Affiliate disclosure: Some links in this article are affiliate links. If you buy through them, I earn a small commission — at no extra cost to you. I only recommend tools I would genuinely use myself.

Most people who search 'phone hacked' aren't paranoid. Something happened — battery draining faster than usual, an app behaving strangely, a login alert from somewhere unexpected. And now they're wondering if someone else is inside their phone.

The honest answer: it's possible, but most of the time there's an explanation that isn't a hack. The problem is that the signs of a genuinely compromised phone look exactly like signs of an ageing battery, a buggy app update, or a phone that needs a restart.

This article walks you through the real indicators — the ones that matter — and tells you what to actually check, step by step. If something is wrong, you'll know by the end. And if it isn't, you'll also know that.

For more device security guidance, see the device security hub.

Which of these have you noticed on your phone?

1 in 3

phone users experience a security scare annually

80%

of compromises caused by a downloaded app

48 hrs

typical window to detect and reverse damage

The Signs That Actually Matter

Some warning signs are overhyped. Others are genuinely worth paying attention to. Here's how to tell the difference.

Battery draining fast

Investigate

If innocent: Ageing battery, new app, recent OS update changing power settings

If hacked: Sharp drop that appeared in the last 1–2 weeks with no change in usage

Phone hot when idle

Strong indicator

If innocent: Normal after gaming or video calls

If hacked: Hot when screen is off and nothing is running — background processes sending data

Unexplained data usage

Strong indicator

If innocent: Background app refresh, system updates

If hacked: An app you barely use is at the top of the data list with no reason to send anything

Unfamiliar apps

Strong indicator

If innocent: Manufacturer bloatware pre-installed at purchase

If hacked: New app appeared recently that you are certain you didn't install

Messages you didn't send

Strong indicator

If innocent: Account accessed via browser on another device

If hacked: Messages in sent folder you have no memory of — device or account is compromised

Login alerts from unknown locations

Strong indicator

If innocent: You logged in from a new device and forgot

If hacked: Direct record of someone else accessing your account right now

2FA codes you didn't request

Investigate

If innocent: Accidental tap or saved login auto-triggered

If hacked: Someone has your password and is actively trying to log in this moment

A gradual battery decline over months is normal ageing. A sharp drop that appeared in the last week or two — with no change in your usage habits — is the signal worth investigating.
Android
SettingsNetwork & InternetData UsageApp Data Usage
iPhone
SettingsMobile Data

Scroll down to see per-app data usage

Both
myaccount.google.comSecurityYour devices

Look for any device or location you don't recognise

iPhone
Settings[Your name]Scroll down — all signed-in devices listed

Probably fine

  • Only slow/crashing symptoms selected
  • Signs started after an OS update
  • Battery declining gradually over months
  • No login alerts or unknown apps

Worth investigating

  • Battery dropped sharply in last 2 weeks
  • Data usage spike with no clear cause
  • Phone warm when completely idle
  • Receiving 2FA codes you didn't trigger

Take action now

  • Unfamiliar apps you didn't install
  • Messages or emails sent from your accounts
  • Login alert from a location you don't recognise
  • Phone hot at idle AND unexplained data usage together

Signs That Are Usually Not a Hack

These come up in every "is my phone hacked?" article online. They're worth mentioning because they cause a lot of unnecessary worry.

Autocorrect behaving strangely — software bug or keyboard learning your patterns. Not a hack indicator.

Screen flickering — hardware issue or software bug. Common after OS updates.

Apps crashing — usually a buggy update from the app developer. Check if there's an update available.

Random reboots — can be hardware, can be a bad app, can be a battery issue. Uncommon as a hacking indicator.

"My phone feels slow" — storage full, too many apps running, ageing processor. Very rarely indicates compromise.

How to Check Your Phone Step by Step

Don't rely on a single sign. Run through this checklist.

Run this 5-step check now

Takes under 10 minutes

0/5

Check for unfamiliar apps

Go through every installed app. Look for anything you don't recognise — especially apps with Device Administrator privileges. Nothing should be in that list except your work MDM or a security app you installed yourself.

