How to Wipe Your Phone Before Selling It Safely

I don’t care how many phones I’ve wiped, sold, traded in, fixed for cousins, or rescued from junk drawers, there is still this tiny weird stomach-drop moment when I’m about to hand one to another person. Like… did I really delete everything? Are my photos gone? Is my bank app still signed in? Did I leave some cursed old screenshot from 2019 sitting in Downloads? Phones are not just gadgets anymore, they’re basically our messy little life boxes with a battery. Contacts, photos, two-factor codes, work email, location history, WhatsApp chats, random notes, saved passwords, boarding passes, all of it. So yeah, wiping a phone before selling it is not just “tap factory reset and hope.” I mean, sometimes it is, but also not really.¶

I learned this the annoying way years ago when I sold an Android phone and forgot to remove my Google account first. The buyer called me, not even mad exactly, just confused, because the phone was asking for the previous owner’s login after reset. That’s Factory Reset Protection doing its job, but at that moment it felt like the phone was personally exposing me as a careless tech guy. Me and him spent like 20 minutes on speaker phone while I tried to remember which account I used. Never again. Since then I’ve had a little ritual, kinda overkill maybe, but it works.¶

On modern iPhones and Android phones, wiping is way safer than it used to be because phones are encrypted by default. That’s the boring-sounding part that matters a ton. Encryption means your data is stored in a scrambled form, and when you reset the phone properly, the keys needed to read that data are destroyed. So the buyer isn’t usually “recovering your deleted photos” with some magic hacker app like it’s a TV show. Still, don’t get lazy. A factory reset is powerful, but the accounts around the phone matter just as much as the files inside it.¶

Apple’s support guidance is pretty clear on this: back up your iPhone, sign out of Apple services like iCloud and Find My, erase the device from Settings, and remove it from your trusted device list if needed. Google’s Android guidance is similar in spirit: back up your stuff, remove accounts and screen locks when appropriate, then use the reset option in Settings. The exact wording moves around a bit between iOS versions, Samsung One UI, Pixel Android, Xiaomi, OnePlus and all those skins, because apparently settings menus must be a treasure hunt forever. But the principles are stable.¶

Before I touch the reset button, I treat the phone like I’m moving out of an apartment. I don’t just throw the keys at the landlord. I check the drawers, unplug the router, forward the mail, grab the weird little charger behind the couch. Same idea here. You want to get your data out, disconnect your accounts, then wipe. In that order. Doing it backwards can be harmless sometimes, but it can also be a giant pain, especially with authenticator apps and eSIMs.¶

• Back up the phone properly, not in a vague “I think iCloud did it” way. Actually check the backup completed.
• Move your authenticator codes, banking access, WhatsApp or Signal chats, and anything tied to the device before resetting.
• Sign out of accounts that create lock-in, especially Apple ID or Google account.
• Remove screen locks, paired watches, eSIMs, and device tracking where needed.
• Factory reset from the official Settings app, not some sketchy cleaner tool.
• After reset, make sure it boots to the welcome setup screen and does not ask for your old account.

This is where I get a little dramatic, sorry. Don’t wipe until you can point to where your stuff lives now. For iPhone, that might be iCloud Backup or an encrypted backup on a Mac or PC using Finder or Apple Devices/iTunes depending on what computer situation you’ve got. I like encrypted computer backups for old iPhones because they can preserve more sensitive bits like health data and Wi-Fi settings, but iCloud is simpler and honestly most people should pick simple over perfect. For Android, you’ve got Google One backup, manufacturer tools like Samsung Smart Switch, and app-specific backups. Photos might be in Google Photos, iCloud Photos, OneDrive, Dropbox, or nowhere because you turned it off one day and forgot. Ask me how I know.¶

The gotcha is that “backed up” doesn’t mean every app saved every thing. WhatsApp has its own backup flow. Signal has its own transfer process and can be fussy. Authenticator apps vary a lot, though Google Authenticator, Microsoft Authenticator, 1Password, Bitwarden and others all have their own migration or cloud-sync stories. Banking apps might require reactivation on the new phone. Some games still act like cloud saves are a futuristic luxury. Open the important apps on your new phone before wiping the old one. Not after. After is when you discover that one old note with your router password was local-only, and then you stare at the wall for a minute.¶

