How to Tell if Your Phone Has Been Hacked

Updated on 4/8/2026 with new research and interviews with Sandra Glading, Online Safety Expert at McAfee, and Ignas Valancius, VP of Engineering at NordPass.

From banking to email to social media, our phones hold the most sensitive parts of our digital lives. That also makes them a prime target for scammers, malicious apps, and in some cases, spyware installed by someone with physical access to the device.

Attacks on smartphone users jumped 29% in the first half of 2025, according to Kaspersky, while a Zimperium report found that 82% of phishing sites now target mobile devices. And scam messages are getting harder to spot. McAfee says Americans now receive an average of 14 scam messages a day across text, email, social media, and phone calls.

For most people, the bigger risk is not a government-grade attack. It is a scam that steals account access, a malicious app, or spyware installed by someone close to them. “You can’t rely on how a message looks as your main signal anymore,” says Sandra Glading, online safety expert at McAfee. “Typos or awkward writing used to be red flags, and while those still exist today, many scams are much more sophisticated – with the help of AI, they can look completely legitimate and still be a scam.”

Here’s how to spot the warning signs, check the most important settings, and protect yourself from the most common ways phones get compromised.

Can you quickly tell if your phone has been hacked?

Usually, no. There isn’t a secret number to dial or a quick code that will tell you for sure whether your phone has been hacked. Viral tips about dialing codes like *#21# or ##21# are not reliable ways to tell whether your phone has been hacked. They only check call-forwarding settings.

What you can do is watch for a pattern of warning signs. A single issue like battery drain or overheating does not automatically mean your phone has been hacked. But when several problems show up together – like unfamiliar apps, unusual data usage, strange account activity, and unexplained performance issues – it is worth taking a closer look.

What Are the Signs Your Phone May Have Been Hacked?

1. Noticeable decrease in battery life

While a phone’s battery life naturally declines over time, a compromised phone may start draining much faster than usual. Malware or spyware can run constantly in the background, using your phone’s resources to scan the device and send information back to a server.

Of course, battery drain alone is not proof your phone has been hacked. Older batteries, heavy app use, and weak cell signals can all shorten battery life, too. But if a sudden drop happens alongside other red flags, it is worth taking seriously.

2. Sluggish performance

If your phone suddenly starts freezing, crashing, or running unusually slowly, malicious software could be overloading its resources or interfering with other apps. You may also notice apps refusing to close properly, random restarts, or the phone becoming unresponsive more often than normal.

That said, low storage can cause many of the same symptoms. If your phone is sluggish, check how much storage you have left before assuming the worst.

3. Phone feels hot when not in use or when charging

Apps running in the background can make any phone warm, but unexplained heat can also be a sign of malware. If your phone feels hot even when it is not being used, something may be working behind the scenes – whether that is a buggy app, aggressive adware, or in rarer cases, malware.

Try restarting the phone and see whether the problem goes away. If it keeps happening and you are also seeing battery drain or strange activity, look more closely.

4. High data usage

A sudden spike in data use is another warning sign. Malware or spyware may quietly send information back to a remote server, which can eat through your monthly data plan faster than usual.

On iPhone, go to Settings > Cellular and scroll down to see which apps are using cellular data. On Android, you can usually find this under Settings > Network & Internet or by searching Settings for “data usage.” If one unfamiliar app is consuming an unusual amount of data, that deserves a closer look.

5. Outgoing calls or texts you didn’t send

If your call log or text history shows activity you do not recognize, take it seriously. Some forms of malware can send texts or place calls to premium-rate numbers, generating charges that benefit the attacker.

Check your phone bill for charges you do not recognize and look for repeated calls or texts to unfamiliar numbers.

6. Mystery pop-ups and apps

Constant pop-ups can be a sign of adware, especially if they appear outside your browser or seem tied to no app you intentionally opened. You may also notice apps you do not remember downloading.

If you find an unfamiliar app, check where it came from. On Android, press and hold the app icon, tap App info, and look for the App details section to see whether it came from the Google Play Store. On iPhone, open the App Store, tap your profile icon, choose Purchased > My Purchases, and search for the app.

