How to protect your privacy when getting rid of old phones

Re-selling or even recycling an old phone can have security complications.

April 28, 2020, 7:55 AM

Every few years you face a dilemma: What to do with an old phone?

You can sell it or recycle it, but in a new experiment done by a data recovery company, those choices may have serious security complications if done improperly.

Ontrack, the world’s largest data recovery company, purchased 25 phones through EBay, Facebook Marketplace and other online phone resellers. Of the 25 phones, they found three with potentially damaging personal information.

A person uses their cell phone in this undated stock image.
STOCK/Getty Images

Engineer Steve Hruska shows us some of what was left on the devices.

“So, here we have his Hotmail account. I can request a password reset, I can set it to whatever I want. There is a lot of damage I can do on this phone.”

And the treasure trove for an identity thief extends way beyond an email account. Ontrack has found text messages, contacts, emails, paystubs, banking apps, Facebook accounts that are still logged in, passwords saved in a notes app and even some very personal photos. Steve explains he can access “all the photos from the camera roll that includes some risque photos.”

“Risque” is an understatement. One person in the Ontrack experiment sold their phone with nude pictures of themselves and others.

Why would someone do that? Probably because the screen was broken and they forgot what was on the phone, according to Hruska. When Ontrack purchased the phone with the nude photos, the screen wouldn’t turn on, but after plugging it into a computer, the engineers had full access.

The good news is that 22 of the 25 phones had the data completely wiped and inaccessible. All the phones bought from companies that specialize in refurbishing phones were properly erased.

Facebook and eBay remind customers to wipe their phones before selling them.

Regardless of whether you sell a phone yourself or you send it to a reseller, the proper way to protect yourself is to do a factory reset of the phone and erase all content. We’ve listed ways, recommended by experts, to factory reset and erase data for iPhones and Android phones, but if your phone won’t boot up or you can’t perform a proper reset, the experts at Ontrack suggest taking it to a reputable recycler like an Apple store.

For an iPhone: go to settings, general, reset and choose erase all content. If you can’t access the phone because of a broken screen, plug it into your computer. If your phone can power on and it automatically accesses your Wi-Fi, use your computer to log onto icloud.com/find. Sign in, locate your phone and choose the “erase the phone” option.

For Android devices, you can reset your phone in your device's settings app. There are step-by-step directions for how to reset an Android device on Google's support page.

If your device has an unusable screen, but boots up and can access Wi-Fi, you can try a remote erase using these steps listed on Google’s support site.

An undated stock photo of cell phones.
STOCK/Getty Images

Editor's Note: This story was originally published on November 28, 2018.