Selling Used iPad Pro -- where/who?

[raptor1956]

I have a two year old iPad Pro in excellent condition that I can't justify and am thinking about selling it.  Where/who are reliable outfits that will buy it at a reasonable price without playing games?  As a second question ... any pointers to the best methods for wiping the unit before selling?


Brian

[ebclr]

Make a price

[Halcyon]

There are a bunch of Apple fanboys enthusiasts who will buy Apple products. You will have no issues selling it.

As for data security, Apple have been using per-file encryption keys for a while, normally^*1 deleting the file is enough to prevent recovery by most users. My advice would be to manually delete all your personal data, applications etc... then leave it switched on for at least a week doing nothing. That will give plenty of time for TRIM and other background processes to do their thing. Some^*2 of the logs will also start to overwrite and purge themselves (Apple logs are an absolute treasure trove of information).

If you want to be extra paranoid, fill the unallocated memory with garbage (copy a bunch of music or movies into the device, enough to fill whatever remaining space there is), before doing a factory reset (don't forget to unlink your Apple ID as well! Apple being Apple, a "factory reset" doesn't actually mean "factory reset").

Note 1: I say "normally" because it is possible to recover deleted data from Apple devices under certain circumstances. However this requires in-depth knowledge of Apple IOS and some relatively specialised tools. Your average user stands no chance.

Note 2: The exact science, timing and behaviour of the many, many log files present on Apple devices isn't fully known. Some purge themselves sooner than others, some not at all. A week is just a nice round figure I made up.

[CJay]

Won't be a problem finding people who want it as long as your price is sensible (sensible being whatever someone is willing to pay)

You'll need to log the device out and also remove it from your Apple account or the new buyer will not be able to activate it and use it on their Apple account.

The logging out process removes all your data, I believe irretrievably and removing it from your Apple account means it is then 'factory fresh' and able to be connected to a new Apple ID.

[james_s]

If you want top dollar, sell it on ebay, popular items like that tend to attract plenty of attention. It's small and easy to ship too. Yes you have to give ebay a cut, but you're still likely to come out ahead.

[tooki]

I have a two year old iPad Pro in excellent condition that I can't justify and am thinking about selling it.  Where/who are reliable outfits that will buy it at a reasonable price without playing games?  As a second question ... any pointers to the best methods for wiping the unit before selling?


Brian

Just follow these instructions on Apple’s support page: What to do before you sell or give away your iPhone, iPad, or iPod touch

IIRC, iOS uses per-file encryption AND whole-disk encryption. A factory reset throws away the keys, so that really is sufficient before reselling it.

Won't be a problem finding people who want it as long as your price is sensible (sensible being whatever someone is willing to pay)

You'll need to log the device out and also remove it from your Apple account or the new buyer will not be able to activate it and use it on their Apple account.

The logging out process removes all your data, I believe irretrievably and removing it from your Apple account means it is then 'factory fresh' and able to be connected to a new Apple ID.

Not really. You can sign out of iCloud and still keep most of the data locally. That’s why you do a full reset on it to wipe it clean.

There are a bunch of Apple fanboys enthusiasts who will buy Apple products. You will have no issues selling it.

As for data security, Apple have been using per-file encryption keys for a while, normally^*1 deleting the file is enough to prevent recovery by most users. My advice would be to manually delete all your personal data, applications etc... then leave it switched on for at least a week doing nothing. That will give plenty of time for TRIM and other background processes to do their thing. Some^*2 of the logs will also start to overwrite and purge themselves (Apple logs are an absolute treasure trove of information).

If you want to be extra paranoid, fill the unallocated memory with garbage (copy a bunch of music or movies into the device, enough to fill whatever remaining space there is), before doing a factory reset (don't forget to unlink your Apple ID as well! Apple being Apple, a "factory reset" doesn't actually mean "factory reset").

Note 1: I say "normally" because it is possible to recover deleted data from Apple devices under certain circumstances. However this requires in-depth knowledge of Apple IOS and some relatively specialised tools. Your average user stands no chance.

Note 2: The exact science, timing and behaviour of the many, many log files present on Apple devices isn't fully known. Some purge themselves sooner than others, some not at all. A week is just a nice round figure I made up.