7. Unusual activity on accounts linked to your phone

If someone gets access to your phone or the accounts connected to it, the signs often show up elsewhere first. You may see password-reset emails you did not request, sign-in alerts from unfamiliar locations, sent emails you do not remember writing, or new accounts opened using your email address.

This can quickly turn into identity fraud. If you notice unusual account activity, change your most important passwords from a different device before doing a full security sweep of your phone.

If you’re seeing more than one of these warning signs, don’t panic. Many of these symptoms can also be caused by an aging battery, low storage, buggy apps, or poor connectivity. But if several signs are happening at once, the next step is to think about how your phone may have been compromised and lock down your accounts and device.

How Phones Usually Get Compromised

If your phone shows signs of being compromised, the explanation is usually not a sophisticated remote attack. More often, it starts with a phishing message, a malicious app, weak security on your Google or Apple account, or spyware installed by someone with access to your device. Here are the most common ways it happens and what you can do to protect yourself.

1. Phishing messages

For most people, phishing is the most likely starting point. A text, email, or social media message may look like it came from your bank, a delivery company, or even someone you know. The goal is to get you to click a link, scan a QR code, download an app, or simply start a conversation that leads to stolen account information.

These scams have gotten much harder to spot. AI tools now let scammers generate convincing messages in minutes, often copying the tone and branding of companies you trust. The old advice to look for typos and awkward grammar is no longer enough. McAfee found that many people now respond to suspicious messages that do not even include a link, which is how some long-running scams begin.

QR code scams have grown, too. Sometimes called “quishing,” these attacks use malicious QR codes in emails, texts, flyers, or even public places to send people to phishing sites or trigger malware downloads.

Likelihood: Very high.

How to protect yourself: Don’t click links in unexpected texts or emails, even if they appear urgent. Be cautious with QR codes from any source you were not already expecting. If a message appears to be from your bank, delivery company, or the IRS, go to the company’s app or website directly instead of using the link you were sent. And if a message starts an odd or urgent conversation, stop and verify the person another way before replying.

2. Unauthorized access to your iCloud or Google account

Someone does not always need to hack your phone itself to get access to the information on it. If they get into your Apple or Google account, they may be able to reach your backed-up photos, contacts, saved passwords, messages, location history, and email. Once they control your email, they can often use it to reset passwords on your other accounts, too.

This kind of account takeover is one of the most damaging forms of compromise because it can create a chain reaction. One weak password or one successful phishing message can open the door to your social media, shopping, banking, and mobile carrier accounts.

Likelihood: High if you reuse passwords, rely on weak passwords, or do not use strong two-factor authentication.

How to protect yourself: Use a unique password for every account and store them in a password manager. Turn on login alerts so you know when a new device signs in. Use passkeys where available, or an authenticator app instead of text-message verification. (Check our picks for the best authenticator apps.) Apple users should consider enabling Advanced Data Protection for iCloud, and Google users can enroll in the Advanced Protection Program.

3. Malicious or overly invasive apps

Some apps do far more than they claim. They may request access to your location, files, camera, microphone, or contacts when they do not need it to function. In other cases, the app itself may contain malicious code designed to steal data, bombard you with ads, or quietly run in the background.

This is especially common in categories people do not think twice about downloading, such as QR code scanners, PDF tools, battery boosters, memory cleaners, VPNs, camera filters, and unofficial game mods. The risk is even higher if you install apps from outside the Play Store or App Store.

Likelihood: Moderate to high, especially on Android if you sideload apps or install utilities from unfamiliar developers.

How to protect yourself: Stick to official app stores and avoid apps that ask for more permissions than they clearly need. On Android, make sure installs from unknown sources are turned off and check that Google Play Protect is enabled. On both Android and iPhone, review your installed apps regularly and remove anything you do not recognize or no longer use. If an app category has a long history of abuse, like cleaners or QR code scanners, be extra skeptical before installing one.

4. Spy apps installed by someone with physical access

Spy apps are one of the more realistic threats for ordinary people because they do not require an elite hacker. They usually require physical access to the phone, which means the person installing them is often a spouse, partner, employer, or parent. Once installed, these apps can monitor location, texts, calls, email, browsing history, and photos. Some can even activate the microphone.

