Still thinking about buying a new phone? Well, trading your old one (and probably some extra cash) for a spanking-new smartphone would be the most sensible thing to do. However, there’s still the issue of actually making sure that the buyer can’t access your personal data. Sure, you will argue that wiping the phone’s storages would put an end to this debate.
As it happens, data can be extracted from a device even if the owner deleted everything by hand. So, are there any workarounds? There are, but it takes more than a simple memory wipe to ensure that the data’s totally safe.
Still willing to go through with this? Awesome! Here’s are a couple of data protections you should consider taking if you plan on selling your phone anytime soon.
1. Backup, backup, and even more backup
I can’t emphasize enough the importance of backup. Doesn’t matter if want to sell your phone or use the computer for other purposes than entertainment; you still need a copy of your data in case something goes wrong.
So, the first step you will need to take would be to back up everything on your phone. If you’re the proud owner of an iPhone, you can take advantage of the iCloud feature and back up everything to the cloud.
You can also plug it in your Mac and save a local copy just to be extra safe. Don’t know your way around the iCloud back up feature? Chill, fam! I got you covered. Just tap on Settings, choose the Storage & Backup option from the menu, and then head to iCloud Backup.
Bear in mind that you will need an iCloud account to store data on the cloud. When you’re ready, tap on the Back Up Now button and that’s it. Your phone will then copy your data on the cloud. Sit back and relax because this is going to take a while.
Paging Android smartphone owners! Yeah, I know that not having the luxury of an in-built Cloud backup solution can be frustrating, but where a USB cable, there’s always away. As I was saying, the best and fastest way to back up the stuff on your Android smartphone would be to connect it via USB and copy every byte of data on your computer.
It may not be pretty, but it works. Sure, you can also try your luck with third-party Cloud backup software for Android like G Cloud Backup, MyBackUp Pro, Titanium Backup, Migrate, or Resilio Sync. You should do this preferably before wiping the internal and external storages. Just saying. No pressure.
2. Get rid of the SIM and any attached SD cards.
Doesn’t matter if you have an iPhone or Android smartphone; that SIM card must go away before reaching its new owner. As you probably know by now, SIM cards are used to store contact info, like phone numbers, email addresses, and names. You really wouldn’t want that kind of info to fall into the wrong hands, do you now?
So, before trading in your phone, make sure you yank the SIM card out of its slot. Newer smartphones have special trays, which facilitate access to both components.
If your phone doesn’t have a device tray, you’ll need to remove the back cover and probably the battery as well to gain access to the SIM\SD slots. You should refer to the phone’s manual for detailed instructions on how to safely remove the SIM and SDs.
3. Encrypt your data
Scrambling the data on your smartphone using an encryption key may be the best way to ensure that the data is totally unreadable. What happens is that the residue left behind after a total reset (I will get to that in a moment) will be locked by the phone’s unique encryption key.
Yes, it means that no one will be able to read or use a byte of information even if, by some miracle, someone does manage to get ahold of your deleted data.
For iPhone owners, you don’t need to do anything out of the ordinary to encrypt your data, since the phone does this by default. Unfortunately, things are not the same when it comes to Android devices. Not to worry.
Here’s what you need to do in order to encrypt the data on your Android smartphone. Tap on Settings and head to More. Scroll down until you see Security. Tap on Encrypt Device and use the slider to start the process.
Depending on the amount of data on your smartphone, the encryption could take anywhere from a couple of minutes to one hour. When it’s done, you can proceed with the next step which is performing the factory reset.
4. Performing a factory reset
As you would imagine, the final step before the phone will be shipped to the next owner would be to wipe it clean. Sure, you can go ahead and delete everything manually, but do bear in mind that this procedure usually leaves behind “breadcrumbs” (loose pieces of data that can be used to reconstruct a big deal of what used to be there).
As a result, the best way to go about scrubbing your phone’s memory would be to perform a factory reset.
On Android, head to Settings, tap on Privacy and select the Factory Data Reset. Tap again on the Factory Data Reset button to confirm. Your smartphone will restart a couple of times during the process.
If you have an iPhone, head to Settings, tap on General, and select Reset. Go to the bottom of the screen and tap on Reset Phone. It’s going to take a while, so take a chance to chill.
So, these are the basic steps that you will need to take before you sell your phone. Of course, there are always more ways to ensure that your phone’s clean as a whistle before giving it away.
Additional steps to take before you sell your phone
Step 1. Unpair all devices
If you have headphones, smartwatches, or Wi-Fi\Bluetooth speakers paired with your smartphone you should consider, well, unpairing them before proceeding with the above-mentioned steps. For Android, tap on Settings and head to the Bluetooth menu.
Turn on your Bluetooth to see a complete list of all paired devices. To unpair them, tap on the gearwheel next to each item and hit the unpair button.