Or just read the iOS security guide to learn exactly how it works.

There’s absolutely no need to let the gadget run for a week to theoretically overwrite things. The encryption keys are gone after a reset, so it becomes random garbage.

If one is paranoid, the only sensible step, after doing the full erase according to the Apple instructions, is to use iTunes to do a factory software restore on it.

[Halcyon]

There are a bunch of Apple fanboys enthusiasts who will buy Apple products. You will have no issues selling it.

As for data security, Apple have been using per-file encryption keys for a while, normally^*1 deleting the file is enough to prevent recovery by most users. My advice would be to manually delete all your personal data, applications etc... then leave it switched on for at least a week doing nothing. That will give plenty of time for TRIM and other background processes to do their thing. Some^*2 of the logs will also start to overwrite and purge themselves (Apple logs are an absolute treasure trove of information).

If you want to be extra paranoid, fill the unallocated memory with garbage (copy a bunch of music or movies into the device, enough to fill whatever remaining space there is), before doing a factory reset (don't forget to unlink your Apple ID as well! Apple being Apple, a "factory reset" doesn't actually mean "factory reset").

Note 1: I say "normally" because it is possible to recover deleted data from Apple devices under certain circumstances. However this requires in-depth knowledge of Apple IOS and some relatively specialised tools. Your average user stands no chance.

Note 2: The exact science, timing and behaviour of the many, many log files present on Apple devices isn't fully known. Some purge themselves sooner than others, some not at all. A week is just a nice round figure I made up.

Or just read the iOS security guide to learn exactly how it works.

There’s absolutely no need to let the gadget run for a week to theoretically overwrite things. The encryption keys are gone after a reset, so it becomes random garbage.

If one is paranoid, the only sensible step, after doing the full erase according to the Apple instructions, is to use iTunes to do a factory software restore on it.

I suppose all those years recovering data from Apple devices must have all been a figment of my imagination. I could swear I did it just yesterday. My mind must be going. ;-)

The iOS security guide gives a good overview (from Apple's perspective), but it won't talk about some of the limitations out there which are able to be leveraged by those wanting access to data. As I said, those basic steps are enough to prevent recovery by most users.

[tooki]

If your data was so valuable that whatever kind of recovery you do is worth the cost and effort, you a) wouldn’t the asking for advice on a forum that’s not even about mobile devices, and b) should probably just run the gadget through a shredder.

For anyone else, following the normal instructions is more than enough.

[Halcyon]

If your data was so valuable that whatever kind of recovery you do is worth the cost and effort, you a) wouldn’t the asking for advice on a forum that’s not even about mobile devices, and b) should probably just run the gadget through a shredder.

For anyone else, following the normal instructions is more than enough.

Tooki, you seem to be critical about a lot of things I post. I'm not sure why? You're quite clearly an Apple user. Do you perhaps down-play the fact that data can be recovered despite Apple's attempt at "security"?

The entire point I try to make in this thread (and others) is that we ought to be more careful what we do with our data. Many people don't realise how valuable even seemingly mundane bits of data about them really is. We should be protecting and controlling our information as best we can because if we don't, one day, it might come back to bite us on the ass.

The methods in which I described aren't onerous or time consuming, but will decrease the chances of anyone being able to recover private information from that device. Simply factory resetting a device is quite often not enough.

He is thinking about selling his iPad and short of selling it to friends or family, he has no idea who he is selling it to or what they might do with it. Old devices sold on ebay etc... are usually a treasure trove of private information. You don't know if that iPad might land in the hands of someone who is phishing for your information. Private information is a very lucrative business. Sure the chances are slim that anything bad will happen but why take the chance? This whole "I have nothing to hide" mentality is stupid and needs to stop. Once information about you is out there in the wild, it's almost impossible to get it back.

If it were me in the same situation, I wouldn't sell it at all. My old devices either sit in a box or get physically shredded.

[james_s]

If it were me in the same situation, I wouldn't sell it at all. My old devices either sit in a box or get physically shredded.

