Not everything can be backed up to the cloud these days. Banking apps, for instance, (understandably) like to use secure storage, so at the very least you will need to do a 2FA handshake all over again, which can be very painful when you are abroad.

This. It's super painful and time-confusing restoring all apps ... even with proper backups.

Doing that right means having a second cloud account (Google/Apple), or you'll still be handing them a logged-in phone.

(If your phone looks suspiciously empty or has a weird account, you might as well have said "no", that phone will be taking an extra detour.)

What happens if one has no Google or social media accounts (although I have an Android phone, I have neither—I've never set up an account on the phone)?

It seems to me these days if one doesn't have any such accounts one's likely to be singled out as being suspect or suspicious.

Beware if newer, an empty phone may qualify for an import tax.