Factory reset is the OS-level operation that returns a device to its initial state by erasing user data and re-encrypting storage. Available on every modern phone, tablet, and laptop. Marketed as the answer to “I want this device clean.” Operationally, the reset is more nuanced: what looks like a clean device retains residue from the prior life that matters for some threat models and not for others.
What it means in practice
What a factory reset clears: user data partitions, app data, cached credentials, browser state, photos, messages stored locally. What it does not clear: account links in cloud services that respawn data on first sign-in (Apple ID re-syncs from iCloud, Google Account re-syncs from Drive and Photos, sometimes the data the user thought they erased), MDM enrollments that persist through reset (and re-enroll automatically on first network connection), OEM telemetry that may have already exfiltrated identification before the reset, sometimes residue in the secure enclave depending on model and firmware version. The “clean device” for an operator with a serious threat model is not a factory-reset old phone; it is a fresh hardware purchase with a fresh account that never touched the prior identity.
Where it shows up
Used appropriately for: device handover (selling, gifting, returning a leased phone), recovery from a malware infection at the consumer tier (factory reset clears most consumer-grade malware though not the most persistent), preparing a device for a new operational identity that is comfortable inheriting some platform residue. Used inappropriately for: thinking a reset device is “clean” in any operational sense after stalkerware infection (the better answer is documented forensic preservation, then reset on a separate timeline; some stalkerware survives the reset via cloud-account residue), thinking a reset device is safe for high-target operations (Pegasus and equivalents have demonstrated reset-survival on some configurations).
What you can change today
If you are about to factory-reset for safety reasons (suspected malware, post-separation cleanup, prep for adversarial environment), separate the reset from the recovery. Step 1: document the current state (screenshots of apps installed, settings panels, any suspicious behavior) for any future legal or forensic case. Step 2: factory-reset offline, do not let the device contact any cloud account during the reset. Step 3: when the device reboots, sign in to a fresh account, not the old one (the old account would re-sync the residue you were trying to clean). Step 4: install only the apps the next operation requires. For high-threat scenarios, replace the hardware entirely; the cost of a new Pixel running GrapheneOS is below the cost of trusting a reset device on a story that matters.
