Quick Answer: Common signs include fast battery drain, unexplained data spikes, unknown apps or profiles, strange pop-ups, logins you don’t recognize, texts you didn’t send, and SIM-swap alerts. Update your phone, remove shady apps, run Play Protect on Android, review iPhone profiles, change passwords, turn on 2FA, and contact your carrier if needed.
Table of Contents
7 signs your phone may be hacked
1) Your battery drops fast or the phone runs hot
Malware often works in the background, chewing through CPU and battery. Heat alone isn’t proof, but sudden, persistent drain deserves a closer look.
2) Data usage spikes you can’t explain
Watch for a jump in mobile data when you haven’t changed habits. Some spyware uploads photos, messages, or call logs in the background.
3) Unknown apps, profiles, or permissions
On Android, look for unfamiliar apps and check their permissions. On iPhone, check Settings > General > VPN & Device Management for configuration profiles you didn’t install. Unwanted profiles can route traffic or install certificates.
4) Pop-ups, redirects, or shady notifications
If you’re seeing aggressive pop-ups, redirects to odd sites, or “cleaner/booster” alerts you never asked for, you may have a sketchy app or browser hijack.
5) Account activity you don’t recognize
Security emails about unfamiliar logins, password resets you didn’t request, or new devices on your Google or Apple account are all red flags. Turn on 2FA right away.
6) Texts or calls you didn’t send
Malware can message premium numbers or spam your contacts. On Android, malicious apps with SMS privileges can do real damage.
7) Carrier alerts about SIM changes
If you get a message about a SIM change or number port request you didn’t make, treat it as urgent. SIM-swap fraud lets attackers intercept calls and 2FA codes.
First-aid: Do these 7 Things Now
Step 1. Disconnect and note symptoms
Turn off Wi-Fi and mobile data. List what you noticed: odd apps, pop-ups, unknown logins, texts you didn’t send. This helps you track what to fix.
Step 2. Update OS and apps
Install pending system updates and app updates. Many attacks vanish after an update closes the hole they were using. Keep auto-updates on.
Step 3. Scan and remove harmful apps (Android)
Open Google Play > Profile > Play Protect > Scan. Play Protect checks installed apps and can warn, disable, or auto-remove harmful ones. Keep it on.
Step 4. Review app permissions and uninstall unknown apps
Revoke SMS, accessibility, admin, and overlay permissions from apps that shouldn’t have them. Uninstall anything you don’t recognize or no longer trust.
Step 5. iPhone only: review configuration profiles and device management
Go to Settings > General > VPN & Device Management. Remove any profile you didn’t install or don’t need. Profiles can change network routes, push root certificates, or enroll you in management. If in doubt, remove and reboot.
Step 6. Secure your accounts and enable 2FA
From a clean device if possible, change your Apple ID/Google Account passwords, then email, banking, and socials. Turn on two-factor authentication for each. If you suspect Apple account access, follow Apple’s recovery steps.
Step 7. Suspect SIM swap? Call your carrier now
Ask the carrier to flag the account, set or reset your account PIN, and reverse any unauthorized SIM or port-out changes.
Deep-clean options
Safe Mode removal (Android)
Booting into Safe Mode temporarily disables third-party apps so you can uninstall stubborn ones. If the problem stops in Safe Mode, an app is likely to blame.
Reset settings vs full factory reset
A settings reset keeps your data but clears network and privacy settings. A full factory reset wipes the device. If you restore, avoid restoring shady apps or old configuration profiles. Follow a clean setup and re-install only what you trust. For severe or persistent issues, a wipe and clean setup is the surest fix. For additional recovery guidance, NCSC recommends simple, structured steps when you suspect malware on any device.
Myth Busting: “secret codes” like *#21#
There isn’t a magic code that tells you if your phone is hacked. Codes like *#21# show call-forwarding status. That can be useful to spot suspicious call routing, but it is not a hack detector. Focus on the signs and steps above.
