account. The buyer emailed me two days later saying they couldn’t get past the “Verify your account” screen because of Factory Reset Protection (FRP). I had to give a stranger my password to unlock it. Never again. Remove the accounts first.
- Encrypt the Device: Most modern phones (Android 6.0+ and iOS) are encrypted by default. But I never trust defaults. Go to Settings > Security > Encryption. If it says “Encrypted,” you’re good. If it gives you an option to “Encrypt Phone,” do it. Plug it into a charger, because this takes an hour and if the battery dies, you brick the phone.
- The First Reset: Go to Settings > System > Reset Options > Erase all data (factory reset). Let it reboot to the “Welcome” screen.
- The “Dummy Data” Overwrite (Optional Paranoia): If I’m selling a phone that had company secrets on it, I take this extra step. I set up the phone again without logging into any accounts. Then, I open the camera app, set it to 4K video, and point it at the wall. I let it record until the storage is 100% full. This forces the storage controller to physically overwrite the old encrypted blocks with new, useless video data. Then, I do a second factory reset.
Common mistakes
The eSIM Trap
I sold an iPhone last year and realized three hours later that my eSIM profile was still active on it. Factory resets often ask if you want to keep data plans. I usually just click “Yes” to everything to get through the wizard quickly. Make sure you explicitly select the option to erase eSIMs or data plans during the reset process, or manually delete the plan in Cellular settings before the wipe.
The SD Card Oversight
If your phone still has a microSD slot, the factory reset usually ignores it. I once left a 64GB card full of MP3s and backups in a phone I traded in. Either physically remove the card and snap it in half (my preferred method), or go to Storage > SD Card and format it separately.
If you encrypt the data and destroy the key, you don’t need to drill a hole through the screen to be secure.
