Does a Factory Reset Delete Everything? What Actually Gets Wiped (and What Survives)

Does a factory reset delete everything? On an encrypted phone, basically yes — but your cloud accounts, activation lock, and SD card survive it. Here's the real deal before you sell or recycle.
A modern smartphone wrapped in a metal chain and secured with a combination padlock on a wooden desk, symbolizing locking down phone data before a reset

Table of Contents

You’re about to hand your old phone to a buyer, a family member, or a recycling kiosk, and one nagging question stops you cold: does a factory reset delete everything, or is some stranger going to scroll through your photos next week? Here’s the honest answer that most listicles bury: on any modern, encrypted phone, a factory reset is genuinely a secure wipe — but “everything” is doing a lot of heavy lifting in that question. The reset nukes what’s stored on the device. It does not touch your cloud, it does not always release the digital handcuffs that lock the phone to your account, and it flat-out ignores anything on a memory card. That gap between “the phone is wiped” and “your data is safe” is exactly where people get burned.

Key Takeaways
  • On a modern encrypted phone, a factory reset works by destroying the encryption key — so your leftover data becomes mathematically unreadable noise, not something a thief can just “undelete.”
  • The “factory reset doesn’t really delete anything” scare is a leftover from pre-2015 unencrypted phones and old spinning-disk PCs; it does not describe the iPhone or Android in your pocket today.
  • A reset does NOT sign you out of iCloud or Google, does NOT remove Activation Lock or Factory Reset Protection, and does NOT wipe a microSD card — those all survive and can brick the phone for a buyer or leave data behind.
  • iPhones crypto-erase instantly and reliably; older or budget Androids are the only devices where a reset might leave recoverable data, and only if encryption was never on.
  • Before you sell, the order matters: back up, sign out of every account, pull the SIM and SD card, then reset — and confirm it boots to the setup screen.

What a Factory Reset Actually Does Under the Hood

Most people picture a factory reset as a tiny robot arm scrubbing every bit of storage clean, one by one. That’s not what happens, and understanding the real mechanism is the whole ballgame here.

Every iPhone since 2014 and effectively every mainstream Android since 2015 encrypts your data by default. The moment a photo or text hits the storage chip, it’s already scrambled with a hardware-bound AES key you never see. When you tap “Erase All Content and Settings,” the phone doesn’t laboriously overwrite 128 gigabytes of files — it throws away that one encryption key. This is called crypto-erase, or cryptographic erasure, and it’s the reason a reset finishes in seconds instead of hours. Kill the key, and the billions of encrypted bits still sitting on the chip turn into useless static. There is no “undelete” for data you can’t decrypt.

This isn’t a marketing shortcut, either. The U.S. National Institute of Standards and Technology (NIST) formally recognizes cryptographic erasure as a legitimate media-sanitization method in Special Publication 800-88, the government’s own guideline for securely retiring storage. When the standard that federal agencies use to decommission drives says “destroying the key counts as erasing the data,” you can stop worrying that a corner store phone-flipper is going to resurrect your bank app.

Keep in mindThe key that gets destroyed is typically AES-256. Brute-forcing a 256-bit key isn’t “hard” — it’s beyond the reach of every computer on Earth combined running until the heat death of the sun. That’s the actual math protecting your wiped phone, not luck.

What a Factory Reset Deletes and the Things It Quietly Leaves Behind

A hand holds a smartphone showing a settings menu with Account Settings and Accounts options, the kind of linked accounts a factory reset does not sign out of
Here’s the thing a reset can’t do for you: those linked accounts on the settings screen stay logged in on the server side. Signing out is a separate, manual step before you sell.

So the on-device wipe is solid. The trouble is that people assume a factory reset resets your entire digital life, and it absolutely does not. It’s a local operation with a very specific blast radius. Here’s what slips right past it — and each of these has bitten real sellers.

Your Cloud Accounts and Their Backups

Wiping the handset does nothing to the copies living on Apple’s or Google’s servers. Your photos, contacts, and messages are still sitting in iCloud or Google One, fully intact, tied to an account you’re still logged into. That’s usually a good thing — it’s how your stuff reappears on your next phone. But if you’re offloading a device because you’re worried about privacy, remember the reset only cleared the local mirror. The master copy in the cloud is untouched and stays exactly where it was.

