How to Tell If Your Phone Is Hacked
A hacked phone usually leaves clues — sudden battery drain, odd pop-ups, or accounts behaving strangely. Here is how to read the warning signs and what to do next.
Phones hold our email, banking, photos, and identity, which makes them a prime target. The reassuring news is that a compromised phone rarely stays hidden — malware and account takeovers tend to leave tracks, from unexpected battery drain to logins you did not make. The key is knowing which signs actually matter (many are innocent) and acting calmly and in the right order if several add up. This guide explains the genuine warning signs, the common ways phones get hacked, how to confirm a problem, and the exact steps to clean up and recover, drawing on guidance from CISA and the FTC.
Key takeaways
- Watch for clusters of signs — one symptom alone is often harmless; several together are a red flag.
- Account alerts matter most: logins, password resets, or messages you did not send signal compromise.
- Act in order: disconnect, change passwords from a clean device, then remove malware or reset.
- Most hacks start with you — a phishing link, a sketchy app, or a reused password — so prevention is doable.
Warning signs to watch for
No single symptom proves a hack, but the following deserve attention, especially in combination. Look for rapid battery drain or a hot phone when idle, which can indicate hidden processes; spikes in mobile data use you cannot explain; pop-up ads or redirects, particularly outside a browser; apps you did not install; texts or social posts you did not send; calls or charges you do not recognize; and your contacts receiving strange messages from you. The most serious signal is account-related: notifications of logins from unknown locations, password-reset emails you did not request, or being locked out of your own accounts. Treat those as urgent.
Do not panic at one symptom. Aging batteries drain fast, a buggy app can overheat a phone, and pop-ups are often just aggressive ads on a webpage. Worry when several signs appear together, or when anything points to your accounts being accessed, which is the clearest sign of real compromise.
How phones actually get hacked
Understanding the common entry points helps you both diagnose and prevent problems.
| Method | How it works | Your defense |
|---|---|---|
| Phishing links | A text or email lures you to a fake login or malware page | Never tap unexpected links; verify the sender |
| Malicious apps | A sketchy app hides malware or excessive permissions | Install only from official stores; check permissions |
| Reused passwords | A breach elsewhere unlocks your accounts | Unique passwords plus 2FA |
| Public Wi-Fi snooping | Attackers intercept traffic on open networks | Avoid sensitive logins on open Wi-Fi |
Notice the pattern: most compromises begin with an action — tapping a link, installing an app, reusing a password — which is good news, because it means careful habits prevent the majority of attacks.
Confirming the problem
Before assuming the worst, do a quick audit. Review your installed apps and remove anything you do not recognize. Check app permissions — on iPhone under Settings → Privacy & Security, on Android under Settings → Apps — and revoke anything excessive, like a flashlight app with microphone access. Look at battery and data usage by app to spot an unknown heavy user. Review the active sessions and recent security activity in your email and major accounts; most show where you are signed in. If you find unfamiliar apps, mysterious sessions, or reset emails you did not request, you have enough to act.
What to do right now
If you believe your phone or accounts are compromised, move quickly and in this order. First, disconnect — turn on airplane mode or disable Wi-Fi and mobile data to cut the attacker off. Second, using a different, trusted device, change the passwords on your most important accounts, starting with email, then financial accounts, then everything tied to them; do not change them on the suspect phone, which may be logging your keystrokes. Third, enable or re-check two-factor authentication so the attacker cannot get back in — our guide to setting up two-factor authentication shows how. Fourth, sign out of all sessions in your account settings to evict any logged-in intruder.
Change passwords from a clean device. If your phone is compromised, anything you type on it — including new passwords — could be captured. Use a computer or another phone you trust to reset credentials, then deal with cleaning the affected phone.
Cleaning and recovering the phone
With accounts secured, clean the device. Delete any unrecognized or recently added apps, especially ones with broad permissions. Update the operating system and remaining apps, since updates patch the flaws malware exploits. Run a scan with a reputable mobile security app if you use one. If symptoms persist, the most reliable cure is a factory reset — back up your photos and essential data first, then erase the phone and set it up fresh, reinstalling apps only from the official store. For a step-by-step on clearing infections, see our guide on how to remove malware. If money or identity was involved, report it to the FTC and your bank.
Preventing it next time
Most of the defense is habit. Keep your phone and apps updated; install only from official app stores and review permissions; never tap links in unexpected texts or emails; use unique passwords with a manager and turn on 2FA everywhere; and avoid sensitive logins on open public Wi-Fi. Lock your phone with a strong passcode and biometrics so a lost device is not an open door. These same habits underpin our broader advice on protecting your privacy online. A little routine maintenance makes a successful hack far less likely — and the warning signs far easier to catch early.
Frequently asked questions
Does fast battery drain mean my phone is hacked?
Not on its own. Batteries degrade with age, and a buggy or background-heavy app can drain power or overheat a phone for entirely innocent reasons. Fast drain becomes a concern when it appears suddenly alongside other signs, such as unknown apps, unexplained data spikes, or account alerts. Look for clusters of symptoms rather than reacting to one.
What is the first thing I should do if my phone is hacked?
Disconnect it from the internet with airplane mode to cut off the attacker, then use a different, trusted device to change the passwords on your most important accounts, starting with email. Do not change passwords on the suspect phone itself, since it could be capturing what you type. After that, enable two-factor authentication and sign out of all active sessions.
Will a factory reset remove a hacker from my phone?
In most cases, yes. A factory reset erases the operating system and all apps, removing malware that lives on the device. Back up your photos and essential data first, then reset and reinstall apps only from the official store. Crucially, also change your account passwords from a clean device, because a reset removes device malware but does not undo a stolen password.
How do hackers usually get into a phone?
Most compromises start with an action you take: tapping a phishing link in a text or email, installing a malicious or over-permissioned app, or reusing a password that leaked in another breach. Less commonly, snooping on open public Wi-Fi plays a role. Because the common routes involve your choices, careful habits prevent the large majority of attacks.
Sources & further reading
- CISA — Secure Our World guidance
- FTC — How to recognize and avoid phishing scams
- Apple Support — If you think your account has been compromised
This guide is independently produced. We reference primary documentation from device makers and security authorities (NIST, CISA). Tudug is reader-supported and may earn from ads.