Apple - Is resetting iPhone to factory settings sufficiently secure to subsequently sell the phone?
All the data on an iOS device is encrypted using strong encryption by default. The keys that are used to encrypted and decrypt our data are stored on the devices. When you choose to "Erase All Content and Settings" the device "obliterates" the keys. So your data is basically still there but no-one can read it anymore.
From the Apple's iOS Security document:
Erase All Content and Settings
The “Erase all content and settings” option in Settings obliterates all the keys in Effaceable Storage, rendering all user data on the device cryptographically inaccessible. Therefore, it’s an ideal way to be sure all personal information is removed from a device before giving it to somebody else or returning it for service.
Important: Don’t use the “Erase all content and settings” option until device has been backed up, as there is no way to recover the erased data.
I'd recommend reading through that document if you are interested in the security features of iOS devices. There's a lot more to it, including multiple levels of encryption depending on which types of data, etc.
Apple has a page dedicated to what you need to do to sell your device.
Before you sell or give away your device, you should remove your personal information. You shouldn't manually delete your contacts, calendars, reminders, documents, photos, or any other iCloud information while you're signed in to iCloud with your Apple ID. This would delete your content from the iCloud servers and any of your devices signed in to iCloud.
Follow these steps:
- If you paired an Apple Watch with your iPhone, unpair your Apple Watch.
- Back up your device.
- Sign out of iCloud and the iTunes & App Store.
- If you're using iOS 10.3 or later, tap
Settings > [your name]. Scroll down and tap
Sign Out. Enter your Apple ID password and tap
- If you're using iOS 10.2 or earlier, tap
Settings > iCloud > Sign Out. Tap
Sign Outagain, then tap
Delete from My [device]and enter your Apple ID password. Then go to
Settings > iTunes & App Store > Apple ID > Sign Out.
- Go back to Settings and tap
General > Reset > Erase All Content and Settings. If you turned on Find My iPhone, you might need to enter your Apple ID and password.
- If asked for your device passcode or Restrictions passcode, enter it. Then tap
- If you're switching to a non-Apple phone, deregister iMessage.
- Contact your carrier for help transferring service to a new owner. If you aren't using a SIM card with your device, you can contact them to get help transferring service to the new owner.
When you erase your iPhone, iPad, or iPod touch, Find My iPhone and Activation Lock is turned off.