Activation Lock and Factory Reset Protection

This is the one that turns a resale into a nightmare. Both Apple’s Activation Lock and Android’s Factory Reset Protection (FRP) are anti-theft features that survive a factory reset on purpose. If you wipe the phone without first signing out of your account, the device boots back up and demands your Apple ID or Google password before anyone can set it up. You’ve handed the buyer an expensive paperweight, and you’re now fielding angry messages to remote-unlock it.

The catchOn iPhone, the release valve is Settings > [your name] > Find My > Find My iPhone, toggled off with your Apple ID password — do this before the erase, or make sure you erase while signed in so iOS clears the lock for you. On Android, remove your Google account under Settings > Accounts first. Skip this and the reset technically “worked” while leaving the phone locked to you forever.

microSD Cards and External Storage

A factory reset wipes the phone’s internal storage. It does not, in the standard configuration, wipe a microSD card, and on most Androids that card was never encrypted in the first place. Photos, downloads, and app data written to removable storage sit there in plain, recoverable form after the reset finishes.

Watch outThe one exception is Android’s “adoptable storage,” where a card is formatted as encrypted internal storage and is crypto-erased with the phone. But that’s opt-in and uncommon. Assume your card is readable and physically pull it before the device leaves your hands.

Your SIM, eSIM, and Carrier Details

The physical SIM card is its own little storage chip — on many phones it still holds contacts and can carry SMS data, and it identifies your line to the carrier. A factory reset doesn’t eject it. If your phone uses an eSIM instead of a physical SIM, the digital profile can linger after a reset too, which is why carriers ask you to delete or transfer the eSIM before you pass the device on.

Logged-In Apps and Security Tokens

Here’s a subtle one. The reset clears app data locally, but the sessions and secrets those apps represent live elsewhere. Your two-factor authenticator seeds, if not backed up, are simply gone (locking you out of your own accounts). Meanwhile streaming, banking, and social apps may still count that device as “trusted” on the server side until you actively deauthorize it. A wipe is not the same as logging out everywhere.

Can Someone Recover Your Data After a Factory Reset?

Now for the question that launched a thousand panicky Reddit threads. The short version: on an encrypted device, no — and that’s not optimism, it’s cryptography. Recovering crypto-erased data means recovering the deleted key, and the key is gone from the secure hardware that held it. Forensic recovery tools can pull “deleted” files off storage all day long, but every one of those files is still encrypted with a key that no longer exists.

So where did the myth come from? It’s real history, just outdated. Back in 2014, security firm Avast bought 20 used Android phones off eBay and recovered more than 40,000 photos, along with emails and texts, from devices their previous owners believed were wiped. A year later, University of Cambridge researchers Laurent Simon and Ross Anderson showed that the factory reset on older Android versions (roughly 2.3 through 4.3) failed to fully sanitize storage on an estimated 500 million devices. Those findings were legitimate and alarming — but they describe phones from the pre-encryption era, where “reset” meant deleting file pointers rather than destroying a key. That’s the origin of the fear, and it’s precisely the flaw that default encryption closed.

NoteThe dividing line is encryption, not the reset button. If a device was encrypted before you wiped it, recovery is off the table. If it somehow wasn’t — a decade-old Android, or storage where encryption was manually disabled — a reset only removes the filing system’s index, and the underlying data can be carved back out with off-the-shelf forensic software. When in doubt, encrypt first, then reset.

For anyone genuinely curious about how investigators pull data off devices in the lab, our deep dive on mobile device forensics walks through the tools and their very real limits against modern encryption.

iPhone vs Android and Whether They Wipe the Same Way

They land in the same place, but they don’t get there identically, and the differences matter if you own both.

On iPhone, hardware encryption has been standard since the iPhone 3GS in 2009, and since the Secure Enclave arrived with the iPhone 5S in 2013 those encryption keys have lived in dedicated, tamper-resistant hardware. “Erase All Content and Settings” tells the Secure Enclave to obliterate the key stored in dedicated “effaceable storage,” which is why an iPhone wipe is both instant and, frankly, bulletproof. Apple documents this behavior openly in its Platform Security guide. There is essentially no consumer scenario where a properly erased modern iPhone gives up its data.

Android gets to the same crypto-erase outcome, but the road is bumpier because Android is not one device — it’s thousands. Google made full-device encryption the default in Android 6 (2015) and moved to more granular file-based encryption in Android 10. On a Pixel, Samsung, or any recent mainstream handset, a factory reset crypto-erases exactly like an iPhone. The asterisk is the long tail: ancient budget handsets, obscure off-brand tablets, or devices where someone disabled encryption are the only places the old “recoverable after reset” problem can still theoretically live. For 99% of phones sold in the last several years, the answer is the same on both platforms — the data is gone.

