Device & account security

How to tell if your phone has been hacked (and what to do)

By Iulian · Published 4 June 2026

Some links on this page may be affiliate links. If you buy through them we may earn a small commission, at no extra cost to you. We only recommend tools we believe are genuinely worth it. Learn more.

“My phone’s been hacked” is something people say a lot, and most of the time the real cause is a tired battery or a buggy app. But sometimes it is genuine: dodgy software, a compromised account, or, in the worst cases, someone you know spying on you. Here is how to tell the difference, and what to do about it.

Signs worth noticing

No single one of these proves anything on its own. It is a sudden change, or several of these together, that should make you look closer.

  • The battery drains unusually fast, or the phone runs warm when you are not using it.
  • Apps you do not remember installing have appeared.
  • You are getting pop-ups, or your browser keeps redirecting to odd pages.
  • Your mobile data use has jumped for no clear reason.
  • Friends say they have had messages or calls from you that you did not send.
  • You are being logged out of accounts, or getting password-reset emails you did not ask for.

How to check

  • Review your apps. Scroll through everything installed and remove anything you do not recognise or no longer use.
  • Check battery and data by app in Settings. An unknown app using lots of either is a red flag.
  • Check your Google or Apple account. Both show the devices and sessions currently signed in. Sign out anything you do not recognise.

A sensitive case: if you think someone with physical access to your phone, such as a controlling partner, may have installed monitoring software, take care. Removing it suddenly can sometimes escalate the situation. In the UK the National Domestic Abuse Helpline (0808 2000 247) and Refuge's tech-safety guidance can help you plan a safe next step first.

What to do

  1. Update everything. Install the latest phone software and app updates. These close the security holes attackers rely on.
  2. Delete suspicious apps, and revoke permissions that make no sense, like a torch app with access to your messages. Our Android and iPhone guides show where these settings live.
  3. Run a reputable security scan (your phone’s built-in protection, or a trusted security app).
  4. Change your important passwords from another device, and switch on two-factor authentication. Start with your email.
  5. As a last resort, back up your data and factory reset the phone. It is the surest way to remove stubborn malware.

If your email itself looks affected, follow what to do if your email has been hacked next, since that account can unlock all the others.

How to avoid it next time

Keep automatic updates on, only install apps from the official stores, use a screen lock and 2FA, be wary of links in texts and emails (phishing and fake delivery texts are the usual ways in), and take care on public wifi (see what a VPN is and isn’t).

More in our devices and accounts section.