The Phone You Sold Last Year Could Still Be Leaking Your Aadhaar And Bank Screenshots

We have started treating our phones like a part of our body, and the data inside them like something that belongs only to us. Then upgrade season arrives, we sell the old handset for a few thousand rupees, and the phone walks off into someone else's life carrying years of ours. The unsettling thing is that a lot of Indians already suspect this is a problem, and a new survey puts numbers to that suspicion.

In a Cashify survey of 8,000 smartphone users, 47.3 percent said they had heard of cases where data from a resold phone was recovered or misused, and 31 percent went a step further and said they had personally managed to retrieve data from a phone that had been wiped. Sit with that second number for a moment. It is not security researchers in a lab. It is ordinary users who tried, and one in three of them got something back. So when 74 percent of people in the same survey say they are worried about their personal data being misused after a sale, that worry is not paranoia. It is pattern recognition.

Forget the phone, think about everything inside it

When we picture a phone leak, most of us imagine old photos. The real exposure is far less romantic and far more dangerous. A modern Indian smartphone is a vault of identity. There are photos and screenshots of Aadhaar cards and PAN cards that we clicked to send to some bank or landlord and never deleted. There are bank statement PDFs and salary slips sitting in the Downloads folder. There are passwords saved in the browser and in autofill, the kind that quietly logs you into a dozen services. There are WhatsApp chats and media, payment confirmations, and SMS inboxes stuffed with OTPs and transaction alerts that together paint a complete map of your financial life.

Then there is the part that should worry us most in a UPI-first country. Our payment apps, our wallets, our banking apps. Even when the apps themselves ask for a PIN, the residue around them, the linked phone number, the cached details, the notification history, can be enough to help someone impersonate you or social engineer their way past a customer care line. India runs on digital payments more than almost anywhere on earth, and a phone is the single key that unlocks most of it. A handset that still remembers who you are is not a privacy nuisance. It is the opening move in a fraud.

Who is actually at risk, and who is mostly fine

This is where it pays to be honest rather than alarmist. If you own a recent, encrypted phone and you reset it properly, the odds of a stranger reconstructing your data are genuinely low, because the reset throws away the encryption key and leaves behind unreadable noise. The people who get burned tend to fall into a few groups. Those selling older or cheaper phones that were never fully encrypted. Those who did a quick reset without signing out of their Google, Apple, Samsung or Mi accounts, leaving the cloud door open. Those who forgot a microSD card or an old backup. And those who handed the phone to an informal buyer with no process at all, simply trusting that delete means gone.

That last group is large, and the survey hints at why the anxiety refuses to fade even as awareness rises. Basic deletion is now near universal, but confidence is not, because people increasingly understand that the easy methods do not come with a guarantee. Knowing that the lock might not be locked is its own kind of stress.

What this should change about how you sell

The takeaway is not to keep your old phones in a drawer forever, which plenty of Indians already do out of exactly this fear. It is to treat the wipe as seriously as you treat the sale. Sign out of every account, pull the SIM and SD card, delete the sensitive documents and screenshots first rather than trusting the reset to handle them, and only then erase the device through its own settings. If you would rather not think about any of it, this is precisely the gap that organised resale platforms are now competing on, with certified deletion and deletion certificates that the same survey shows people are willing to pay for. Whether that certificate is worth the money is a fair question, and one worth answering separately.

For now, the simplest mental shift is this. The moment you decide to sell a phone, stop thinking of it as your device with some data on it, and start thinking of it as a folder of your identity that is about to change hands. Wipe it like it matters, because to the next person holding it, it absolutely does.