That is part of what makes this category so disturbing. It is also why the threat often gets overlooked. Many people think about phone hacking as something done by strangers halfway around the world when, in reality, the person snooping may be someone who already knows the phone’s passcode.

Likelihood: Moderate for people in controlling or abusive relationships, lower for everyone else.

How to protect yourself: Use a strong passcode that no one close to you can guess. Review your apps regularly for anything unfamiliar. On Android, make sure “install unknown apps” is turned off. On iPhone, do not jailbreak your device. If you see signs that your iPhone has been jailbroken, such as alternative app stores like Cydia or Sileo, back up your data and reset the phone.

5. SIM swapping

With SIM swapping, a criminal convinces your carrier to move your phone number to a different SIM card they control. Once that happens, they can receive your texts and calls, including one-time security codes used to log into your accounts.

This is still a real threat, especially for people with valuable financial accounts or cryptocurrency holdings. But it can also be used against anyone whose phone number is tied too closely to account recovery.

Likelihood: Lower than phishing, but serious when it happens.

How to protect yourself: Put a strong account PIN on your wireless account and turn on your carrier’s available account lock, SIM protection, or number lock features. And wherever possible, stop relying on SMS for two-factor authentication. Passkeys and authenticator apps are safer. (Read more in our article How to Tell if Your Phone Has Been Cloned or SIM Swapped.)

6. Snooping through fake public WiFi networks

Public WiFi is safer than it used to be because most sites now use HTTPS, but that does not mean it is risk-free. One common trick is for scammers to create a fake hotspot that looks like the legitimate network for a café, hotel, or airport. Once you connect, they may try to redirect you to lookalike login pages or phishing sites.

Likelihood: Moderate, especially when traveling or connecting to open WiFi in public places.

How to protect yourself: Use apps rather than the browser for sensitive tasks like banking and email, and avoid entering passwords after connecting to an unfamiliar network. A VPN adds another layer of protection, especially on public WiFi. We recommend Surfshark and NordVPN and, for a free option, Proton VPN.

7. Remote exploits that target your camera or microphone

This is one of the most common misconceptions about phone hacking. Ignas Valancius, VP of Engineering at NordPass, says that "while many people fear their phone's microphone or camera is being used for spying, such attacks are technically difficult, expensive, and time-consuming. They are not practical for mass attacks and are typically reserved for highly targeted campaigns against high-value individuals, such as political leaders or government contractors. A far more realistic, and often dismissed, threat is a malicious app or website stealing your sensitive data."

Likelihood: Low for most people.

How to protect yourself: Install software and app updates quickly. Security patches matter because attackers often move fast once new vulnerabilities become public.

8. SS7 and weak points in the phone network

SS7 is an older telecom protocol that can be exploited to intercept texts, calls, and location data. It is not the kind of thing most people need to worry about day to day, but it is one reason text-message verification is not as secure as many people assume.

Likelihood: Low as a targeted attack on an ordinary person, but relevant to anyone relying on SMS for account security.

How to protect yourself: Use passkeys where you can, and use an authenticator app instead of text messages for two-factor authentication when passkeys are not available. For private conversations, use end-to-end encrypted apps like WhatsApp and Signal instead of relying on regular SMS.

9. Fake cellular towers, such as Stingrays

Cell-site simulators, often referred to as Stingrays, mimic legitimate cellular towers so nearby phones connect to them instead. That can let operators monitor calls, texts, and location information from phones in the area.

This is real technology used by law enforcement and government agencies, but it is not the kind of threat most people are likely to face in everyday life. It belongs in the “rare but real” category.

Likelihood: Very low for most people.

How to protect yourself: Use encrypted messaging and voice apps if you are in situations that may attract government scrutiny, such as a protest or other sensitive event. Encrypted apps make intercepted data far less useful.

The threats to our phones have gotten more sophisticated, but so have the tools to fight them. In most cases, protecting yourself comes down to a few habits: keep your phone updated, lock down your most important accounts, stay skeptical of unexpected messages, and pay attention when your phone starts acting in ways it normally doesn’t.

[image credit: Suzanne Kantra/Techlicious via Gemini]

Privacy, Phones and Mobile, Mobile Apps, Tips & How-Tos