A clean device is a phone, laptop, or tablet that carries no history of your real-life identity, no synced accounts, no installed apps that link back to your daily-life setup, no cached credentials, no Wi-Fi networks that auto-join your home or office. Used for high-risk operations (border crossings, source contact, sensitive client work, hostile-environment travel) where a normal device’s accumulated state would expose more than the operator wants to expose.
What it means in practice
The clean device is not the same as a wiped device. A factory reset of an existing phone returns it to default settings but leaves behind: account links in Apple ID or Google Account that respawn data on first sign-in, MDM enrollments that persist through reset, OEM telemetry that may have already exfiltrated identification, sometimes residue in the secure enclave depending on model and firmware. The actually clean device is purchased fresh (cash where the threat model justifies it), set up under an alias or operational identity, never signed into the personal Apple ID or Google account, never connected to home Wi-Fi while the personal phone is in the house. The discipline is harder than the purchase: most “clean device” operations fail the first time someone reflexively types their real Gmail password into the new browser.
Who uses it, and against whom
Standard practice for: investigative journalists who maintain a separate phone for source contact (the source’s safety often depends on the journalist not being followable through the journalist’s daily-life device), NGO staff deploying to monitored countries (the home-country smart speaker, banking app, and family chat history is a liability at the destination), executives and lawyers traveling to hostile jurisdictions for negotiations (the device that survives the trip is the device that left empty), and divorce clients during pre-filing investigation phases (the device that searches “how to file for divorce” should not be the device on the family iCloud). Adversaries range from border agents running UFED extractions, to commercial spyware operators looking for footholds, to civil-discovery requests that subpoena devices.
What you can change today
If you have an upcoming trip or operation that needs a clean device, do the setup at home, not at the airport. Steps: buy a Pixel (for GrapheneOS) or a fresh iPhone in cash, set it up offline first if possible, create a fresh Apple ID or Google account using a Proton email created the same week, install only the apps the operation requires, never sign into a real-life account on this device, charge it on a separate circuit from your daily devices to avoid USB cross-contamination if the threat model includes hardware implants. After the operation closes: factory reset, sell or destroy depending on threat tier, do not roll the clean-device persona forward into a new operation.