Mini case study: OnePlus SMS flaw (2025)
A recent vulnerability in OxygenOS (CVE-2025-10184) let apps read and send SMS on some OnePlus phones without permission. This could expose 2FA codes and enable account takeovers. OnePlus said a patch would roll out globally starting mid-October 2025. The takeaway: keep your device updated and avoid SMS-based 2FA if you can use an authenticator app or security key.
Prevent it next time
- Use app stores and keep Play Protect on (Android). Disable unknown sources.
- Review iPhone profiles periodically and delete anything you don’t trust.
- Turn on 2FA everywhere. Prefer app-based codes or security keys over SMS for critical accounts. CISA recommends strong authentication and careful handling of mobile settings.
- Protect your carrier account with a PIN and alerts for SIM/port changes.
- Stay scam-aware. Don’t act on urgent texts or login prompts without verifying. CISA’s phishing guidance is a good refresher.
Frequently Asked Questions (FAQs)
Will a factory reset remove a hacker?
Usually yes. Set up as new, avoid restoring untrusted apps or profiles, and change passwords on a clean device. For general recovery steps, see NCSC’s malware guidance.
Can an iPhone be hacked without a jailbreak?
Yes, through things like malicious profiles, account compromise, or rare zero-click exploits. Keep iOS updated and remove unknown profiles.
How do I scan my Android for malware?
Run Play Protect from Google Play. It can warn, disable, or auto-remove harmful apps and now revokes risky permissions.
What should I do if my accounts show unfamiliar logins?
Change passwords from a clean device, enable 2FA, review sessions and connected devices, and sign out of all sessions.
Are USSD “hack check” codes real?
They only reveal network or call-forwarding status. They don’t detect hacking.
How do I stop SIM-swap attacks?
Add a carrier PIN, watch for “SIM change” alerts, and use app-based 2FA. New FCC rules require better notifications from carriers.
Comparison Table: Fix Options
| Method | When to use | Pros | Cons |
|---|---|---|---|
| Play Protect scan (Android) | Suspicious app behavior | Fast, built-in, removes known bad apps | Won’t catch everything |
| Remove iPhone profiles | Unknown profile appears | Quick, removes routing/cert changes | Can remove legit org profiles |
| Permission audit + uninstall | New or shady apps | Stops abuse of SMS/accessibility | Time-consuming |
| Reset settings | Mild issues | Keeps data | May not remove malware |
| Full factory reset | Persistent or severe issues | Clean slate | Back up and set up again |
| Carrier PIN & alerts | SIM-swap risk | Blocks port-outs | Extra step to manage |
Checklist
- Update phone and apps
- Android: run Play Protect scan; remove flagged apps
- iPhone: delete unknown profiles in Device Management
- Remove unknown apps; review permissions
- Change passwords from a clean device
- Turn on 2FA (prefer app/security key over SMS)
- Call carrier to lock account and set a PIN if SIM-swap suspected
Glossary
- Configuration profile (iPhone): A file that can change settings, install certificates, or enroll the device in management.
- Play Protect (Android): Google’s built-in scanner that checks apps and can remove or disable harmful ones.
- SIM swap: A fraud where someone moves your number to a new SIM to intercept calls and 2FA codes.
Featured Answer Boxes
What are the signs my phone is hacked?
Fast battery drain, unexplained data spikes, unknown apps or profiles, pop-ups, unfamiliar account logins, texts you didn’t send, and SIM-swap alerts.
How do I fix a hacked phone fast?
Update your phone, run Play Protect on Android, remove unknown apps, delete suspicious iPhone profiles, change passwords, turn on 2FA, and call your carrier if you see SIM-swap signs.
Do codes like *#21# show hacks?
No. They show call-forwarding status, not hacking.
Will a factory reset remove malware?
In most cases, yes. Set up as new and reinstall only trusted apps.