Not everybody is irrationally paranoid as you are. There are sensible precautions one should take, but no need to go over the top. Your data is just not likely to be that interesting and the chance of someone putting in the considerable effort to recover it is likely far lower than someone stealing the device from you with the data fully intact. There is plenty of low hanging fruit out there for data theft and just avoiding being that low hanging fruit is pretty effective. Most of us who buy used devices have absolutely no interest in whatever data they previously contained. I know whenever I get a used hard device the first thing I do is reset it to factory settings. When I get a used hard drive I format it. I'm more concerned about malicious stuff being on the device when I get it than my data getting out. The only time I worry about my data is with external services, it seems like every month or two there is another publicized breach and those are only the publicized ones.

[Halcyon]

Not everybody is irrationally paranoid as you are. There are sensible precautions one should take, but no need to go over the top. Your data is just not likely to be that interesting and the chance of someone putting in the considerable effort to recover it is likely far lower than someone stealing the device from you with the data fully intact.

Hardly irrational or paranoid at all. Educated? Yes. Experienced? Absolutely. And yes, sensible precautions I'm all for, as described in my previous posts. While shredding might be "over the top" for the average home user, it's not for others. It all depends.

Shall we let the OP decide what is best for them? We can all provide answers and suggestions but at the end of the day, the decision rests with the beholder of the data.

Let's not discourage people from best practices.

[tooki]

Tooki, you seem to be critical about a lot of things I post. I'm not sure why?

It’s got nothing to do with you. If I post a critical reply, it’s because I disagree with the content, as is the case here.

You're quite clearly an Apple user. Do you perhaps down-play the fact that data can be recovered despite Apple's attempt at "security"?

You dismiss security that the FBI has trouble cracking as “security” in quotation marks and wonder why I write you off as a crank?

The entire point I try to make in this thread (and others) is that we ought to be more careful what we do with our data. Many people don't realise how valuable even seemingly mundane bits of data about them really is. We should be protecting and controlling our information as best we can because if we don't, one day, it might come back to bite us on the ass.

And on the surface this sounds reasonable. But your post makes it sound as though recovering an erased iOS device is trivial, when in fact it’s at the level that even intelligence agencies find it difficult or impossible.

The methods in which I described aren't onerous or time consuming, but will decrease the chances of anyone being able to recover private information from that device. Simply factory resetting a device is quite often not enough.

In many devices, that’s true. But is that really the case in a device where an “erase all data” erases the encryption keys?

He is thinking about selling his iPad and short of selling it to friends or family, he has no idea who he is selling it to or what they might do with it. Old devices sold on ebay etc... are usually a treasure trove of private information.

If they haven’t been properly erased. Erasing the keys on a hardware-encrypted data storage device is more than adequate for nearly all usage scenarios.

You don't know if that iPad might land in the hands of someone who is phishing for your information. Private information is a very lucrative business. Sure the chances are slim that anything bad will happen but why take the chance? This whole "I have nothing to hide" mentality is stupid and needs to stop. Once information about you is out there in the wild, it's almost impossible to get it back.

Nobody is suggesting “I have nothing to hide, ergo I don’t need to take any measures”. Don’t put words in our mouths.

If it were me in the same situation, I wouldn't sell it at all. My old devices either sit in a box or get physically shredded.

Well that’s just stupid, unless you’re actually a government agent with secrets that enemies want from you.

Not everybody is irrationally paranoid as you are. There are sensible precautions one should take, but no need to go over the top. Your data is just not likely to be that interesting and the chance of someone putting in the considerable effort to recover it is likely far lower than someone stealing the device from you with the data fully intact.

Hardly irrational or paranoid at all.

Oh, honey, no. It’s well into “irrational paranoia”.

Educated? Yes. Experienced? Absolutely. And yes, sensible precautions I'm all for, as described in my previous posts. While shredding might be "over the top" for the average home user, it's not for others. It all depends.

What you suggest goes well beyond “sensible” precautions.

Shall we let the OP decide what is best for them? We can all provide answers and suggestions but at the end of the day, the decision rests with the beholder of the data.

Let's not discourage people from best practices.

But we should dissuade people from paranoia, which is what you are trying to instill.

[Jeroen3]

Although it probably does not return the money you'd expect, there is Apple Giveback, and then Apple will sell it as Certified Refurbished.

