A hacked phone is uniquely alarming because it holds everything — your messages, banking apps, photos, email, and the 2FA codes that protect every other account. The phrase "my phone is hacked" covers a range of problems, from a junk app draining your battery to genuine spyware reading your messages. This guide helps you tell which you're facing, what to do right now, and how to clean and secure the device.
Signs Your Phone May Be Hacked
No single symptom is proof, but several together are a strong signal:
- Battery drains fast and the phone runs hot even when idle — hidden software working in the background.
- Mobile-data usage spikes with no change in your habits — data being exfiltrated.
- Apps or icons you never installed, or apps you can't seem to delete.
- Pop-ups, redirects, and new browser homepages.
- Contacts receive texts or messages you didn't send.
- 2FA codes arrive that you didn't request — someone is trying your passwords elsewhere.
- Settings change on their own, or you're mysteriously signed out of accounts.
Step 1 — Cut the Connection and Lock Down Your Accounts
Turn on Airplane Mode
This instantly cuts Wi-Fi and cellular, stopping any remote access and data exfiltration while you work.
From another trusted device, change critical passwords
Change your email, Apple ID / Google account, and banking passwords from a computer or another phone you trust — not the compromised one. Enable two-factor authentication while you're there. Your email and Apple/Google account come first; they control everything else.
Tell your bank if money apps were on the phone
Watch for unauthorised transactions and report anything suspicious immediately.
Locked out and stuck? Skip the trial-and-error.
Our certified bilingual tech remotes in, walks you through every recovery step, and secures the account on the spot — same day, from $59. No fix, no fee.
Step 2 — Clean the Phone
- Delete unfamiliar apps — anything you don't recognise or remember installing.
- Run a reputable mobile security scan (Malwarebytes, Bitdefender) to detect known malware.
- Update the operating system — updates patch the vulnerabilities attackers exploit.
- Review app permissions — revoke location, microphone, camera, and accessibility access from apps that don't need it.
- Check device-admin and accessibility settings — spyware often hides here to gain control; remove anything you didn't set up.
iPhone specifics
iPhones are hard to infect unless jailbroken. Check Settings → General → VPN & Device Management for unknown configuration profiles and remove them. Make sure the phone isn't jailbroken. A reset of all settings or a full restore clears most issues.
Android specifics
Most Android compromise comes from sideloaded apps outside the Play Store. Turn off "install unknown apps," review Settings → Security → Device admin apps, and uninstall anything suspicious. Booting into Safe Mode lets you remove stubborn apps.
Need This Fixed Right Now?
IT Cares recovers locked and hijacked accounts remotely — usually in 30 minutes or less, from $59. No fix = no charge.
Step 3 — Stalkerware: When Someone You Know Is Watching
Stalkerware is monitoring software installed by someone with physical access to your phone — often an ex-partner or controlling person — that silently reports your location, messages, and calls. It is a serious safety issue, not just a tech one.
- Signs: battery drain, a warm phone when idle, and device-admin or accessibility permissions you never granted.
- Removal: a factory reset removes it reliably. Review device-admin apps first to identify it.
- Safety first: if you may be in danger, removing the software can alert the person who installed it. Consider your safety and seek support (e.g., a local victim-services line) before acting.
Step 4 — The Nuclear Option: Factory Reset Done Right
When in doubt, a factory reset is the most thorough cleanup because it wipes all apps and data. Do it correctly:
- Back up your photos and contacts — but be aware a backup made after infection can re-introduce malware. Prefer a backup from before the problem, or export photos/contacts manually.
- Factory reset the device (Settings → reset / erase all content).
- Restore selectively — set up fresh and reinstall apps from the official store rather than restoring a full possibly-tainted backup.
- Change your account passwords again after the reset so the attacker can't just sign back in.
Don't Forget the SIM: SIM-Swap Attacks
Not all "phone hacks" are on the device. In a SIM swap, an attacker convinces your carrier to move your number to their SIM, intercepting your calls and SMS 2FA codes. The tell is your own phone suddenly losing all signal. If that happens, call your carrier immediately to restore the number, then secure every account tied to it. Prevent it by adding a port-out / transfer PIN with your carrier.
Secure Your Phone Going Forward
- Keep the OS and apps updated; install only from the App Store / Google Play.
- Strong passcode + biometrics; never leave the phone unlocked and unattended.
- Two-factor authentication via an authenticator app, not SMS.
- No public-WiFi banking without a VPN; don't tap links in unexpected texts (smishing).
- Don't jailbreak or sideload; add a carrier port-out PIN.
When to Call IT Cares
- You've cleaned the phone but symptoms persist, or you're not sure it's truly clean.
- You suspect stalkerware and want it found and removed safely.
- A SIM swap hit you and multiple accounts need re-securing.
- You want a full security check of the phone plus the email, banking, and social accounts tied to it.
IT Cares helps remotely — guiding the cleanup, account lockdown, and 2FA setup — same day, anywhere in Canada.
Need This Fixed Right Now?
IT Cares recovers locked and hijacked accounts remotely — usually in 30 minutes or less, from $59. No fix = no charge.
Frequently Asked Questions
Common signs: sudden battery drain and overheating when idle, a spike in mobile data, apps you didn't install, pop-ups and redirects, contacts getting texts you didn't send, settings changing on their own, and unrequested 2FA codes. One alone can be benign; several together point to compromise.
Turn on airplane mode to cut the attacker's access. Then, from a different trusted device, change your email, bank, and Apple/Google passwords and enable 2FA. Back on the phone, delete unfamiliar apps, run a reputable security scan, and update the OS.
A factory reset removes almost all malware and spyware because it wipes apps and data. Only restore from a backup made before the compromise, and change your account passwords afterward. On iPhone, also check for unknown configuration profiles and that it isn't jailbroken.
Yes — monitoring software installed by someone with physical access that hides and reports your location, messages, and calls. Signs: battery drain, a hot phone, and admin/accessibility permissions you didn't grant. A factory reset removes it. If you may be in danger, prioritise safety before tipping off the installer.
Keep the OS and apps updated, install only from official stores, use a strong passcode and biometrics, turn on authenticator-app 2FA, avoid public-WiFi logins without a VPN, don't sideload or jailbreak, and add a carrier port-out PIN against SIM swaps.
Comments
My Android was burning through data and battery and I kept getting 2FA texts I didn't ask for. Airplane mode + changing my Google password from my laptop stopped it cold; turned out a sideloaded 'free' app was the culprit. The Safe Mode tip made it deletable. Great checklist.
I suspected stalkerware after a bad breakup — phone always hot, weird permissions. IT Cares walked me through it carefully because of the safety angle, helped me back up what mattered, did a clean reset, and locked down my accounts. Felt human, not just technical.
Leave a Comment