Photos and videos are the emotional landmine. Technically, yes, they should go away in a proper reset. But before selling, I still do a media audit because photos can live in more places than your camera roll. Check hidden albums, recently deleted folders, downloads, messaging apps, secure folders, file manager folders, and cloud sync. Also, if you’ve been using random AI avatar or face filter apps, remember those images may have been uploaded to third-party services, not just stored on your phone. I wrote myself a note after one of those viral AI portrait waves because everyone was uploading face pics like candy. If that topic makes you itchy too, this AI Photo App Privacy Checklist: What to Check Before Uploading Your Face is the kind of thing I wish more people read before tapping “Allow all photos.”¶

This part sounds basic, but it’s where people mess up. On iPhone, Find My and Activation Lock are the big ones. If Find My is still attached to your Apple ID, the next person may not be able to activate the phone. That’s not Apple being annoying for fun, it’s an anti-theft feature, and honestly it’s a good one. Go to Settings, tap your name, find Find My, and follow Apple’s current flow to turn it off or sign out before erasing. Newer iOS versions also make the “Erase All Content and Settings” process handle some of the sign-out steps for you, but I still like to manually confirm because I’m old and suspicious.¶

On Android, Factory Reset Protection is the similar “don’t steal phones” feature. If you reset a phone while a Google account is still connected and certain security settings are active, the phone can ask for the previous Google login during setup. That is great when a thief wipes your device, less great when you sold it on Facebook Marketplace and now Dave from across town is texting you in all caps. So remove your Google account before resetting, especially if you’re selling directly to a person. On many Android phones it’s Settings, Passwords and accounts, then your Google account, then Remove account. Samsung has Samsung account too, so don’t forget that one.¶

This is the same general principle I use with hotel TVs, rental cars, borrowed tablets, whatever: if a device has your account, log out before you leave it. Different gadget, same human laziness trap. I rambled about this in the Hotel Smart TV Privacy Checklist for Travelers, and phones are like the extreme version because the account access is deeper and more personal.¶

Okay, this is maybe a little extra, but I like doing it. Before selling an old phone, I open privacy settings and look at permissions: location, camera, microphone, contacts, photos, Bluetooth, local network, all that stuff. Why bother if I’m about to wipe it? Because it reminds me what apps had access, and sometimes I’ll realize I should revoke access from the account side too. Like an old fitness app connected to Google Fit or Apple Health, or a calendar app I forgot existed, or a photo printing app that still has cloud access. The phone reset clears the device, but it doesn’t magically cancel every third-party service permission in the cloud.¶

If you haven’t done this in awhile, it’s honestly worth doing even when you’re not selling. Apps accumulate permissions like junk mail. I have a whole soft spot for permission audits because they make privacy feel practical instead of abstract. This App Permissions Audit: What to Allow or Deny lines up nicely with the pre-sale routine, especially around contacts, location, photos and account access. You don’t need to become a privacy monk. Just don’t let a flashlight app from 2018 keep sniffing around your life, you know?¶

Here’s my usual iPhone flow. First I back up and confirm it. If I have an Apple Watch paired, I unpair it from the Watch app because that creates a backup and removes Activation Lock from the watch. Then I transfer or remove the eSIM if the phone uses one. This part depends on your carrier and country, so don’t just delete the eSIM if you still need that line and you’re not sure how to reactivate it. I’ve seen people lock themselves out of SMS codes because their number was stuck in eSIM limbo. Very modern problem, very stupid feeling.¶

After that, I sign out of iCloud and Apple ID if the erase process hasn’t already prompted me. On current iPhones, the normal path is Settings, General, Transfer or Reset iPhone, Erase All Content and Settings. The phone will show what’s being removed, ask for passcode, maybe Apple ID password, and then it wipes. When it restarts, I want to see the Hello screen. Not my wallpaper. Not my widgets. Not my Apple ID. Just Hello, pick a language, setup flow. That’s the moment where I can breathe.¶

• Do not manually delete photos one by one while iCloud Photos is syncing unless you understand what you’re doing, because you might delete them from iCloud too.
• Do remove the device from your Apple account trusted devices if it still shows up later.
• Do take the SIM card out, unless it’s eSIM only and there is no physical SIM.
• Do clean the phone physically too. People notice pocket lint, and yeah it’s gross.