Both

Check data usage by app

Look at which apps have consumed the most data this month. If an app you barely use is at the top with no reason to send anything — that is the most reliable combined signal on this list.

Both

Run a malware scan

On Android: download Malwarebytes and run a full scan. On iPhone: there is no equivalent because iOS sandboxing prevents it — skip to Step 4 if you are on iPhone.

Android

Check your account sign-in activity

Check both your Google or Apple ID for devices and locations you don't recognise. This is the clearest possible indicator — it is a direct record of access.

Both

Check for apps with Accessibility access

On Android: Settings → Accessibility → Installed Services. Spyware frequently abuses accessibility permissions. Only apps you knowingly granted this to should appear here.

Android
Android
SettingsSecurityDevice Admin Apps

Nothing should appear here unless you set it up yourself

What to Do If Your Phone Has Been Hacked

Do not factory reset your phone yet. A factory reset destroys evidence — app install logs, access records, and data that would tell you what was accessed and by whom. Follow the steps below first. Factory reset is Step 6, not Step 1.
1

Don't panic — and don't factory reset yet

You have time. A factory reset destroys evidence. Follow these steps first — the reset option is last if everything else fails.

2

Change your most important passwords from a different device

Use a laptop, tablet, or a trusted friend's phone. Change your email password first — it controls recovery for everything else. Then your banking apps, then social media. Use passwords you have never used before.

3

Enable two-factor authentication on every important account

If you haven't already, enable 2FA on your email, banking, and social accounts now — using an authenticator app, not SMS. Do this from the clean device before returning to the phone.

4

Remove any unfamiliar apps and revoke unnecessary permissions

Go through every installed app. Delete anything you don't recognise. Then check which apps have Camera, Microphone, Location, and Accessibility access — remove anything that has no clear reason to need those permissions.

5

Update your operating system and all apps

Many compromises exploit known vulnerabilities in outdated software. An OS update closes those gaps. Do this after removing suspicious apps — not before, in case an update interferes with evidence.

6

If in doubt — factory reset

If you completed the above and are still seeing suspicious activity, a factory reset is the nuclear option. Back up contacts and photos to cloud storage first. Restore from a backup made BEFORE the compromise — not a recent one that may include malware.

How to Stop This Happening Again

A compromised phone usually starts with one of three things: a phishing link, an app downloaded from outside the official app store, or a weak password on a connected account.

The most effective things you can do:

Only install apps from the official app store. Android's Play Store and Apple's App Store both vet apps before listing them. Sideloaded apps — installed from APK files or third-party stores — have no such vetting.

Keep your OS and apps updated. Security patches close the vulnerabilities attackers use to get in. An unpatched Android phone is significantly more exposed than one running current software.

Use strong unique passwords on every account. The same password on five different sites means one breach exposes all five. A password manager like 1Password solves this completely.

Be suspicious of links — in any app. WhatsApp, SMS, email, Instagram DMs — phishing links arrive through all of them. If someone sends you a link you weren't expecting, don't tap it before verifying the sender actually sent it.

Turn on two-factor authentication. Even a weak password becomes significantly harder to exploit with two-factor on.

The Honest Summary

Most phones that feel "off" aren't hacked. But some are — and the signs overlap enough that it's worth running through the checks above rather than guessing.

The real indicators: a sharp unexplained change in battery or data usage, a phone that's warm when idle, apps you didn't install, messages you didn't send, and account logins from devices you don't recognise. These are the things that matter. Random crashes and autocorrect weirdness are not.

If the checks above flag something real, follow the steps in order — change passwords from a different device first, then clean the phone, then reset if needed.

💡
If you ran the 5-step check and found nothing suspicious — your phone is almost certainly fine. The one thing worth doing regardless: enable two-factor authentication on your email account if you haven't already. That single step prevents the majority of account-level compromises. For a full device hardening guide, see How to Stop Your Phone Getting Hacked in the First Place in the device security hub.