[Mr. Scram]

Just sell it second hand after a good scrub. Outfits and resellers will just eat a healthy slice of your pie. One of the benefits of buying Apple gear is that it tends to devalue little compared to other hardware. If you still have or can get a box for it that tends to increase the value.

[Halcyon]

You dismiss security that the FBI has trouble cracking as “security” in quotation marks and wonder why I write you off as a crank?

Are you referring to well publicised case of the suicide bombers iPhone 5C? If so, that phone was successfully cracked using methods still being used today. The mechanism on how it was done is secret. The FBI didn't need Apple to get into the phone, what they wanted was Apple to modify IOS to enable certain back doors, which of course Apple refused.

Breaking into phones is something that security and law enforcement agencies all around the world do every single day, not just for iPhone but for Android and Blackberry handsets too.

And on the surface this sounds reasonable. But your post makes it sound as though recovering an erased iOS device is trivial, when in fact it’s at the level that even intelligence agencies find it difficult or impossible.

Forgive me if I don't go into specifics, not only am I not allowed to, but I wouldn't want it to be public knowledge. It's a constant game of cat and mouse between security researchers and phone manufacturers. They don't help us and we certainly don't reveal how we circumvent their security. They have a fair idea on how certain things are exploited but they can't "fix" everything as it will make their devices harder to use by the end-user. It's a fine balance between security and functionality.

I also didn't say it was trivial (if you remember, I said most users won't be able to implement these kinds of tactics) but it is possible. What might be difficult to achieve today might be easy to do tomorrow.

But is that really the case in a device where an “erase all data” erases the encryption keys?

Sure, as long as you can be confident that factory reset removes encryption keys for everything, not just user data or selected partitions.

Erasing the keys on a hardware-encrypted data storage device is more than adequate for nearly all usage scenarios.

You aren't wrong. As I said, most users won't be able to recover data from these sorts of devices. But as I also said, what might be difficult today, might not be tomorrow.

Nobody is suggesting “I have nothing to hide, ergo I don’t need to take any measures”. Don’t put words in our mouths.

I wasn't putting words in anyone's mouth. But there will be a lot of people reading this thread who have that mentality. More than half the people I interact with have this kind of view. If we can just get people to think about the possibilities, then that's great. Knowledge is a powerful thing.

Well that’s just stupid, unless you’re actually a government agent with secrets that enemies want from you.

No it's not (and I wouldn't call anything you do stupid). I don't have to be a Government operative to have secrets. You seem to discount the fact that even mundane details about a person can be valuable to others. You might not value your personal information, but I do.

As for the comments about paranoia, they are starting to stray awfully close to a personal attack. We don't do that kind of thing on this forum.

To put it bluntly, you are wrong about me. You can think what you like at the end of the day, but it doesn't change what actually is. (Also personal attacks don't add anything meaningful to the discussion and are best kept to yourself). "Paranoid" and "irrational" are two words which don't even factor into my thinking or personality. I've seen countless people who have their money taken or have had their ID stolen and used by criminals, I would not want to be one of them. Just because someone's methods or experience differ from your own, doesn't make them wrong and it certainly doesn't make them paranoid. There are things in this world you aren't privy to or understand, so how about accepting that there is more than one way to approach these issues? Put your "macro thinking" hat on for a moment, you might even learn something.

[raptor1956]

Just sell it second hand after a good scrub. Outfits and resellers will just eat a healthy slice of your pie. One of the benefits of buying Apple gear is that it tends to devalue little compared to other hardware. If you still have or can get a box for it that tends to increase the value.

I've been trying to avoid the flame war going on vis a vis the security actions to take -- no intention of kicking over a hornets nest.

Yes, I do have the original Apple box so that should be of some value.  One site I looked at quickly a while back indicated as much as about $800 USD but others seem to indicate a more realistic valuation is closer to $300 USD -- quite the difference.  I'm not an ebay type and have never bought or sold anything on it, but some seem to think that's the best place.


Brian

[Mr. Scram]

I've been trying to avoid the flame war going on vis a vis the security actions to take -- no intention of kicking over a hornets nest.