Android is a little more chaotic, in the lovable Android way. A Pixel, Samsung Galaxy, Motorola, Xiaomi, OnePlus, and older LG phone can all call the same thing slightly different names. Generally, I do this: back up with Google and any manufacturer tool I trust, move authenticator and chat apps, remove work profiles if there are any, remove Google accounts, remove Samsung or other OEM accounts, turn off Find My Device if needed, remove screen lock if the phone asks, then factory reset from Settings.¶

On many phones the reset path is something like Settings, System, Reset options, Erase all data, Factory reset. On Samsung it often lives under Settings, General management, Reset, Factory data reset. Don’t panic if your menu is different, use the settings search bar and type “reset.” Make sure you pick the real factory reset option from system settings, not a random “phone booster” app that promises military-grade deletion with a flaming skull icon. Those apps are usually nonsense or worse.¶

After the reset, boot to the setup screen. If it asks for your old Google account, you didn’t fully clear FRP. If you’re trading into a carrier or manufacturer, they may guide you through this, but if you’re selling person-to-person, test it yourself. I like to start setup just far enough to see it isn’t demanding my previous login, then power it off without adding any account. Tiny bit of effort, saves an awkward meet-up in a parking lot later.¶

The digital wipe is the big thing, but I have seen people sell phones with microSD cards still inside. That’s basically handing someone a tiny envelope of your photos and downloads. If your Android phone has a microSD slot, remove the card. If you’re including the card in the sale, format it separately after backing it up, but personally I don’t include old storage cards. They’re cheap, and I don’t trust my past self. Same with SIM cards. Pop the tray, take the SIM, check again, then check again because somehow SIMs hide in plain sight.¶

Also remove cases, check wallet cases for IDs or cards, clean the camera lenses, and look under screen protectors if they’re cracked and nasty. I once bought a used phone for testing and found an old transit card tucked behind the case. No data breach, just… odd. If you have a phone with an S Pen or stylus, make sure it’s included or clearly say it isn’t. If you’re shipping, pack it like the delivery truck is going to play football with it, because maybe it will.¶

This is where old advice refuses to die. Years ago, people recommended filling a phone with junk video after factory reset, then resetting again, to overwrite storage. On modern encrypted iPhones and Android phones, that’s usually not necessary if encryption was enabled, and it normally is by default on recent devices. The reset destroys the encryption keys, which is the important part. But if you’re dealing with a very old Android device, something ancient and possibly unencrypted, then yeah, I’d be more cautious. Encrypt first if possible, then factory reset. Or honestly, don’t sell truly old devices with sensitive history unless you’re confident.¶

Third-party wipe tools can be useful in corporate device management, but for regular people, Apple’s and Google’s built-in erase tools are what I trust. They’re maintained by the platform owners, integrated with account locks, and less likely to do something sketchy. A random app can’t magically erase parts of the system it doesn’t have permission to touch. And if it asks for creepy permissions, that’s your sign to back away slowly.¶

Here’s the slightly uncomfortable truth: wiping the phone does not wipe your life from the internet. It removes your data from that device. If an app already synced your contacts to its servers, or your photos to its cloud, or your notes to an account, those copies still exist wherever you put them. Sometimes that’s exactly what you want, like iCloud Photos or Google Photos. Sometimes it’s some old scanner app you used twice and forgot. Before selling a phone, I like to visit my Apple ID, Google account, Microsoft account, password manager, and a few social apps to remove the old device from trusted devices or active sessions.¶

