A friend texted me last spring at 2 a.m. Her bank had frozen her account after three transfers she never made. The strange part came earlier that week. Her battery died by lunch. Her phone ran warm in her pocket while it sat idle. A weird app called “System Service” showed up that she swore she never installed. She ignored all of it. Most people do.
That is the trap. The signs your phone has been hacked rarely look dramatic. No skull-and-crossbones pops up. The damage builds quietly in the background while your day looks normal.
Here is a number that should bother you. A 2025 report from mobile security firm Zimperium found that 18.1% of all mobile devices had malware installed. Roughly one in five phones. So ask yourself: when did you last check what your phone is doing when you are not looking? Do you actually know which apps can see your camera right now? Would you catch the warning signs before the money left, or after?
By the end of this guide, you will know exactly how to spot a compromised phone, what to do in the first hour, and how to lock it down for good.
What You Will Learn (And Why Most Guides Get This Wrong)
Most articles on this topic list ten symptoms and stop. That is useless when half those symptoms also describe an aging battery or a buggy update. This guide is built to help you separate real compromise from normal phone weirdness, then act fast.
You will discover the difference between a remote hack, a stalkerware install, and a simple scam. You will get the exact menu paths to check your iPhone and Android for spyware in under ten minutes. You will see an honest comparison of the security apps worth paying for, with current 2026 pricing, and the ones that mostly sell you peace of mind.
I have spent years helping non-technical people clean up after device compromises. The single biggest mistake I see is panic-driven action. People factory reset before backing up evidence. They confront an abuser before securing their accounts. They restore from an infected backup and reinfect themselves on day one.
Here is the contrarian truth. Speed matters less than sequence. The order you do things in decides whether you actually get the intruder out or just hand them a fresh copy of your data. We will fix that.
What Does It Actually Mean for a Phone to Be “Hacked”?
A hacked phone means someone has gained unauthorized access to your device, your data, or both. That access can be remote through malware, or hands-on through software physically installed by someone you know.
These are not the same threat, and they need different responses. Lumping them together is why people waste hours chasing the wrong fix.
Remote malware vs. stalkerware
Remote malware usually arrives through a phishing link, a sketchy app, or a fake update. It targets your money and your logins. Stalkerware is different and often more personal. According to security researchers, these apps are banned from official app stores and rely on someone with physical access planting them on your phone, which is why they are tied to controlling partners and family members. A 2025 breach of the stalkerware operation Catwatchful exposed data from around 26,000 victim devices and over 62,000 paying customers. This stuff is common, cheap, and legal to sell as “monitoring software.”
The practical takeaway is simple. If you suspect a person rather than a faceless criminal, do not touch the phone yet. Acting on the device can alert the abuser. Read the response section first.
What Are the Most Common Signs Your Phone Has Been Hacked?
The clearest signs your phone has been hacked are sudden battery drain, unexplained data spikes, overheating while idle, apps you never installed, and accounts logging you out. One symptom alone usually means nothing. Three or four at once is a pattern worth taking seriously.
Let me break down the ones that actually matter.
Battery Drains Fast and the Phone Runs Hot
Spyware runs hidden background processes that eat power. Security analysts estimate tools like Pegasus, mSpy, and FlexiSpy can increase daily battery use by 15 to 40%. If your phone is warm sitting on a desk doing nothing, that heat is work happening you did not ask for.
Data Usage Climbs for No Reason
Spyware ships your texts, location, and recordings out to a server. That traffic shows up on your bill. Check your data breakdown by app and look for unfamiliar names burning megabytes.
The Camera or Mic Light Flickers When You Are Not Using Them
On iPhone, a green dot means the camera is active and an orange dot means the mic is. On Android, look for the indicator in the top corner. If those light up while your phone is locked on the table, something is watching.
Apps Appear That You Did Not Download
Stalkerware loves boring, official-sounding names like “Phone Manager” or “Device Health.” Outgoing texts you never sent or purchases you never made are red flags too.
Here is what nobody tells you. A genuinely powered-off phone cannot be hacked remotely. So if symptoms persist even after a normal restart, that points to installed software, not a one-time fluke.
How Can Someone Hack Your Phone in the First Place?
Phones get compromised through a handful of repeat offenders: phishing links, malicious or sideloaded apps, unsecured public Wi-Fi, SIM swapping, and physical access to plant spyware. Knowing the entry point tells you where to look.