Yes, I do have the original Apple box so that should be of some value.  One site I looked at quickly a while back indicated as much as about $800 USD but others seem to indicate a more realistic valuation is closer to $300 USD -- quite the difference.  I'm not an ebay type and have never bought or sold anything on it, but some seem to think that's the best place.


Brian

It really depends on the exact model and the condition. The pristine 12,9" model is a lot more expensive than a first generation 9,7" with wear and tear.

[raptor1956]

I've been trying to avoid the flame war going on vis a vis the security actions to take -- no intention of kicking over a hornets nest.

Yes, I do have the original Apple box so that should be of some value.  One site I looked at quickly a while back indicated as much as about $800 USD but others seem to indicate a more realistic valuation is closer to $300 USD -- quite the difference.  I'm not an ebay type and have never bought or sold anything on it, but some seem to think that's the best place.


Brian

It really depends on the exact model and the condition. The pristine 12,9" model is a lot more expensive than a first generation 9,7" with wear and tear.

Yes, mine is a 2.6 year old gen 1 12.9 in near new condition.


Brian

[Mr. Scram]

Yes, mine is a 2.6 year old gen 1 12.9 in near new condition.


Brian

What the configuration? Colour, memory size and WIFI or cell?

[Halcyon]

Just sell it second hand after a good scrub. Outfits and resellers will just eat a healthy slice of your pie. One of the benefits of buying Apple gear is that it tends to devalue little compared to other hardware. If you still have or can get a box for it that tends to increase the value.

I've been trying to avoid the flame war going on vis a vis the security actions to take -- no intention of kicking over a hornets nest.

Yes, I do have the original Apple box so that should be of some value.  One site I looked at quickly a while back indicated as much as about $800 USD but others seem to indicate a more realistic valuation is closer to $300 USD -- quite the difference.  I'm not an ebay type and have never bought or sold anything on it, but some seem to think that's the best place.


Brian

Selling it with the original box will increase its value. Be sure to list the actual model number (the Axxxx number on the back of the unit) along with the listing so that buyers know exactly which model they are bidding for.

As I said earlier before a few started criticising my advice, take a few easy steps now so you can be sure all your personal information is gone and unlink your Apple ID from the device so the buyer can register it against their own. It doesn't take long and if gives you piece of mind.

Plenty of clear photos and if it's the cellular version, include the IMEI number in the listing so that buyer can do their own checks to make sure that it isn't reported as stolen.

There are a lot of dodgy (stolen) Apple products online, the more you can show that you're a legitimate seller, the more people will be interested in your item instead of some dodgy seller trying to be deliberately vague.

[Mr. Scram]

I'm not sure I'd want the IMEI or unique serial online publicly. I'm not sure whether it's possible for Apple hardware, but it's certainly possible to clone them in other devices.

[Halcyon]

I'm not sure I'd want the IMEI or unique serial online publicly. I'm not sure whether it's possible for Apple hardware, but it's certainly possible to clone them in other devices.

At the end of the day, if he is getting rid of the device, what does it matter? IMEI's are very rarely cloned and if they are, it's usually randomly generated. Why anyone would go to the effort of trawling through ebay listings just for IMEI / serial numbers, I don't know.

[tooki]

You dismiss security that the FBI has trouble cracking as “security” in quotation marks and wonder why I write you off as a crank?

Are you referring to well publicised case of the suicide bombers iPhone 5C? If so, that phone was successfully cracked using methods still being used today. The mechanism on how it was done is secret. The FBI didn't need Apple to get into the phone, what they wanted was Apple to modify IOS to enable certain back doors, which of course Apple refused.

Breaking into phones is something that security and law enforcement agencies all around the world do every single day, not just for iPhone but for Android and Blackberry handsets too.

There have been several instances, not just the San Bernardino phone. (IIRC, from what info has leaked, the third party was able to crack it because it wasn’t running a more recent version of iOS. As you know, Apple has been increasing the security, both in software and in hardware, as time progresses.) But my point was this: The freaking FBI didn’t have the skills to crack it. They had to resort to a third party. The point is that the skill required to do it is rare, and if you don’t already possess this skill, you’ll be paying through the nose to somebody who does, if the skill exists. Unless you are a high-value target, the cost of recovering the data is going to far exceed the value of the data.

