Alcyone SecureAlcyone Secure
Get Black Box
GUIDE--APR 2026--10 MIN READ

How to protect your phone or laptop before sending it for repair: the 2026 checklist

A 12-step pre-repair checklist for phones and Windows laptops, grounded in real incidents from Apple/Pegatron to Kolkata 2025. Backups, encryption, account hygiene, and forensic recording, in the right order.

Most repair-shop privacy incidents are not catastrophic. They are small, opportunistic, and entirely preventable with twenty minutes of preparation. This is a working checklist for anyone about to hand a Windows laptop or a phone to a service centre, an in-house IT team, or a friend who will fix it.

The order matters. Skip the early steps and the later ones lose effect. The Apple/Pegatron, Kolkata, and Guelph cases (see the catalogue) all turn on access that one or more of these steps would have blocked.

§ Phone-specific steps (skip if it is a laptop)

  1. 01Move sensitive media off the device. Backup, then delete-from-device, then secure-empty if your phone supports it. The Kolkata and Trivandrum cases turned on intimate media that was on the device. If it is not on the device, the technician cannot copy it.
  2. 02Sign out of cloud accounts. Google account, Apple ID, WhatsApp web sessions, Telegram cloud, banking apps. Not the device, the accounts.
  3. 03Set a temporary passcode. Six digits, not your usual one. If the shop needs the device unlocked for testing, share this temporary one. Reset to your normal passcode when you get the device back.
  4. 04Enable Lost Mode awareness. Apple Find My and Google Find Hub both let you remotely lock or wipe the device if something looks wrong during the repair window. Have the credentials ready on a second device.

§ Laptop-specific steps (skip if it is a phone)

  1. 01Verified backup, not optimistic backup. OneDrive showing a green tick is not a backup, it is a sync. Make a real, offline backup to an external drive, then restore one folder to a different machine to confirm it works.
  2. 02Sign out of every cloud account that auto-syncs. Browsers, password managers, OneDrive, Dropbox, Google Drive. Anything that survives a reboot signed in is a credential exposure.
  3. 03Confirm BitLocker is on. Settings, System, About, BitLocker. If it is off, turn it on at least 24 hours before the handover. BitLocker does not stop a powered-on, signed-in attack, but it makes a stolen drive useless.
  4. 04Save the BitLocker recovery key elsewhere. A printed copy in a desk drawer is fine. If the technician changes the boot configuration during repair, BitLocker will demand the key on next boot.
  5. 05Create a separate, low-privilege technician account. Do not hand over your daily-driver account. Create a local admin account named after the technician or service ticket. Sign in to that account during the handover. After the device returns, audit and delete it.
  6. 06Snapshot the system state. Screenshots of: installed apps (Settings, Apps, Installed apps), services running (Get-Service in PowerShell), startup entries (Task Manager, Startup apps), and your system tray. After the device returns, diff these.
  7. 07Install Black Box. Forensic recorder, 2.9 MB, signed installer, free for individuals. It logs USB events, file accesses, logins, and process starts into a SHA-256 hash chain. If the device is tampered with, you will know; if it is not, you will have a clean record to that effect.
  8. 08Document the device condition. Photograph the keyboard, screen, and casing. Removes ambiguity if the device returns with new wear that the shop denies.

§ Common steps (always do)

  1. 01Tell the technician you are recording. Optional but useful. A bench that knows it is recorded behaves differently. A reputable shop will not object; an unreputable one might. Either signal is informative.
  2. 02Get a written work scope. Ask the shop to write down what they intend to do, what parts they intend to replace, and what data access they expect to need. Not forensic evidence, but a commitment that constrains scope creep.
  3. 03Audit on return. Compare snapshots, generate the forensic report from Black Box, look for: new admin accounts, new startup entries, USB devices you did not recognise, file accesses outside the work scope, and time-source changes. Most of the time everything will be clean. When it is not, you have evidence.

§ What this prevents and what it does not

This checklist makes opportunistic snooping much harder, makes incidents detectable, and produces evidence usable in a dispute. It does not stop a determined attacker with kernel access and time. For most repair scenarios, including all the cases in our incident catalogue, it is the right defence.

§ What changed in 2026 vs the 2024 version of this list

Three steps are new this year:

  1. 01Lost Mode awareness for phones. Apple and Google both expanded their out-of-band lock and wipe controls in 2025. They are now usable in real time during a repair window.
  2. 02Temporary passcode pattern. Common in 2026, less so two years ago. Reduces credential exposure even when the device must be unlocked.
  3. 03Forensic recording on Windows is now consumer-grade. Until 2025, this was an enterprise-only capability. Black Box brings the same primitives to home users without a per-seat fee.

FREQUENTLY ASKED

Common questions

Do I really need all 12 steps?+

If the device is your daily-driver and contains personal media, banking sessions, or work accounts, yes. If it is a clean spare with nothing on it, the laptop-specific snapshot and forensic recording steps are still worth doing because they are cheap and produce evidence.

Will installing Black Box void my warranty?+

No. It is a normal Windows service that runs in the background. It does not modify the operating system, does not require any boot-level changes, and is digitally signed.

What if my repair is at an OEM-authorised service centre, not a small shop?+

The Apple/Pegatron case in 2016 happened at an authorised contract facility. OEM authorisation is not a substitute for the per-device defence. The checklist still applies.

How long does this whole process take?+

About 20 minutes before handover and 5 minutes after the device returns. Less if you do this often and have the snapshots scripted.

Is this overkill for a routine repair?+

If you are confident the device contains nothing sensitive and you are happy to bear the risk if it does, you can skip the snapshot and recording steps. The first six steps (the data-hygiene ones) take five minutes and are worth doing every time.

NEXT STEP

Want a forensic recorder
on your machine?

Black Box ships free for individuals. 2.9 MB installer, digitally signed, no card required.

Free downloadHow it works

KEEP READING

Related on Alcyone Secure

INVESTIGATION

Phone and laptop repair shop privacy breaches: every documented incident from 2021 to 2025

A working catalogue of real, sourced incidents where phone and laptop repair shops snooped, copied, or leaked customer data. Apple, Geek Squad, Trivandrum, Kolkata, Singapore, Guelph and more.

14 MIN READINVESTIGATION

The University of Guelph study: half of computer repair stores snoop on customers

How researchers at the University of Guelph proved (with tagged decoy files and battery-replacement requests) that roughly 50 percent of repair shops snoop on the customer files they have no reason to open.

8 MIN READINVESTIGATION

The Kolkata phone repair shop video leak (September 2025): what happened, and why it keeps happening

A Kolkata woman accused her local phone repair shop of leaking her private videos. The viral post triggered nationwide outrage. Here is the documented story and the structural pattern behind it.

8 MIN READ

← PREVIOUS

The Singapore CNA Insider investigation: how phone and laptop repair shops snoop and copy your data

NEXT →

DPDP Act 2023, explained for Indian businesses (and what auditors actually look for)