Selling Your Old Smartphone? Not Smart

It has become standard practice to upgrade to a newer device, and people often sell, donate, or discard the old one. Or maybe you’ve received a new computer or mobile phone as a holiday gift and need to get rid of the old one. You consider selling them so you can get some money back—maybe to purchase your newest device, but is this really worth it?

After what I’ve seen, I don’t think so. I conducted a test where I purchased a bunch of used devices off of Craigslist and eBay to see if I could still find personal data on the devices. I found a startling amount of personal data including photos, phone numbers, addresses, emails, text messages and even passwords.

While most of us would think we were safe if we did a factory reset on our mobile device, we also need to remember to remove or wipe any media like internal drives, SD cards, and anything else that stores data really should be destroyed. And for Android phones, even though some of the phones had done a factory reset, I was still able to find data on them. Furthermore, after having spent a few months working with a forensics expert, I’ve come to the conclusion that even if you wipe and reformat a hard drive, you may still miss something.

So whether you destroy your smartphone with a sledgehammer, use a drill press to turn it into swiss cheese, or use a hack saw to chop it into pieces, and then drop those pieces into a bucket of salt water for, oh, say a year, just to be safe, for your own good, don’t sell it on eBay or Craigslist. Yes, this will not provide much help for resale value, but you’ll have some fun and know that your information is safe.

Robert Siciliano is an Online Security Evangelist to McAfee. Watch him discussing information he found on used electronic devices YouTube. (Disclosures)

1 reply
  1. Colin Hall
    Colin Hall says:

    Good advice. We’re presently under a near constant spam attack from a friends mobile right now. He dropped his phone into a charity box after upgrading and forgot to remove his sd card. He tried to track the device back through the charity with no luck. So, here we are a month on and we’re receiving 10 – 20 emails from his phones email account per day with links to virus sites …

    It just takes a moment of thoughtlessness for this kind of thing to happen. Although I don’t agree with mashing your old phone to bits, certainly taking some time to make sure that you have removed all personal data is just common sense.


    Colin from House Protectors 🙂


Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published.