Your phone holds more of your life than your filing cabinet, your bank safe, and your diary combined. Kaspersky''s security network blocked 47 million mobile attacks in a single quarter in 2025 — and most people don''t realize their phone has been hacked until their bank calls, their Instagram gets hijacked, or someone they''ve never met knows things they shouldn''t. The damage is already done by then.
The threat landscape in 2026 isn''t the same one your parents worried about. Attackers deploy AI-driven malware that rewrites its own patterns to evade detection. Android adware detections nearly doubled in the second half of 2025. Stalkerware remains a grim reality in domestic abuse cases, and banking trojans have evolved from simple encryption attacks to data-only extortion. This isn''t paranoia. It''s the environment your phone lives in. Knowing the signs that actually matter — and what to do when you see them — is the difference between catching compromise early and cleaning up the mess afterward.
The warning signs that actually matter
Not every glitch means you''re compromised. Phones slow down, batteries age, and apps misbehave. The signs your phone is hacked that security experts take seriously are the ones that show up in clusters or persist across reboots. Run through this phone security checklist and treat multiple hits as a reason to act.
Battery drain and overheating when you''re not using the phone. Malware runs in the background. It uses CPU, radios, and sensors — and that shows up as battery life that tanks overnight or a device that runs warm in your pocket while idle. If your battery stats show an app you don''t recognize near the top, or "Android System" or "iOS" consuming far more than usual with no obvious explanation, dig deeper.
Unexplained data usage spikes. Data exfiltration — sending your photos, messages, or keystrokes to a remote server — burns through your plan. Check your carrier''s usage breakdown and your phone''s data-by-app settings. If something is pulling gigabytes and you didn''t stream a four-hour movie, that''s a red flag.
Apps you didn''t install. Obvious, but people still miss them. Scroll through every screen of your app drawer. On Android, check Settings > Apps and look for anything with generic names like "System Service" or "Battery Manager" that you didn''t add. Also check Settings > Accessibility (or similar) for services you didn''t enable — stalkerware and keyloggers often hide there.
Pop-ups and redirects outside your browser. Occasional ad pop-ups inside a sketchy website are one thing. Full-screen ads, redirects to app stores, or prompts that appear when you''re not in a browser at all are classic signs of adware. Android adware surged 90 percent in the second half of 2025; if your phone is suddenly an ad machine, it may be infected.
Calls, texts, or charges you didn''t make. Check your call and message logs. If you see outbound calls or texts to numbers you don''t know, or premium-rate charges on your bill, your account or device may be compromised. Same goes for subscription charges for services you never signed up for.
Accounts locked out or password-reset emails you didn''t request. Credential stealers and phishing campaigns target your email and social logins. If you''re suddenly locked out of Google, Apple, or your bank, or you''re getting "someone requested a password reset" emails you didn''t trigger, assume your credentials are in play. Act from a different, trusted device.
Camera or microphone indicator lights turning on unexpectedly. On iPhones and many Androids, a green or orange dot appears when the camera or mic is in use. If you see it when no app should be using them — you''re not on a call, not in the camera app — spyware may be active. This is a strong signal, not a maybe.
"No Service" or "SOS Only" when you normally have signal. If your cellular connection drops without explanation and Wi-Fi still works, you could be the victim of a SIM swap. Attackers transfer your number to a SIM they control to intercept two-factor codes and take over your accounts. Check with your carrier immediately and look for any "SIM change completed" or similar messages you didn''t authorize.
The codes and settings you should check right now
Some checks take 30 seconds. Dial these codes on your phone''s keypad (they work on many carriers worldwide; output varies by carrier and device). They don''t prove you''re hacked, but they can reveal call forwarding or other tampering that attackers use to intercept your calls and SMS.
*#21# — Shows whether unconditional call forwarding is on (all calls sent elsewhere). *#62# — Shows forwarding when your phone is unreachable. *#004# — Shows status of all conditional forwarding. If any of these return a number you don''t recognize, someone may be diverting your calls. To turn off forwarding, dial ##21#, ##62#, or ##004# (and similar for other codes). Carrier documentation or customer service can confirm the exact codes for your region.
On iPhone, go to Settings > Privacy & Security > App Privacy Report to see which apps have accessed your location, camera, microphone, and other sensitive data in the last seven days. Look for patterns that don''t match your usage. If you''re on iOS 16 or later, use Safety Check (Settings > Privacy & Security > Safety Check) to quickly review and reset who has access to your information — important if you''re leaving an abusive situation or suspect stalkerware.