Phishing is the volume leader. One tap on a fake delivery text or bank alert can silently install tracking software. Sideloaded apps from outside the App Store or Google Play are the next big one, especially on Android, which is more open and therefore more exposed than iOS. Many of these mimic legitimate tools. For a breakdown of what makes an app genuinely safe versus risky, see how to spot dangerous vault and utility apps.
Now, here is the catch with the question everyone asks: can someone hack your phone with just your number? Mostly no. Your number alone lets scammers spoof you, spam you, or attempt a SIM swap, but it does not hand them a live feed of your screen. SIM swapping is the real danger here. An attacker convinces your carrier to move your number to their SIM, then intercepts your two-factor codes. Call your carrier and add a port-out PIN today. It takes five minutes.
Physical access is the most underrated vector. If someone held your unlocked phone for two minutes, they had enough time to install stalkerware. A strong passcode you never share is the cheapest defense you own. If you are unsure whether a PIN or biometric lock is stronger for your situation, this comparison of biometric vs PIN authentication breaks it down clearly.
How Do You Check Your iPhone or Android for Spyware Right Now?
You can audit your phone for spyware in about ten minutes using built-in settings, no special tools required. Do this whenever something feels off, then repeat it monthly.
Follow these steps in order.
- Review your full app list. On Android, open Settings, Apps, then See All Apps. On iPhone, scroll through Settings, General, iPhone Storage. Look for anything generic or unfamiliar. Search the exact app name online before you delete it.
- Check what has camera and mic access. Revoke permissions for any app that has no business with them. A flashlight does not need your microphone.
- Look for rogue profiles. On iPhone, open Settings, General, VPN and Device Management, and delete any configuration or MDM profile you did not add. On Android, check for unfamiliar Device Admin apps under Security settings.
- Check for call forwarding. In your phone dialer, type *#21# and call. This shows whether your calls and texts are being secretly forwarded. It will not catch every threat, but it catches a common one.
- Run a security scan. Use a reputable app to scan for known threats and stalkerware.
The whole process takes longer to read than to do. Set a monthly reminder. Most compromises survive simply because nobody ever looks.
Which Security App Should You Actually Use?
The best phone security app depends on your platform, your budget, and whether you are fighting random malware or a specific person. No single app wins for everyone, and the most expensive option is not automatically the safest.
A free on-demand scanner catches most everyday malware. Paid suites add real-time blocking, web protection, and anti-theft tools. For suspected stalkerware, you want a scanner tuned to flag monitoring apps specifically, since many generic tools only show a vague “threat detected” message. Note that reputable tools will not auto-delete stalkerware, and that is correct behavior, because deleting it can tip off an abuser before you are ready.
Here is an honest comparison based on current pricing and independent testing as of mid-2026.
| App | Price (2026) | Best for | Honest catch |
|---|---|---|---|
| Malwarebytes Mobile | Free; Premium ~$44.99/yr | On-demand malware and PUP scans | Free tier is on-demand only, no live blocking |
| Bitdefender Mobile | ~$15 to $25/yr standalone | Best value real-time protection | Heavier scanning load on older phones |
| Norton 360 Deluxe | ~$49.99/yr | Full suite with anti-theft and dark web monitoring | Caps at 5 devices, pricier on renewal |
| Avast Mobile | Free; paid ~$20 to $40/yr | Strong free Android option | Free version shows ads, higher overhead |
| Certo (anti-spyware) | Paid, varies by platform | Targeted stalkerware detection | Niche tool, less useful for general malware |
In independent AV-Comparatives testing from March 2026, Bitdefender posted a 99.94% online protection rate, which is why I usually point budget-conscious Android users there first. Running a free Malwarebytes scan alongside a paid suite is worth doing, since different engines catch different things. Avoid running two real-time engines at once though. They conflict and slow your phone.
What Should You Do Immediately If Your Phone Is Hacked?
If you confirm a hack, work in this exact order: secure accounts from a different device, then clean the phone, then change passwords again. Doing it out of order is how people reinfect themselves within a day.
Follow this sequence.
- Use a clean device first. On a separate computer or phone, change your most critical passwords starting with email and banking. Your email is the master key to everything else.
- Turn on two-factor authentication everywhere, ideally with an authenticator app rather than text codes, since SIM swaps defeat texts.
- Remove the threat. Delete the malicious app. If it resists, update your OS first, since updates patch the exploits spyware crawls through. Apple’s iOS 17.4 update, for example, closed three zero-day flaws used by commercial spyware.
