
The trade-in offer says your three-year-old phone is still worth real money, and the buyer wants it this week. Fair enough. But think about what that device currently holds: your banking app, your email, the text-message codes that unlock both, years of photos, saved passwords, and the digital keys to most of your accounts. Handing that to a stranger with a half-done cleanup is how a $200 trade-in becomes an identity theft case.
The good news is that wiping a phone properly is a 30-minute job with a clear checklist. The Federal Trade Commission lays out the core steps in its guide to removing your personal information before you get rid of your phone. Here is that checklist, expanded, in the order that avoids locking yourself out of your own accounts.
Back it up before you touch anything
Everything else goes smoother if you start with a full backup, whether you are selling, trading in, or donating. Use the built-in cloud backup or plug into a computer, and confirm the backup finished before proceeding. You will restore from it when you set up the new phone, and it is your safety net if you later realize a two-factor app or a stray document lived only on the old device.
Untangle your accounts while the phone still works
This is the step people skip, and the one the FTC specifically flags: if you use multi-factor authentication, remove the old phone from the list of trusted devices on those accounts before you erase it. Move authenticator apps to the new phone first, since some generate codes that exist only on that one device. Then sign out of email, banking, social media, and shopping apps, and unpair any watches, cars, or smart-home gear tied to the handset. Doing this while the phone is alive and in your hands is easy. Doing it after it is in someone else’s hands is not.
Pull the cards out
If the phone has a physical SIM card, remove it; it can carry contacts and other personal data, and the number is yours, not the buyer’s. If your line uses an eSIM, transfer or deactivate it through your carrier when you activate the new phone, and make sure the old profile is erased as part of the reset. If there is a microSD storage card in the tray, take it out too. Storage cards full of photos have a way of riding along to the next owner.
Do the reset that actually erases
Now, and only now, run the factory reset from the phone’s settings. On a modern iPhone or Android device the storage is encrypted, so a factory reset destroys the keys and renders your data unrecoverable in practice; deleting apps or photos by hand does nothing of the sort. As the FTC notes in a consumer alert on phone upgrades, restoring factory settings is what actually clears account numbers, passwords, messages, and photos from the device.
One critical companion step: sign out of the phone’s central account, Apple ID on iPhones or the Google account on Android, and turn off activation locks such as Find My iPhone. A reset done while those locks are on leaves the phone useless to the buyer, and trade-in programs will reject it or zero out your credit. The proper sequence, sign out first and then reset, satisfies both your privacy and their checklist.
Sell through channels with recourse
Where you sell matters less than how you get paid. Carrier and manufacturer trade-in programs and established buyback services publish their prices and pay through traceable methods. If you sell person to person, be wary of overpayment and fake payment confirmation screenshots, insist on cleared funds, and never ship a phone on a promise. A wiped phone protects your data; a sensible sale protects the money.
If you already sold it without doing this
Do not panic, but move quickly. Change the passwords on your primary email account first, since it can reset everything else, then banking and any account that was logged in on the device. Remove the old phone from each account’s trusted device list, revoke its sessions, and turn on multi-factor authentication anywhere it was off. Watch your statements for a few weeks. If you see signs that someone is actually using your information, report it and get a recovery plan at the FTC’s IdentityTheft.gov.
Two housekeeping notes before the handoff. Everything above applies equally to tablets, smartwatches, and e-readers, which hold the same logins and get sold with far less caution. And if the phone is too old to sell, do not toss it in the trash: wipe it exactly the same way, then hand it to an electronics recycler or a carrier take-back bin, since a “dead” phone in a landfill dumpster is still a readable phone to someone determined enough.
An old phone is the densest concentration of personal data most people ever hand to a stranger. Treat the wipe with the same seriousness you would give shredding a box of financial statements, and the trade-in becomes exactly what it should be: found money, and nothing more.
Leave a Reply