On Android, open Settings > Security > Google Play Protect and run a scan. Then go to Settings > Apps and review Device Admin / Device Administrator apps — nothing should be there unless you deliberately added it (e.g., a work MDM). Remove anything unfamiliar. Check for configuration profiles (Settings > General > VPN & Device Management on some builds) and delete profiles you didn''t install.
What to do if your phone has been compromised
If two or more of the warning signs above match what you''re seeing, don''t panic — but do act in order. First, disconnect the device from Wi-Fi and mobile data to limit further data leakage. Then, from a different device you trust (a friend''s phone, a library computer), change the passwords for your email, banking, and critical accounts. Sign out of all sessions so the attacker loses access even if they had a valid password.
Run a reputable mobile security scan. In 2025 testing by AV-Comparatives, Malwarebytes was among the products that achieved 100 percent detection of stalkerware samples; Google Play Protect detected only 53 percent. A scan won''t catch everything — especially sophisticated or state-level spyware — but it can remove adware, many trojans, and consumer-grade stalkerware.
If you use the phone for banking or work, or you''ve seen clear signs of credential theft, back up what you need and perform a factory reset. Restore only essential apps from the official store and avoid restoring from a backup that might reinstall something malicious. After resetting, re-enable two-factor authentication everywhere — and prefer an authenticator app or hardware key over SMS, since SMS can be intercepted via SIM swap.
Contact your carrier. Ask them to check for unauthorized SIM or device changes and to set a port-out PIN or number-transfer lock so your number can''t be moved without that PIN. If you''re in an abusive relationship and suspect stalkerware, contact the National Domestic Violence Hotline (1-800-799-7233) or a local organization before removing the software; abusers may escalate when they lose access, and experts can help you plan a safe response.
The line between "hacked" and "not hacked" is blurring. Modern malware is quieter, more efficient, and increasingly AI-assisted. Some infected phones never overheat or slow down. Treat this checklist as a habit — something you run through when something feels off — rather than a one-time drill. Your phone is the key to the rest of your digital life. Knowing how to tell if it''s been compromised is the first step to keeping it yours.
Frequently Asked Questions
What does it mean when your phone has been hacked?
When your phone has been hacked, someone has gained unauthorized access to your device, data, or accounts. This can mean malware (viruses, spyware, adware) is installed, your credentials have been stolen, or your number has been SIM-swapped. Signs include strange battery drain, unknown apps, unexpected charges, and account lockouts. A phone security checklist helps you spot and respond to these signs.
Can someone hack my phone without me knowing?
Yes. Modern malware is designed to run quietly. AI-driven threats and sophisticated spyware often avoid obvious signs like slowdowns or overheating. You might not notice until you see account alerts, unexpected data usage, or odd behavior. That''s why checking for signs your phone is hacked regularly — including USSD codes for call forwarding and app permission reviews — is important.
Is my phone hacked or just slow?
Slowness alone usually isn''t enough to say your phone is hacked. Old batteries, too many apps, or a full storage can cause lag. Look for combinations: slow performance plus battery drain when idle, unexplained data use, unknown apps, or pop-ups outside the browser. If several of these appear together, treat it as a possible compromise and run a mobile malware scan and the checks in this guide.
How do I check if my iPhone has been hacked?
On iPhone, go to Settings > Privacy & Security > App Privacy Report to see which apps used your camera, microphone, and location recently. Use Safety Check (iOS 16+) under the same menu to review and revoke access. Look for unfamiliar apps, configuration profiles (Settings > General > VPN & Device Management), and unexpected "No Service" that could indicate SIM swap. Run a reputable security scan and check for the other warning signs in this phone security checklist.
What number can I dial to see if my phone is hacked?
Dial *#21# to check unconditional call forwarding, *#62# for when-unreachable forwarding, and *#004# for all conditional forwarding. If any return a number you didn''t set, forwarding may be enabled by an attacker. Dial ##21#, ##62#, or ##004# to disable. Codes can vary by carrier and country — confirm with your carrier. These don''t prove your phone has been hacked but can reveal call/SMS diversion.
Should I factory reset a hacked phone?
If you''ve seen clear signs your phone is hacked — especially involving banking, work, or account takeovers — a factory reset is the most reliable way to remove malware. Back up only essential data, then reset and reinstall apps from the official store. Avoid restoring from a backup that might reinstall the same threat. After resetting, change passwords from another device and enable authenticator-based 2FA.
How do I prevent my phone from being hacked in 2026?
Keep your OS and apps updated, use strong passcodes and biometrics, and enable two-factor authentication with an authenticator app or hardware key instead of SMS. Download apps only from official stores, review app permissions and accessibility settings, and set a port-out PIN with your carrier. Avoid public Wi-Fi for sensitive tasks and don''t click suspicious links. This phone security checklist, run periodically, helps catch compromise early.