For Google, check security settings for your devices and third-party access. For Apple, check your device list and trusted phone numbers. For Meta, WhatsApp, Telegram, Instagram, banking, email, work apps, all the usual suspects, look for “logged in devices” or “sessions.” I know, it’s tedious. Put on music. Make tea. Do it anyway. The reset is the lock on the door, but cloud sessions are like spare keys under random flower pots.¶

Once the phone is wiped and sitting on the welcome screen, I take photos of it for the listing, including the screen on, the back, the camera area, the ports, and any scratches. I write down storage size, model number, battery health if it’s an iPhone, and whether it’s carrier unlocked. Then I charge it to around 50 percent, power it off, remove SIM and SD cards, pack the cable if I promised one, and keep the tracking receipt if shipping. If meeting locally, I do it somewhere public. Not because phone buyers are all villains, but because humans are weird and phones are expensive.¶

I also keep a note for myself with the date sold, buyer platform, serial or IMEI if appropriate, and proof that I erased it. Don’t post IMEI publicly in your listing, by the way. Some marketplaces ask for enough info to verify, but plastering identifiers everywhere is just asking for nonsense. If trading in, follow the trade-in company’s instructions exactly, because they can reject devices for activation lock, damage, wrong model, or “not as described,” and then everyone gets cranky.¶

CopyThe safest wipe is not one magic button. It’s backup, disconnect, erase, verify. Four boring words that can save you from a very exciting headache.

The biggest mistake is resetting before moving two-factor authentication. This one hurts. If your email, bank, crypto wallet, work login, or password manager depends on the old phone, make sure the new phone is ready first. Print backup codes if the service offers them, or store them in your password manager. Another mistake is assuming photos are safe because thumbnails still show somewhere. Open the cloud app on another device and confirm. Also, don’t forget local files. Android’s Downloads folder is a junk drawer of tax PDFs, memes, boarding passes, and stuff you didn’t even know was there.¶

People also forget work profiles and device management. If your phone was used for work, remove the work profile or ask IT what they need. A managed device may have policies that affect wiping, activation, or ownership. And please, please don’t sell a company-owned phone because “they never asked for it back.” They might ask later, and that conversation won’t be fun. If it’s a personal phone with work email, just remove the work account before reset and make sure your employer doesn’t still list it as a trusted device.¶

Nope. Even if a trade-in store says they’ll wipe it, I wipe it first. Even if my cousin says “don’t worry bro,” I wipe it first. Even if the phone is broken, I try every reasonable method to erase it or remove it from my accounts. If the screen is dead but the phone powers on, a repair shop or USB-C display trick might help depending on the model. If it’s totally dead and full of sensitive data, I’d rather recycle it through a trusted program than sell it as-is. Maybe that sounds paranoid, but phones are too personal now. My old laptop from college had less of my life on it than my current phone has from last Tuesday.¶

And yeah, I still get excited about this stuff. Not “wow factory reset is glamorous” excited, obviously. More like, I love when regular people understand the systems enough to protect themselves. Tech can feel like magic until it breaks, then it feels like betrayal. Learning the wipe process turns it back into a tool. You don’t need to be a cybersecurity expert. You just need a calm checklist and maybe 30 minutes where nobody is yelling from the other room asking where the charger is.¶

If you remember nothing else, remember this order: back up, transfer your important apps, sign out and remove accounts, erase through Settings, then verify the welcome screen. Pull the SIM. Pull the SD card. Check cloud sessions after. That’s it. Not glamorous, but solid. I’ve sold enough phones now that the process feels almost cozy, like cleaning a desk before starting a new project. The old device gets a fresh start, the buyer gets a clean phone, and you don’t accidentally donate your digital life to a stranger named Brian.¶

Anyway, that’s my whole slightly obsessive phone-wiping routine. If you’re about to sell or trade in a device, take the extra time. Future-you will be grateful, and present-you gets to feel weirdly responsible for once. And if you like practical tech privacy stuff that doesn’t talk down to you, I’ve been finding myself poking around AllBlogs.in for more of these everyday tech rabbit holes.¶