5 key steps to take before you sell an old smartphone

Selling a used phone is a great way to make some extra cash, but it's important to delete all of your personal or corporate data before you do. These five tips from an IBM security pro can ensure you know how to remove sensitive information.

samsung galaxy s6 edge white
Credit: Brian Sacco

Today's smartphones are far too expensive to simply discard when you buy a new one. Lots of people sell their phones when they no longer need them or pass them on to friends or family members. However, many of those people don't properly manage the personal and business data left on those old phones.

It's not particularly hard to secure a smartphone before you discard it, but all too many people fail to take the process seriously. Reputable companies that buy used smartphones, such as Gazelle and Nextworth, promise to wipe them clean, but there's no guarantee that even well-intentioned third parties will take security as seriously as you should, according to David Lingenfelter, MaaS360 information security officer at IBM Security. "There's simply no way to be sure," he says.

It's bad enough to leave personal information on an old phone, but if you allow corporate data to remain on a phone you're responsible for and it falls into the wrong hands, you could self inflict some serious career damage. Here are five tips from Lingenfelter that make it simple to securely wipe the data from your old smartphone. 

5 tips to secure a used smartphone before you ditch it

1) Back it up

First, back up everything on your phone before you delete your data. This one is obvious, but it's easy to forget. After you wipe the phone, the data is gone unless you backed it up.

2) Notify IT

If the phone was a BYOD device, or if it connected to corporate resources, notify your IT department that you're going to sell or otherwise get rid of the device. Chances are they'll wipe it for you. They'll also likely remove all the corporate apps and data.

3) Do a wipe or reset

Even if IT performs a remote wipe, there may still be personal data on the phone. If it's an iPhone, go to Settings > General > Reset > Erase All Content and Settings. If your phone is an Android, doing a "factory reset" will restore the original settings but won't always wipe all of your data. Before you perform the reset, encrypt your data — the option should be in Settings > Security > Encrypt phone — then do the reset.

4) Don't forget the memory and SIM cards

If your phone has an SD card you used to store data, remember to remove it before you get rid of the phone. Apple iPhones also have mini SIM cards that hold data, so you should remember to remove the SIM, as well.

5) Don't share user accounts

If you're turning the phone over to a family member, Lingenfelter says you should make sure they create their own Apple or Google account. "Sharing user accounts across devices and applications could lead to a data leak through someone else's device," he says.

Download the CIO October 2016 Digital Magazine
View Comments
Join the discussion
Be the first to comment on this article. Our Commenting Policies