Clean Up Your Old Smart Device before You Get Rid of It

feat-phonesec

By Leila Sharma and Rebecah Huang | Updated: January 7, 2022

Safeguard Your Data Before Selling or Trading In a Mobile Phone

By Leila Sharma and Rebecah Huang

You backed up your old phone — but have you wiped it clean? When switching to a new mobile device, removing personal information from your old device may not be something that automatically comes to mind. However, the consequences of not doing so can be serious and unforeseen. Used phones are often refurbished and resold. Leaving behind important information such as passwords, contact information, photographs, and account details can lead to personal privacy breaches.

With account information from an old traded-in cellphone, hackers may be able to gain access to emails, take over social media accounts, open new accounts in your name, and more. It’s likely the next person who gets your old phone will have no malicious intent, but when it comes to your privacy and personal information, it’s always best to ensure there is no personal information available to be stolen.

How to Clear Your Old Phone:

The recommended steps, detailed more fully below are to:

  • Backup phone data
  • Remove SIM and SD cards
  • Erase and verify deletion of personal or sensitive information
  • Disconnect your phone from accounts and devices

Backup phone data

To make sure you don’t lose any important data when switching to your new phone, perform a back-up. Because upgrading phones is a common occurrence, both iPhone and Android have taken steps to make the back-up process simple.

Remove SIM and SD cards

Even if you’re not planning to keep your phone number when you get a new phone, you should still remove the SIM card. If you have an Android device, also remove the SD memory storage card if you are using one. Both SIM and SD cards contain personal information that can be extracted and exploited. If you will not be reusing an old SIM card, destroy it.

Erase and verify deletion of personal or sensitive information

To remove personal information, restore or reset your old phone. Both iPhone and Android offer the ability to perform a “factory reset.” After restoring/resetting, verify that personal information has been effectively deleted. Check commonly missed items, such as contacts, text messages or other media, notes, and browsing history.

Keep in mind that a factory reset/restore removes pointers to files containing data, but does not remove the actual data. This is one reason why device encryption is so important. If your device is encrypted prior to a factory reset, the remaining device data following a reset will be unintelligible. Every iPhone since 3GS is encrypted by default. Encryption availability on Android devices varies, and depends both on the manufacturer and the age of the device. Android users are advised to visit Settings > Security on their device to check the status/availability of device encryption.

  • Please note: for Android phones, it’s recommended that you sign out of your Google account before you reset your phone. Please see the instructions in “Deregistering yourself from your accounts” below. For older Android phones which cannot be encrypted, you can use an app like iShredder following a device reset to erase all free space on the phone. Once this is done, perform another factory reset.

Disconnect your phone from accounts and devices

Most mobile phones have the ability to wirelessly connect to other devices using online connectivity or Bluetooth options. Disconnect and unpair the old phone to any smartwatch or vehicle. Make sure Wi-Fi networks and passwords are “forgotten” in settings, and double-check that passwords for all accounts are removed from the phone. To delete a wireless network from your list of available networks, see the following instructions for Apple and Android.

Deregistering yourself from your accounts on your old device will prevent trouble logging back in on a new device, possible tracking issues in the future, and difficulties in the next owner’s attempt to activate the device. 

  • To deregister your iPhone, go to Settings > Your Name, and click Sign Out (at the bottom of the screen), which will remove the device from your account. If you’re moving to an Android phone, it is recommended that you also deregister iMessage
  • To deregister your Android phone, go to Settings>Users & Accounts>click your Google Account followed by the Remove Account button.

Finally, if you are changing your phone number, do not forget to remove your old phone number from all multi-factor authentication enabled accounts, and change your phone number on file with any accounts and services that use it to identify you.

Additional Resources