And on the surface this sounds reasonable. But your post makes it sound as though recovering an erased iOS device is trivial, when in fact it’s at the level that even intelligence agencies find it difficult or impossible.

Forgive me if I don't go into specifics, not only am I not allowed to, but I wouldn't want it to be public knowledge. It's a constant game of cat and mouse between security researchers and phone manufacturers. They don't help us and we certainly don't reveal how we circumvent their security. They have a fair idea on how certain things are exploited but they can't "fix" everything as it will make their devices harder to use by the end-user. It's a fine balance between security and functionality.

I also didn't say it was trivial (if you remember, I said most users won't be able to implement these kinds of tactics) but it is possible. What might be difficult to achieve today might be easy to do tomorrow.

Of course that’s possible. But is it likely? No.

And if you sell the device today, erased, with up to date software, the sooner it sells, the sooner somebody else starts using it, causing any remnants of your data to be overwritten.

But is that really the case in a device where an “erase all data” erases the encryption keys?

Sure, as long as you can be confident that factory reset removes encryption keys for everything, not just user data or selected partitions.

Erasing the keys on a hardware-encrypted data storage device is more than adequate for nearly all usage scenarios.

You aren't wrong. As I said, most users won't be able to recover data from these sorts of devices. But as I also said, what might be difficult today, might not be tomorrow.

Hence it making sense to get the thing back in use ASAP.

Nobody is suggesting “I have nothing to hide, ergo I don’t need to take any measures”. Don’t put words in our mouths.

I wasn't putting words in anyone's mouth. But there will be a lot of people reading this thread who have that mentality. More than half the people I interact with have this kind of view. If we can just get people to think about the possibilities, then that's great. Knowledge is a powerful thing.

Only if the person knows enough to make use of that knowledge. But most people aren’t techies, and we are not going to succeed in forcing them to become them. If you tell an ordinary user “Do steps 1, 2, 3”, and those things are easy enough to do, they’ll do them. If you say “Do steps 1-7”, they’re much more likely to do none of them at all, leaving them in a much worse place than if you’d given them the simpler steps that are adequate for 99.9% of situations.

Well that’s just stupid, unless you’re actually a government agent with secrets that enemies want from you.

No it's not (and I wouldn't call anything you do stupid). I don't have to be a Government operative to have secrets. You seem to discount the fact that even mundane details about a person can be valuable to others. You might not value your personal information, but I do.

As for the comments about paranoia, they are starting to stray awfully close to a personal attack. We don't do that kind of thing on this forum.

LOL people do it all the time on here. Not saying they should, but it happens. In any case, not intending anything to you as a personal attack. But it is my opinion that your standpoint is one of unreasonable worry verging on paranoia.

To put it bluntly, you are wrong about me. You can think what you like at the end of the day, but it doesn't change what actually is. (Also personal attacks don't add anything meaningful to the discussion and are best kept to yourself). "Paranoid" and "irrational" are two words which don't even factor into my thinking or personality. I've seen countless people who have their money taken or have had their ID stolen and used by criminals, I would not want to be one of them. Just because someone's methods or experience differ from your own, doesn't make them wrong and it certainly doesn't make them paranoid. There are things in this world you aren't privy to or understand, so how about accepting that there is more than one way to approach these issues? Put your "macro thinking" hat on for a moment, you might even learn something.

Of course I know there are other approaches and experiences. I never pretended otherwise. My point is that choosing the right approach is essential, and that presenting all possible approaches is counterproductive most of the time. And I think this is one of them.

[Halcyon]

 

Let's not derail this thread any more.

raptor1956: Let us know what you decide to do and what the outcome is. I'm sure people in the same boat as you would appreciate it. All the best mate. 

[raptor1956]

Yes, mine is a 2.6 year old gen 1 12.9 in near new condition.


Brian

What the configuration? Colour, memory size and WIFI or cell?

It's 'slate grey' with 128GB and is currently connected to Verizon cell service.  I used it mostly when flying my Inspire 1 Pro drone but I have pretty much retired the Inspire and am planning to sell it to.


Brian