Should You Factory Reset Your Phone Before Selling It? A Security-First Checklist

Yes — but a bare reset isn’t the finish line, it’s step five. Do these in order and you close every gap we’ve covered: the local wipe, the account handcuffs, and the physical media a reset ignores.

Step 1 — Back Up Everything You Want to Keep

Before you erase, make a full backup to iCloud, Google, or a computer, and confirm it actually completed. Crypto-erase is permanent — there’s no “oops” recovery afterward. If you’re moving to a new device, this is also the moment to transfer your data cleanly so nothing important rides off with the old phone.

Step 2 — Sign Out of Every Account and Kill the Activation Lock

This is the step that saves you from bricking the phone for the next owner. On iPhone, turn off Find My iPhone and sign out of your Apple ID. On Android, remove your Google account so Factory Reset Protection doesn’t lock the buyer out. Do this before the reset, not after.

Step 3 — Remove the SIM and the microSD Card

Physically eject the SIM (or delete the eSIM profile through your carrier) and pull any memory card. Remember, the reset never touches these, and the card is very likely unencrypted. Two seconds with a paperclip closes a real data leak.

Step 4 — Deauthorize Your Sensitive Apps

Log out of banking, streaming, and social accounts, and move your two-factor authenticator seeds to your new device first. This unlinks the phone from services that still trust it server-side and prevents you from locking yourself out of your own 2FA.

Step 5 — Run the Factory Reset and Verify It

Now erase the device. When it reboots, it should land straight on the language/”Hello” setup screen with no request for your old account credentials.

TipThat clean setup screen is your proof, not just a formality. If the phone instead asks for the previous Apple ID or Google password, Activation Lock or FRP is still engaged — stop, restore, sign out properly, and wipe again before it leaves your possession.

While you’re locking down your privacy, it’s also worth removing yourself from data broker sites, because the phone was never the only place your personal information lived.

The Bottom Line on Factory Resets and Your Data

Strip away the scare-tactic headlines and the answer is refreshingly clear. On the phone you actually own today, a factory reset does delete everything that matters locally, and it does so with cryptography strong enough to satisfy federal sanitization standards. The reset isn’t the weak link. You are — or rather, the accounts, locks, and memory cards you forget to handle are. Treat the reset as the last step in a short checklist rather than a magic “make my data disappear” button, and you can sell, gift, or recycle any device with total confidence.

Frequently Asked Questions

Does a factory reset delete everything on my phone permanently?

On any modern encrypted phone, yes — the on-device data is permanently and irreversibly gone, because the reset destroys the encryption key that made your files readable. What it does not delete is anything stored outside the phone: your iCloud or Google cloud backups, and any files on a microSD card. Those survive the reset completely.

Can data be recovered after a factory reset?

Not from an encrypted device, which is every mainstream phone made in roughly the last decade. Recovery would require the deleted encryption key, and that key is wiped from secure hardware. Data recovery is only realistic on very old, unencrypted phones or storage where encryption was manually turned off — the exact scenario behind those “recovered 40,000 photos” news stories from 2014.

Does a factory reset remove the Google account or Apple ID?

No, and this trips people up constantly. A factory reset does not sign you out of your Google or Apple account, and it does not remove Factory Reset Protection or Activation Lock. If you don’t manually sign out before wiping, the phone will demand your old password on setup and be unusable for the buyer. Always remove the account first.

Should I factory reset my phone before selling it?

Yes, but do it as the final step after backing up, signing out of all accounts, removing the SIM and SD card, and deauthorizing sensitive apps. A reset alone leaves your cloud accounts logged in and can lock the device to you via anti-theft features. The full checklist — not just the reset — is what makes a resale safe.

Does a factory reset delete everything on an SD card too?

Usually no. A standard factory reset wipes only the phone’s internal storage and ignores a removable microSD card, which on most Androids isn’t even encrypted. The only exception is Android’s “adoptable storage” mode, where the card is treated as encrypted internal storage. Unless you deliberately set that up, physically remove the card before parting with the phone.

About TechDaily.AI

TechDaily.AI helps you make smarter technology decisions. From enterprise AI and cybersecurity to the latest smart-home gadget, EV, or AI app, we research the details, cut the hype, and explain what’s actually true — and what it means for you.

Share this Post:

Related Posts

Scroll to Top
Receive the Latest Podcast Right in Your Mailbox

Subscribe To Our Newsletter