Our phones play an intricate role in our lives. We use them as cameras, communication devices, banking kiosks, and confessionals. Every task we tackle leaves a tiny bit of data behind, and unless we take steps to protect it, that information can move from you to a buyer when you sell your phone.

Android manufacturers know our phones hold our hopes and dreams, and they've instituted some protections in newer models. That upgrade provides protection if your phone is lost or stolen, but it can also keep your buyer from opening or using the phone.

Wiping your phone protects your privacy and your buyer's investment. To do it right, you'll need to follow eight steps.

Step 1: Remove the SIM card and SD card.

Android phones have one or two tiny pieces of plastic for data collection. Your SIM card connects you to the service provider, and your SD card contains photos and other bits of personal information. Remove them both before you sell your phone.

You'll find them in one of two places.

  • Under the back plate: Can you pop the back off your phone to replace the battery? Your cards are probably near or beneath the battery. Look for labels pushed into the plastic, or seek out shiny doors with hinges. Push the door toward the hinge, and it should open up.

  • On the side: Do you have a little hole on the side of your phone or something that looks like a door? Push a paperclip into that hole, and the drawer should pop open with your SIM card inside.

Can't find your SD card? Don't worry. Some Android models don't have this form of external storage. If your phone has a SIM card in a drawer on the side of the phone, you probably don't have an SD card.

Step 2: Sign out of accounts.

During setup, you personalized your phone with apps galore, and you signed into systems to collect and protect your data. Now, you'll need to undo all of those steps, so your phone will be ready for a new person.

To delete apps:

  • Open the "Settings" menu.

  • Open the folder labeled "Apps" or "Application Manager."

  • Tap on an app.

  • Select "Uninstall."

When you've deleted every app you can, go back to your "Settings" menu. Look for the "Accounts" button. You'll see a button labeled "Google." Tap it, and then tap "Remove Account."

On a Samsung Galaxy, head to "Settings" and look for the "Lock Screen and Security" button. Then tap "Find My Mobile," enter your password, tap on your account, and hit "Remove Account."

Step 3: Encrypt.

Encryption puts a lock between your data and a user, and only a proper code can make the protection fall away. Newer Android phones are encrypted by default, but if yours is not, this is an important way to protect your security. 

To do it:

  • Open the "Settings" menu.

  • Search for a button labeled "Encryption." You might have to dig a bit, as the placement of this option varies from phone to phone.

  • Read the text. If your phone is encrypted, you'll see a note about that.

  • Check your battery. Encryption takes time, and it won't work if your phone runs out of juice. If you're not charged, do that and then come back to this step.

  • Hit "Encrypt." Your phone won't work while this is happening.

Step 4: Disable factory reset protection.

Android phones reset data with the help of software. If you've kept up with software updates on your device, you're probably running 5.0 Lollipop or higher. This software comes with protections that keep crooks from stealing, wiping, and selling your phone. You can, and must, disable that feature.

If you have a Samsung Galaxy, you should:

  • Open the "Settings" menu.

  • Tap on "Lock Screen and Security."

  • Select "Lock Screen Type."

  • Choose "None."

If you have a Google Pixel:

  • Open the "Settings" menu.

  • Tap on "Security and Location."

  • Select "Lock Screen."

  • Choose "None."

Step 5: Perform a factory reset.

It's time to perform a technical wipe of the data on your phone. This process takes just a few moments to complete, but it doesn't offer complete protection.

Your software may have subtle differences, but most phones enable you to reset your device if you:

  • Go to "Settings."

  • Tap on "General Management" or "System" and then "Advanced."

  • Hit "Reset" or "Reset Options" and then "Erase All Data."

Your phone will seem clean and clear, but researchers say bits of data remain. In a 2014 study, researchers bought discarded Android phones and used simple computer programs to extract data. They found all kinds of horrifying bits of data, including naked selfies.

Researchers say that software developers built in safeguards from full deletion. The program may tell you that data is gone for good after a reset, but it still lingers in the guts of your phone.

For that reason, you'll need to take a few more steps to ensure that your phone is really and truly clean.

Step 6: Load up the fakes.

You may need to pop your SIM card back into your phone to take this final step, but it's worth it. You'll load up your phone with junk data to fool sneaky people who might want to find your secrets when they buy your phone.

Sign back into your Google account, and search for random pictures of kittens, flowers, or anything else that interests you. Download the photos on your phone, and repeat until you have several in place.

Step 7: Perform another factory reset.

With your phone loaded up with fake data, it's time to clean up and perform another deletion.

This is a bit like placing compost on top of your garden to fool stealing squirrels. To get at the good stuff, they'll need to dig past a thick layer of garbage. And as they dig, they push the compost deeper into the soil, which can make their search harder.

Delete your Google account again and perform another factory reset. Pop your SIM card out again too.

Step 8: Test your work.

Protecting your privacy is critical, and when you're done with your work, no traces of your history should sit on your phone. Test that theory with a few simple steps.

Boot up your phone and look for:

  • Text messages. Seek out notes you've both sent and received, and make sure none are sitting in your trash folder.

  • Email messages. Make sure you can't log into your email from your phone. Ensure that messages aren't sitting on your phone somewhere.

  • Photos. Look for snaps you've taken, deleted, or sent to others.

  • History. Can you log into a browser, and if so, can you figure out what page you visited last?

If you can still see traces of your digital life, walk back through these steps again. Perhaps you missed one small but vital piece of information needed to keep your life safe and secure.

When you're done, you can sell your phone with confidence and know that there's nothing left behind that your buyer can use against you.

 

References

Android's Phone Wiping Fails to Delete Personal Data. (July 2014). CNET.