Selling your smartphone second-hand in South Africa - What you should know

Nobody Important

Executive Member
Joined
Feb 18, 2010
Messages
6,736
My initial reaction was going to be to say that factory-resetting your device is just common sense, but then again, common sense is not so common.

As for reselling, as long as you have your head about you, there is nothing wrong with selling directly. No cheques. Only cash or instant EFT if face-to-face. EFT if via classifieds like Carb etc. but payment must clear first before shipping item, unless the person is known to you of course.
 

Little Mac

Honorary Master
Joined
Jul 18, 2008
Messages
53,156
The same goes for recycling sims. If you chuck your pay as you go sim, don't forget to let all your whatsapp contacts know that your number will be changing, edit your whatsapp details (and apply a 2fa pin). Also make sure you reset all services that have your phone number as a recovery device to your new number.

I receive daily transaction SMS on my recycled Afrihost MTN modem from some poor chap who banks with FNB and no doubt if I stuck the sim into a phone, I'd probably see all his whatsapp contacts. I also get SMS from his friends trying to contact him.
 

Cleo_XIII

Active Member
Joined
May 14, 2020
Messages
32
A basic factory reset isn’t enough.
What they are referring to by a “full testing cycle” I am unsure because that refers to the testing of any new software before it is deployed(released) and has nothing to do with resetting a phone.

If anyone is super paranoid and unsure feel free to message me and I will gladly tell you how you can fully reset your phone and then make the data near impossible to recover. It’s generally a simple process But a factory reset alone will not achieve this
 

Little Mac

Honorary Master
Joined
Jul 18, 2008
Messages
53,156
A basic factory reset isn’t enough.
What they are referring to by a “full testing cycle” I am unsure because that refers to the testing of any new software before it is deployed(released) and has nothing to do with resetting a phone.

If anyone is super paranoid and unsure feel free to message me and I will gladly tell you how you can fully reset your phone and then make the data near impossible to recover. It’s generally a simple process But a factory reset alone will not achieve this
I have a suggestion.
Instead of communicating this in a PM, how about sharing it here once for everyone to benefit from ;)
 

Cleo_XIII

Active Member
Joined
May 14, 2020
Messages
32
I have a suggestion.
Instead of communicating this in a PM, how about sharing it here once for everyone to benefit from ;)

First is mostly Cos I wasn’t sure if anyone would be interested
Second is that, with their being a vast amount of different phones available typing out the different ways for every single model would not only be super lengthy but, as per the first, could be for naught. Lol

Guess this is one of those cases where I’d rather work smart, not (unnecessarily) hard.

EDIT: Also doesn’t have to be a PM. I’d be more than happy to respond anywhere public for the benefit of others.
Should it appear as though a one time post of sizeable length would be more beneficial and efficient, then I can do that too
 

Johnatan56

Honorary Master
Joined
Aug 23, 2013
Messages
29,464
A basic factory reset isn’t enough.
What they are referring to by a “full testing cycle” I am unsure because that refers to the testing of any new software before it is deployed(released) and has nothing to do with resetting a phone.

If anyone is super paranoid and unsure feel free to message me and I will gladly tell you how you can fully reset your phone and then make the data near impossible to recover. It’s generally a simple process But a factory reset alone will not achieve this
Just encrypt the device before factory reset, it will overwrite the original keys on the phone and then even if someone gets the data back, it will be useless.
Settings > Security > Encrypt phone (might have to hit advanced). By default most phones should already be encrypted. Usually done on first boot since Android 5.

You don't need to do anything besides factory reset.

EDIT:
Only clicked the article after writing the above, but in the article:
“All the phones that we deal with were originally shipped with full disk encryption, so behind the scenes when a reset is performed the master key for data is overwritten,” Copas said.

Do note this is what caused the entire fall-out in Android with manufacturers dropping system updates since lots of devices didn't support hardware level encryption and that was a requirement for Marsh mellow and up. It's why people think Android flagships never get updates.
 

Cleo_XIII

Active Member
Joined
May 14, 2020
Messages
32
Just encrypt the device before factory reset, it will overwrite the original keys on the phone and then even if someone gets the data back, it will be useless.
Settings > Security > Encrypt phone (might have to hit advanced). By default most phones should already be encrypted. Usually done on first boot since Android 5.

You don't need to do anything besides factory reset.

EDIT:
Only clicked the article after writing the above, but in the article:


Do note this is what caused the entire fall-out in Android with manufacturers dropping system updates since lots of devices didn't support hardware level encryption and that was a requirement for Marsh mellow and up. It's why people think Android flagships never get updates.

Indeed. But this is why I used the word “paranoid”. Because if you’ve followed the state of cryptography on Android, particularly over the last 4 years you may not be so trusting of the safety net it provides.
In my time doing mobile forensics I know I am not. Though I will also admit that I take a step or two above what may be considered necessary. But when I weigh that against the alternative I don’t really mind.
 

Johnatan56

Honorary Master
Joined
Aug 23, 2013
Messages
29,464
Indeed. But this is why I used the word “paranoid”. Because if you’ve followed the state of cryptography on Android, particularly over the last 4 years you may not be so trusting of the safety net it provides.
In my time doing mobile forensics I know I am not. Though I will also admit that I take a step or two above what may be considered necessary. But when I weigh that against the alternative I don’t really mind.
You said that after saying a basic factory reset isn't enough, re-read what you've written.
 

Cleo_XIII

Active Member
Joined
May 14, 2020
Messages
32
But can you tell us what is?
Yeah sure sorry
It depends on the phone in some cases but it’s usually just a case of a factory reset, two reboots, then lower level format (using the button combination to boot into recovery and reset from there) followed by another 2 reboots.

Usually after the lower level format I do a software reload or in the case of iPhones boot into DFU then reload.
That’s generally a good way to ensure the both the ram as well as the disk are not holding any remnants of Data or any leftover Keys.

Edit: If your phone is on Oreo (8.0) and up then disk encryption will be suffice but 7.0 and down (Which is a very many phones in SA) is a bit sketchy so the double double is recommended.

This all primarily has to do with the flash memory, not the storage as due to the way flash is handled in terms of how often blocks can be overwritten, some keys, including your Google login token, aren’t cleared by a factory reset
 
Last edited:

MeestaR

Expert Member
Joined
Sep 17, 2016
Messages
1,417
What I usually will do when I want to start over with the device (to sell it, give away etc), is to factory reset the device, via the OS Settings, boot to recovery (if possible) do a factory reset there, and then flash the original firmware from the manufacturer (LG, Samsung, etc)
Should be enough?
 
Top