In case you have an Android-compatible associated with your phone, you may want to wipe its memory as well. For most Android watches, go to Settings > Privacy > Factory Data Reset. Confirm the process and that’s basically it.
As for iPhones, to unpair, an Apple Watch head to the My Watch menu, select the active watch and click on the “information” button next to it. Hit the Unpair button and you’re all set. Just remember to keep that smartwatch close to the phone while performing the unpairing process.
Of course, you shouldn’t forget about wiping your Apple Watch’s internal and external storage after unpairing it. To do that, fire up your smartwatch, go to Settings and then tap on General. Select Reset and tap on Erase All Content and Setting. Choose the Erase All option to confirm.
Step 2. Sign out from all tertiary services
Another thing you might want to try before you sell your phone would be to sign out from all accounts. This includes Facebook Messenger, Gmail, Yahoo Mail, Google or Apple Pay, and everything in between. Do bear in mind that some apps like Facebook’s IMS and Gmail stores passwords.Be sure to wipe them as well before signing out of your accounts.
So, if you have an Android phone, you would want to tap on Setting and then on Cloud and Accounts. Tap on Accounts. Select one of them and then tap on the Remove Account button. You will have to repeat the procedure for each item in the list.
iPhone users should remember to switch off iMessage, the Wallet & Apple Pay, Find my phone, and Apple ID. You will find all of these items under Settings.
Step 3. Delete credentials from browsers
Most browsers store credentials by default. So, before saying buh-bye to your old phone, you may want to delete your credentials. Since Chrome’s most used mobile and desktop browser on the market, I’m going to show you how to purge the credential cache. First, open up your Chrome browser.
Tap on the More menu (icon look like three parallel lines) and select Options. From the left tab, select Privacy and Security. Scroll until you see Forms and Passwords. In the next dialog box, please select Saved Logins. Tap on the Remove All button. Congrats! You’ve just cleared the browser’s password cache. You can now sell your phone or at least try to find some interested party.
Step 4. Unregister your device from the Apple account (Apple phones only)
To unregister the device from the account, hop on your Apple ID account. When prompted, type in your username and password. Go to the bottom of the list and click on Devices. Select your current device from the drop-down list and click on the Remove button.
Step 5. Remove factory reset protection (Android only)
FRP (factory reset protection) is an Android-exclusive failsafe that prevents factory reset and manual wipe in case your phone gets stolen. In other words, if someone were to run out with your phone, this in-built countermeasure will not allow the thief to wipe the phone’s memory in an attempt to get rid of the evidence.
So, it’s only natural to deactivate FRP before attempting to sell your phone. To do that, tap on Settings and go to About device/phone. From there, head on over to Software info. Write down your phone’s version.
After that, go back to the Settings menu and select the Security or Lock Screen Security menu. Under Screen Lock, move the slider to the off position. All you need to do now is perform a factory reset and find a customer (good luck with that).
Step 6. Fill the phone with dummy data
Not what you might call a regular pre-sale tactic, but considering the staggering number of cyberattacks, one cannot be too careful about data security. And yes, your personal info can still end up on the dark web even if you took all the precautions.
Filling up your dummy data prior to encryption and factory reset is one of the best ways to make this type of info totally unusable and virtually irretrievable. What this means is uploading stuff other than sensitive info on the phone.
This includes pics, videos, and empty documents. During the encryption process, the dummy data become interwoven with personal info. So, even if the phone ends up in the hands of a hacker, he/she will be unable to make heads or tails of the data that was on your phone.
Step 7. Clean your phone, add accessories, and scan
Now it’s time to add the finishing touches: cleaning, packing, and scanning the device. Yes, I’m aware that the cleaning and packaging parts don’t have any kind of bearing on data protection, but this doesn’t mean that they are unimportant.
Would you really consider buying a dirty and dusty smartphone? So, give a good clean before placing it in the original box. Don’t forget about blowing the battery compartment with a can of compressed air. Finally, place the phone in its box. Don’t forget about including the original accessories: charger, USB cable, user’s manual, headphones, and back cover spares.
Before taking it to the new owner, give it one last malware scan. I’m painfully aware that the memory was wiped clean, but some types of malware, especially those that get themselves attached to the boot sector, can persist even if the device’s entire storage has been wiped-clean. Now your device is ready to be shipped to its new owner.
That’s about it on how to prepare your phone before shipping it to its forever home. To wrap everything up nice and neat: backup, remote SIM and SD card, encrypt and perform a factory reset. I hope you’ve enjoyed my article and, as always, for any rants, comments, beer donations, shoot me a comment. Ciao!
The post 4+ Essential Data Protection Steps to Take Before You Sell Your Phone appeared first on Heimdal Security Blog.