Selling Your Old Smartphone? Not Smart

It has become standard practice to upgrade to a newer device, and people often sell, donate, or discard the old one. Or maybe you’ve received a new computer or mobile phone as a holiday gift and need to get rid of the old one. You consider selling them so you can get some money back—maybe to purchase your newest device, but is this really worth it?

After what I’ve seen, I don’t think so. I conducted a test where I purchased a bunch of used devices off of Craigslist and eBay to see if I could still find personal data on the devices. I found a startling amount of personal data including photos, phone numbers, addresses, emails, text messages and even passwords.

While most of us would think we were safe if we did a factory reset on our mobile device, we also need to remember to remove or wipe any media like internal drives, SD cards, and anything else that stores data really should be destroyed. And for Android phones, even though some of the phones had done a factory reset, I was still able to find data on them. Furthermore, after having spent a few months working with a forensics expert, I’ve come to the conclusion that even if you wipe and reformat a hard drive, you may still miss something.

So whether you destroy your smartphone with a sledgehammer, use a drill press to turn it into swiss cheese, or use a hack saw to chop it into pieces, and then drop those pieces into a bucket of salt water for, oh, say a year, just to be safe, for your own good, don’t sell it on eBay or Craigslist. Yes, this will not provide much help for resale value, but you’ll have some fun and know that your information is safe.

Robert Siciliano is an Online Security Evangelist to McAfee. Watch him discussing information he found on used electronic devices YouTube. (Disclosures)