If I am going to leave a device at a repair shop, what considerations should I make?

What do you want advice about?
I would hope that most repair shops are trustworthy and will only work on the problems they identify, but I figure the possibility is there for them to look at the data on the device. What precautions should I take if I need to get my device repaired?

What have you considered or looked at already?
As of now I figured the main thing to do is back up your device and factory reset it. That way it’s like you’re handing over a new device. Then, once it’s fixed, I restore from my backup.

In brief, tell us about your privacy threat model?
My threat model is somewhat basic. I just want to keep my data safe from folks who would actively take advantage of it to either harm me or leave me in a vulnerable position for personal gain. I try to do more where I can, but I know it’s more nice-to-have for me.

I would say backup + factory reset is always the superior option.

Some tips that you may find useful:

  • Newer devices come with a feature called “Repair Mode” that’s specifically made to address this issue, make sure to toggle it.

  • If you don’t have time to wipe the device, make sure to enable full disk encryption (sometimes called secure boot), or/and to encrypt any data you might find sensitive and to turn off your phone before handing it to a technician as that stops them from having access to the data (provided the phone doesn’t need to be turned on for testing)

  • Remove all accessories including your SIM card, any external storage and your phone case.

  • In order to avoid any risk of misplacing your device, it is a wise decision to note down your IMEI number.

  • Remove Google Account & Disable Factory Reset Protection after the factory reset.

3 Likes

You shouldn’t need to reset the phone as Android and iOS have encryption enabled by default. As long as you don’t give them the pin you are fine. If they need it for testing purposes, make a new Android user (not an option on iOS) and give them the pin for that, you can delete this user after

1 Like

Dang, both very helpful! I forgot that profiles are encrypted on Android when it’s locked.

I’d say, do the repair yourself. If you are already invested in privacy then learn everything yourself and do it yourself! I found myself in the same situation but for other reasons, I wanted to leave my phone at a phone repair shop in order for them to remove some hardware components like the microphones, cameras and sensors. When I asked them about it they all were surprised and probably thought I was a criminal. This lead me into research so I did everything myself and bought myself an ifixit kit, now I repair my own phones and even the phones of my family members. :slight_smile: Everything that a repairshop guy does, you can also do ;).

This is definitely an option, although I wouldn’t recommend to repair your own phone if you haven’t practised on old/less important devices.

For @InternetGhost:
This time I would go to a repair shop and follow the advice Tony and I have given.
For the future you could try learn how to repair things. Start with old things you may still have but don’t use, then, if your phone breaks again you should be able to repair it. https://www.ifixit.com/ has some good guides for a lot of devices so check there to get started

A few ideas:

  1. Make a new profile
  2. Boot the device into safe mode (unless you have a Google/Apple account signed in)
  3. Remove your SIM card
  4. You can use your Google Find My Device or Apple Find My iPhone (depending on which phone you have) to locate your device and remotely wipe it.
  5. Make sure any important data (photos, documents) are backed up offsite, like on a USB drive at home or in the cloud. If you have 2FA App Tokens on the device, make sure those are encrypted in storage, and you have recovery options set on your accounts in case you need to wipe your device.

Its best if you remove any important data and TOTP tokens from your phone before you give it to the repair shop. And then add your data back after you get your device back. If you think the repair shop may have installed spyware on your phone, you could factory reset your phone after getting it back.

1 Like