- Factory reset as a last resort. Back up your photos and contacts manually first, not through a full system backup. Sophisticated spyware can survive inside a backup and reinstall itself when you restore. Set the phone up fresh instead.
- Watch your accounts for a few weeks. Reinfection and follow-up fraud are common.
If you suspect stalkerware from a known person, pause before any of this. Acting on the device can escalate a dangerous situation. Contact a domestic violence support line and use a safe device to plan your next steps.
How Do You Keep It From Happening Again?
Prevention costs almost nothing compared to recovery. The habits that keep your phone yours are boring, which is exactly why they work.
Lock your phone with a strong passcode and biometrics, and never share it. Install apps only from official stores. Update your OS the day patches drop. Audit app permissions monthly. Add a port-out PIN with your carrier to block SIM swaps. Stop tapping links in unexpected texts, even ones that look like your bank.
One underrated layer is knowing when someone has physically attempted to access your phone. Calculator Hide App’s intruder selfie feature silently photographs anyone who enters the wrong PIN, giving you a timestamped record if you ever suspect an unauthorized access attempt. You can download Calculator Hide App free on Android and iOS.
I used to think antivirus on a phone was mostly marketing. I changed my mind after watching how fast stalkerware spreads through ordinary relationships. A reputable security app earns its $20 to $50 a year the first time it flags one hidden monitoring tool.
Frequently Asked Questions
Can someone hack my phone just by knowing my number?
Not directly. Your number lets scammers spoof or spam you and attempt a SIM swap, but it does not give live access to your phone. Protect against SIM swapping by adding a carrier port-out PIN and using app-based two-factor codes instead of text messages.
Does dialing *#21# really show if I am hacked?
It shows whether your calls and texts are being forwarded, which can signal a hack. It is a useful quick check, not a full diagnosis. It will not detect spyware, malware, or stalkerware on its own, so pair it with a proper app audit and security scan.
Will a factory reset remove spyware?
In most cases, yes. A factory reset wipes apps and data, including the majority of malware. The catch is restoring from an infected backup afterward, which can bring spyware right back. Back up only your photos and contacts manually, then set the phone up as new.
Can my phone be hacked while it is powered off?
A truly powered-off phone cannot be hacked remotely. If symptoms continue after a full shutdown and restart, that points to software already installed on the device rather than a live remote attack. Audit your apps and profiles next.
Can iPhones get hacked, or just Android?
iPhones can be compromised, just less often. Apple’s locked-down system and strict App Store review reduce risk, but malicious profiles, phishing, and sophisticated spyware still get through. Stalkerware on iPhone usually requires physical access and your passcode.
How can I tell stalkerware from a normal app?
Stalkerware hides behind generic names like “System Service” and requests heavy permissions for camera, mic, and location. Check Device Admin apps on Android and configuration profiles on iPhone. If a partner mysteriously knows your location or messages, treat that as a strong signal.
Is a free security app good enough?
For everyday malware, a free on-demand scanner like Malwarebytes catches most threats. It will not block bad apps in real time or scan web links. If you handle banking or sensitive work on your phone, a paid suite around $20 to $50 a year is worth it.
My battery drains fast. Am I definitely hacked?
Probably not on its own. Battery drain also comes from age, a buggy update, or background apps. Worry when you see drain plus overheating, data spikes, and unknown apps together. One symptom is noise. A cluster is a pattern.
Should I confront the person I think installed spyware?
No, not before you are safe. Acting on the phone or confronting an abuser can escalate danger. Use a separate, safe device to secure accounts and reach a domestic violence support line for a plan tailored to your situation.
How often should I check my phone for compromise?
Once a month for most people. Review your app list, permissions, and profiles, and run a scan. After any lost-and-returned phone, suspicious link, or relationship change involving someone with access, check the same day.
The Bottom Line
Remember my friend with the frozen bank account? The signs were all there a week early. The hot phone, the dead battery by noon, the app she did not recognize. She was not careless. She just did not know the pattern. Now you do.
Here is your single most important next step, ranked above everything else. Tonight, audit your app permissions and check for unknown profiles. It takes ten minutes and catches the most common compromises before they cost you anything.
My prediction for the next few years is blunt. Stalkerware and consumer spyware will keep getting cheaper and easier to plant, while the warning signs stay subtle. The people who routinely check their phones will be fine. The people who wait for something dramatic will keep finding out too late.
So when did you last actually look at what your phone is doing behind your back?