The good news about buying a used smartphone is that chances of it being infected with a persistent threat that could spy on you and your data are slight, as long as you take basic precautions.
“I wouldn’t pay for the phone unless I was sure I could do a factory reset on it,” Sean Sullivan, F-Secure Security Advisor told me.
This means you probably shouldn’t be in the market for a phone just based on the apps that it may come with it.
“If you want to buy on EBay loaded with certain games, I wouldn’t go that way,” Sean said.
Any phone preloaded with malware probably also has the previous owners data on it. So that makes reselling an infected phone a particularly ineffective way to spread malware.
A hard reset should eliminate nearly all threats, Sean said, unless the phone has been rooted or jailbroken by the previous owner.
Nearly all mobile malware targets Android devices but they also tend to more affordable than their Apple competitors.
“For a $150 bucks, I got my son a pretty decent new Android phone,” Sean said. “Buying a new phone rather than old seems like a better way to go to me.”
You should also make sure the phone you’re considering can still get updates and patches from phone’s manufacturer. For iOS that includes iPhone 5S and IPad Air along with iPhones and iPads released after those models.
“For Android… it varies, a lot,” Sean said. “You should search for both the vendor and the carrier’s pages for details about update support. Google only officially supports its own Nexus and Pixel models for either 3 years from date of release to 18 months from final sale, whichever is longer. Many other Android vendors do far less.”
Obviously, you’ll be better off buying an Android compatible with the latest version of the OS, as Google has been making slow but steady progress with the platform’s security.
You can check if the device you’re considering has been stolen using an IMEI check that cross-references the unique International Mobile Equipment Identity number each smartphone has to have.
Once you get the device, follow the standard mobile security advice — stick to official app stores, run updated security software if possible and opt-in to software automatic updates over Wi-Fi.