Mobile Device Guidance
Advice for IT admins and individuals on the secure removal of data or malware from smartphones, tablets, laptops and desktop PCs
This article explains the options available when you want to make sure that your content, or some malware, is thoroughly wiped from a device.
Erasing mobile devices
Our devices contain more work, personal, and financial data than ever before. So it's essential we can remove all this data if we suspect they've been lost, stolen or hacked, (or if we simply want to re-issue them to another user).
However, because of the way data storage on devices works, simply deleting files is often not enough to prevent this data from being recovered. Similarly, if the device has been infected with malware, running an antivirus scan or deleting the app causing the infection might not be enough to completely remove the infection.
Why use secure erase?
You may need to wipe your device if you:
- are selling it (or giving it to a family member or friend)
- think you've lost it (or it's been stolen) and you want to erase it remotely.
- suspect it has viruses or malware and you need to disinfect it
- are returning it to the manufacturer (for repair or replacement)
- are re-purposing it so another member of staff can use it
- are preparing a device you've recently acquired so that you know it's in a good state before you start using it
Note: The methods described here will prevent almost everyone from recovering data. However, these methods do not guarantee complete removal; a determined expert, using specialist techniques, may be able to recover some of it in some circumstances. If you want to completely erase a device so there is no chance of data being recovered, or your organisation's policy requires it, please refer to our guidance on Secure sanitisation of storage media. Note that some of the methods described there are destructive, so you may not be able to use the device afterwards.
Preparation for secure erasure
Before you start the process of erasing data, there are a number of things you need to consider.
Back up your important data
The most convenient way of securely erasing mobile devices is to use the built in Restore, Factory Reset, or Erase all content and settings feature of your device. The exact name of the feature depends on which type of device you have. However, these features will erase all content from your device - including messages, contacts and photographs - so you'll want to make sure you have a backup of all your important data first.
If things go wrong
In nearly all cases, this kind of factory reset is all you'll need to do. However, if something goes wrong (such as the device failing to start up correctly afterwards) then this might not be an option. In those cases, you might need to re-install the operating system on your devices. This is an advanced task and should only be tried if you know what you are doing. We've included links to some guides online at the end of this article.
Remotely erasing lost devices
If you've lost your device or it has been stolen, then there may be options to remotely erase your device. This is typically part of your device's cloud services, or part of your organisation's mobile device management services, so might not be available to you if you've not used either of these.
Selling used devices
If you are planning on selling your device, you may also need to disable activation lock (iOS) or factory reset protection (Android)so that the recipient is able to use the device.
How to securely erase mobile devices
Back-up data, passwords and credentials
If you want to securely erase your device, firstly you'll need to make backups of all the important data on the device. Much of this data may already be stored in online cloud services or your organisation's servers, so this might not be a difficult task. However, you'll want to make sure that you have the passwords and other credentials for these services available so that you're able to log in after the device has been erased.
Choose from secure, remote and advanced options
If the device or devices have been enrolled into your organisation's mobile device management (MDM), you can send the device a remote wipe command. This will cause the device to securely erase itself – if it’s turned on and has a data connection.
If you've previously signed into a built-in cloud account on the device, then you can log back into that account from another computer to also send a remote wipe command.
Without MDM or cloud accounts, you will need physical access to the device. The table below has details on the approaches you can use in either case. There are also links to the guides on the exact process, for each major Operating System (OS.) Typically, erasure takes a few minutes, though on older devices it can take an hour or so.
If you are selling, giving away, or trading in your device then you should follow the Recommended secure wipe for your particular device.
If your device has been lost or stolen, follow the Recommended remote wipe.
If you want to attempt to fully remove any malware from your device you may wish to consider some of the Advanced options.
In any case, if you want to be completely certain that data cannot be recovered, also consult the NCSC guidance on Secure sanitisation of storage media.
| Device type | Recommended secure wipe | Recommended secure remote wipe | Advanced options |
|---|---|---|---|
| Android | Erase all data (factory reset) | Android remote erase or MDM | Re-install Android using stock images available from some OEMs, e.g.Google,Sony |
| Chrome OS | Reset to Factory Settings | MDM | Recover your Chromebook |
| iOS | Erase all content and settings | Find my iPhone or MDM | DFU mode restore (PDF) |
| macOS | Manually erase your hard disk, choosing the Secure erase option | Find my iPhone or MDM | |
| Windows | Reset your PC, choosing the Remove everything option | Use MDM if using MDM-managed Windows | Use Recovery drive or Installation media to reset your PC, choosing the Remove everything option; or clear your TPM |
Once erased
Once your device has been securely erased, you can follow the set-up process to get back working again, or pass the device on knowing that the data will not be recovered.
Technical notes
For Mac devices
For Mac devices without the T2 security chip, if encryption was not enabled before the device was first used, it cannot be guaranteed that the secure erase will remove all sensitive data so that it cannot be recovered. In these cases, NCSC media sanitisation guidance should be followed.
For both devices with and without the T2 security chip, you should consider erasing and re-flashing the device firmware.
More Stories
Contact us for all your cyber security needs
We would love to work with you to make your digital life easier.
Contact Us