How To Factory Reset Mobile Phone Securely Before Selling

Selling your old smartphone requires more than tapping “Factory Reset” in settings. Modern devices store sensitive data across multiple partitions, and a simple reset does not guarantee complete data destruction. This guide covers the technical steps to securely wipe Android and iOS devices, verify deletion, and ensure your personal data cannot be recovered.

Understanding Mobile Storage Architecture

Before wiping a device, understand how data is stored. Smartphones use flash storage (NAND or UFS) organized into partitions:

User data partition (/data): Contains apps, photos, messages, credentials
System partition (/system): Operating system files
Recovery partition: Contains recovery mode software
EFS partition (Android): Stores IMEI and network keys
Secure Enclave (iOS): Hardware-encrypted key storage

A standard factory reset primarily erases the user data partition pointers, marking space as available for overwriting. The actual data remains until new data overwrites it. This is why forensic tools can recover data from improperly wiped devices.

Android: Secure Factory Reset Process

Step 1: Encrypt the Device (Pre-Reset)

Encrypting the device before resetting adds a critical layer of protection. Even if partial data is recovered, it will be cryptographically unintelligible.

# On Android, enable encryption in Settings:
# Settings → Security → Encrypt Phone
# Or via ADB for advanced users:
adb shell sm encryptable /data

Full disk encryption (FDE) or file-based encryption (FBE) ensures that reset data remains scrambled.

Step 2: Perform Factory Reset via Recovery Mode

Android’s built-in reset can be inconsistent across manufacturers. Using recovery mode provides more reliable results:

Power off the device completely
Press and hold Power + Volume Down (varies by manufacturer)
Select Recovery Mode
Choose Wipe data/factory reset
Select Wipe all user data or Format data (if available)

For devices with Android 10+, use File-Based Encryption. Select the option to format rather than just wipe.

Step 3: Verify Encryption is Active Post-Reset

After reset, boot into recovery again and check if encryption is still prompting. If the device asks for a password or shows encrypted storage, your previous encryption keys are gone—good sign.

# Check encryption status via ADB (requires root on some devices)
adb shell
$ su
$ vdc volume get EncryptionState

iOS: Secure Factory Reset Process

iOS devices with Secure Enclave provide hardware-level encryption, but proper reset procedure is still essential.

Step 1: Disable Find My and iCloud

This is mandatory. A device with Find My enabled cannot be properly activated after reset.

# On the device:
# Settings → [Your Name] → Find My → Find My iPhone → OFF
# Settings → [Your Name] → iCloud → Sign Out

Step 2: Erase All Content and Settings

iOS offers a built-in secure erase:

Go to Settings → General → Transfer or Reset iPhone
Select Erase All Content and Settings
Enter passcode if prompted
Confirm erasure

This process sends a command to the Secure Enclave to delete encryption keys, making all data permanently unrecoverable.

Step 3: Verify via DFU Mode (Advanced)

For maximum certainty, perform a Device Firmware Update (DFU) restore:

Connect device to computer with Finder/iTunes
For iPhone without Home button: Press Volume Up, then Volume Down, then hold Power until screen goes black
Continue holding Power + Volume Down for 5 seconds
Release Power while holding Volume Down until iTunes detects recovery mode
Restore the device through iTunes/Finder

This completely rewrites the firmware and all partitions.

Cross-Platform Verification Techniques

After resetting, verify data destruction:

Forensic Recovery Test

If you have technical capability, attempt recovery using tools like:

# Using TestDisk for partition analysis
# (Requires device storage read via JTAG or chip-off)
testdisk /dev/sdX

# Using PhotoRec for file carving
photorec /dev/sdX

Successful recovery indicates incomplete wipe. Modern encrypted devices should show no recoverable personal data.

Check Available Storage

After reset, the reported storage should show near-full capacity available:

# On Android (via ADB when booted)
adb shell
$ df -h /data

If /data shows minimal usage (less than 1-2GB on modern devices), the wipe was effective.

Boot Verification

A properly wiped device should:

Present fresh setup wizard on first boot
Not retain any installed apps
Show no traces of previous accounts (unless MDM enrolled)

Advanced: Encrypt-and-Wipe Method

For maximum security before selling, perform an encrypt-then-wipe:

Enable maximum encryption on the device
Fill storage with dummy data to overwrite all blocks
Factory reset

This technique ensures that even if some unencrypted blocks remain, they contain meaningless dummy data.

# Fill storage via ADB (requires root)
adb shell
$ su
$ dd if=/dev/zero of=/sdcard/fillfile bs=1M count=10000
$ rm /sdcard/fillfile

Repeat this process 2-3 times for better coverage, though modern encryption makes single-pass overwrite sufficient.

Additional Considerations

Remove SD Cards and SIM Cards

Always physically remove and retain:

SIM cards: Contain carrier keys and contacts
SD cards: May contain recoverable data even after phone wipe
eSIM profiles: Delete via Settings → Cellular → Remove Cellular Plan

Unlink Accounts

Before wiping, ensure these are removed:

Google account (Android)
Apple ID (iOS)
Samsung/Huawei/Xiaomi cloud accounts
Any third-party services with device sync

Factory Reset Protection (FRP)

Understand FRP:

Android: Google FRP asks for previous account after reset—ensure you know credentials or device is removed from your Google account
iOS: Activation Lock requires previous Apple ID—disable Find My before selling

Built by theluckystrike — More at zovo.one