How to Protect Your Privacy When Selling or Trading In Your Phone

Your smartphone holds more personal information than any other device you own -- photos, passwords, banking credentials, health records, location history, private messages, and biometric data. Before you sell, trade in, or give away your phone, you need to ensure that none of this data can be recovered by the next owner. A careless handoff could expose years of your digital life to a complete stranger.

Why This Matters More Than You Think

Consider everything stored on your phone right now:

• Saved passwords and autofill data: Banking apps, email, social media, and shopping accounts
• Photos and videos: Personal images, screenshots of sensitive documents, ID photos
• Health data: Fitness tracking, medical records, mental health app data
• Location history: A detailed map of everywhere you have been, including your home and workplace
• Messages and call logs: Text conversations, voicemails, and contact lists
• Financial information: Mobile payment cards, cryptocurrency wallets, banking app data
• Biometric data: Fingerprint templates and facial recognition profiles stored on-device

Even data you think you have deleted may still be recoverable if you do not wipe the device properly. Taking fifteen minutes to follow the correct steps can save you from months of dealing with identity theft or financial fraud.

Before You Wipe: Essential Preparation

Before erasing anything, complete these preparation steps:

1. Back up your data: Create a full backup to iCloud, Google Drive, or your computer so you can transfer everything to your new device
2. Save your photos separately: Export photos and videos to a computer or cloud storage service you control, since backup restoration can sometimes miss media files
3. Document your accounts: Make a list of every app and service logged in on your phone, especially any that use the device as a two-factor authentication method
4. Transfer authenticator apps: If you use Google Authenticator, Microsoft Authenticator, or similar apps, transfer your accounts to your new device before wiping the old one -- losing access to 2FA codes can lock you out of critical accounts
5. Check for device payment plans: Ensure the phone is fully paid off before selling, as carriers can blacklist devices with outstanding balances

Step-by-Step: Wiping an iPhone

Apple's iOS uses hardware-level encryption through the Secure Enclave. When you erase an iPhone, iOS destroys the encryption keys, rendering all data cryptographically inaccessible. As of iOS 18 and later, forensic tools achieve essentially zero success rates at recovering data from a properly erased iPhone. Follow these steps in order:

1. Unpair your Apple Watch if you have one connected (this automatically backs up the watch)
2. Create a fresh backup: Go to Settings, tap your name, then iCloud, then iCloud Backup, and tap Back Up Now
3. Sign out of iCloud: Go to Settings, tap your name, scroll down, and tap Sign Out. Enter your Apple ID password and tap Turn Off to disable Find My iPhone. This step is critical -- skipping it leaves Activation Lock enabled, which prevents the next owner from setting up the device
4. Deregister iMessage: If you are switching to a non-Apple phone, go to Settings, then Messages, and turn off iMessage. You can also deregister at Apple's online tool
5. Erase all content and settings: Go to Settings, then General, then Transfer or Reset iPhone, and tap Erase All Content and Settings. Enter your passcode when prompted
6. Remove the SIM card: Use a SIM ejector tool or a straightened paperclip to remove your SIM card after the erase is complete

Step-by-Step: Wiping an Android Phone

Most modern Android phones (Android 10 or later) encrypt data by default, and a factory reset destroys the encryption keys. However, older or budget devices may not handle this as securely.

1. Verify encryption is enabled: Go to Settings, then Security (or Security and Privacy), and look for Encryption. If your device is not encrypted, enable encryption before proceeding -- this is the single most important step for Android users
2. Back up your data: Go to Settings, then System, then Backup, and ensure your data is backed up to Google
3. Remove your Google account: Go to Settings, then Accounts, select your Google account, and tap Remove Account. This disables Factory Reset Protection (FRP), which would otherwise lock the next owner out of the device
4. Sign out of all apps: Manually sign out of banking, social media, messaging, and email apps
5. Remove the SIM and SD cards: Take out both your SIM card and any microSD storage card. SD cards are not wiped by factory reset and may contain photos, downloads, and app data
6. Perform the factory reset: Go to Settings, then System, then Reset Options, and tap Erase All Data (Factory Reset)
7. Overwrite with dummy data (optional extra security): For older or unencrypted devices, after the factory reset, set up the phone as a new device without signing in, fill the storage by recording video until the phone is full, then perform a second factory reset. This overwrites any residual data with meaningless content

Do Not Forget These Often-Missed Steps

Even after a thorough wipe, many people overlook these important details:

• Remove your SIM card: Your SIM contains your phone number and carrier information. Always remove it before handing over the device
• Remove the SD card: External storage cards are not wiped by a factory reset and may contain years of photos and app data
• Deregister from your carrier: Confirm the device has been removed from your account, especially if it was on an installment plan
• Unpair Bluetooth devices: Remove all paired devices including earbuds, smartwatches, and car systems
• Remove from Find My or Google Find My Device: Sign in to iCloud.com or Google's Find My Device site and remove the device from your account
• Deauthorize streaming services: Remove the old phone from your authorized devices list for services like Spotify and Netflix
• Delete eSIM profiles: If your phone uses an eSIM, ensure the profile is erased during the reset process

Trade-In Programs vs. Selling Privately

The method you choose to part with your phone has different privacy implications:

Trade-In Programs (Apple, Samsung, Carrier Programs)

• Pros: Most reputable programs perform their own certified data wipe after receiving the device, adding an extra layer of protection
• Cons: Your device passes through corporate logistics chains, and you are trusting the company's wiping process in addition to your own
• Recommendation: Always wipe the device yourself before trading it in. Never rely solely on the trade-in company's process

Selling Privately (Craigslist, Facebook Marketplace, eBay)

• Pros: Usually higher sale price than trade-in programs
• Cons: The device goes directly to an unknown individual. If you miss a step in wiping, that person has immediate access to whatever data remains
• Recommendation: Follow every step in this guide meticulously. Meet in a public location and complete the wipe before handing over the device, not after

Keeping a Phone as a Backup Device

If you are keeping your old phone as a spare rather than selling it, you still need to take precautions:

• Sign out of all accounts to reduce exposure if the device is lost or stolen
• Remove sensitive apps including banking, health, and financial apps
• Keep the OS updated to patch security vulnerabilities -- even devices sitting in a drawer need updates
• Store it securely in a locked location if it still contains any personal data
• Enable remote wipe capability so you can erase it if it goes missing

Remove Your Data From Brokers Too

Wiping your phone protects the data stored on the device itself, but your phone number, name, and address are likely already listed across dozens of data broker and people search sites. These broker profiles often link your phone number to your home address, email, family members, and more -- information that is accessible to anyone who searches for you online.

PrivacyOn removes your personal information -- including phone numbers, addresses, and associated data -- from over 100 data broker sites. While a factory reset protects the data physically stored on your phone, PrivacyOn protects the personal data that has already been copied, aggregated, and sold across the internet. Together, these steps give you comprehensive coverage when it is time to let go of an old device.