Your phone is a goldmine of location data, messages, photos, and access to money. That’s why cybercriminals have steadily shifted attacks to mobile, from rogue apps and stalkerware to zero‑click exploits that need no tap at all. Verizon’s Data Breach Investigations Report has long found that the human element drives the majority of breaches—phishing texts and social engineering start many intrusions—making vigilance on handhelds essential.
Advanced spyware tries to stay invisible, but most compromises leave fingerprints. Here are five reliable warning signs your phone may be hacked—and the precise moves to shut attackers out fast.
1. Battery Drains Fast or Phone Overheats
Persistent spyware records audio, harvests location, or uploads files in the background, all of which burn power. If your battery suddenly tanks or the device runs warm even when idle, treat it as a red flag. Check per‑app usage in Settings; unknown services high on the list deserve scrutiny.
How to fight it: On iPhone, open Settings > Battery and review the 24‑hour and 10‑day views. On Android, go to Settings > Battery > Battery Usage. Update the OS immediately, then reboot; the US National Security Agency has advised regular reboots to disrupt some zero‑click malware. If the issue persists, boot Android into Safe Mode to isolate third‑party apps, and run a scan with a reputable mobile security app from a known vendor.
2. Performance Lags or Frequent App Crashes
Keyloggers, adware, and trojans often hook into accessibility services or overlay the screen, which can stall animations, freeze apps, or crash the phone. Watch for flickering, pop‑ups requesting unusual permissions, or apps that take far longer to open than before.
How to fight it: Audit permissions. On Android, visit Settings > Privacy > Permission Manager and look closely at Accessibility, SMS, Call Logs, and Install Unknown Apps. On iPhone, check Settings > Privacy & Security and Profiles/VPN. Revoke anything that looks out of place and uninstall the offending app. Keep at least 10% storage free—low headroom can magnify crashes and mask what’s really going on.
3. Unfamiliar Logins or Verification Codes You Didn’t Request
Alerts about new sign‑ins from odd locations—or a burst of two‑factor codes you never asked for—suggest your credentials are circulating and someone is testing them, possibly using a session stolen from your phone. This is common after SMS phishing or malicious browser redirects. Google’s Threat Analysis Group and academic teams like Citizen Lab have documented campaigns that quietly harvest tokens from mobile browsers.
How to fight it: Change the password from a clean device and enable phishing‑resistant 2FA (security keys or passkeys where available). Review active sessions and sign out everywhere (Google Account, Apple ID, Microsoft, social networks). Check email rules for stealthy forwarding. If your phone suddenly drops to “Emergency calls only” or loses texts, call your carrier immediately to rule out SIM‑swap fraud.
4. Storage Shrinks With No Clear, Obvious Cause
Spyware and stalkerware often cache recordings, screenshots, and data logs locally before exfiltrating them. That bloat usually piles into “System” or “Other” storage. If free space nosedives without new photos, videos, or apps, investigate.
How to fight it: On iPhone, go to Settings > General > iPhone Storage to spot outsized or unknown entries. On Android, open Settings > Storage and drill into Categories and Files to surface hidden folders. Remove suspicious sideloaded packages, disable “Install unknown apps,” and delete any configuration profiles, root certificates, or VPNs you don’t recognize.
5. New Apps, Settings, or Call Behavior You Didn’t Change
Mystery icons, a hijacked browser homepage, or callers saying your line goes straight to voicemail can all indicate tampering. Criminals sometimes enable unconditional call forwarding to intercept one‑time passcodes, then pivot into your accounts.
How to fight it: Uninstall unknown apps; on Android, first check Settings > Security > Device Admin Apps and revoke admin rights if needed. In the Phone app, review call forwarding and voicemail settings. You can also use carrier USSD queries (the short service codes offered by your provider) to display or disable active forwarding—your carrier’s support pages list the exact codes.
Immediate Steps If You Suspect a Compromise
Disconnect from untrusted networks, enable Airplane Mode, and then methodically triage. Update iOS or Android to the latest release, since many mobile campaigns rely on known bugs that patches close.
Remove suspicious apps and revoke risky permissions. Reset your browser to default, clear unknown profiles on iPhone, and delete untrusted certificates or VPNs on Android. Change high‑value passwords from a separate, clean device and turn on account alerts. Where possible, adopt passkeys—platform makers and standards bodies emphasize they resist phishing far better than passwords.
If symptoms persist, back up essentials (photos, contacts), then perform a factory reset. On restore, avoid sideloading and reinstall only what you truly need. If you suspect call or SMS diversion, ask your carrier to reset forwarding and re‑provision your SIM or eSIM.
For high‑risk users—journalists, activists, executives—consult security teams or digital rights groups experienced with targeted mobile spyware. Google’s Project Zero and independent labs have shown that sophisticated threats exist, but for most people, quick action on these five signals closes the door long before attackers settle in.
