Ryan Toohil has a BS in Computer Engineering from Virginia Tech and holds multiple patents in the web services domain. As the CTO at Aura, he leads the platform, information security, and corporate IT teams.
Jory MacKay is a writer and award-winning editor with over a decade of experience for online and print publications. He has a bachelor's degree in journalism from the University of Victoria and a passion for helping people identify and avoid fraud.
To remove a hacker from your phone, you need to update software and apps, carefully review permissions and account settings, and delete all suspicious apps, files, and downloads. It’s a somewhat time-consuming process — but one that could save you from the grueling consequences of hacking, extortion, and even identity theft.
Unfortunately, hackers are targeting smartphones more than ever. According to a recent annual security trend report [*]:
40% of smartphone owners have known vulnerabilities on their mobile devices.
If you’re seeing any of the warning signs indicating that your phone has been hacked, you need to follow these steps immediately to protect your personal information, money, and accounts.
{{show-toc}}
How Do Phones Get Hacked? 7 Warning Signs
The good news is that it’s unlikely your phone can be fully hacked in the traditional sense.
Both Apple iPhones and Android smartphones have security measures in place that make it hard for hackers to gain full access to a user’s device and all of its data.
Instead, most phone hacking comes from downloading malicious apps, clicking on phishing links, SIM swap scams, or other social engineering attacks that can give bad actors access to your online accounts — including your email, mobile banking apps, and social media accounts.
Look for these common red flags if you think your phone has been hacked:
You’re locked out of an account. If you suddenly can’t log in to your mobile banking, email, or social media accounts, your phone (or accounts) may be compromised. Also check for unfamiliar logins, new account sign-ups, and password reset emails.
Your phone’s battery loses its charge faster than usual. Watch out for a quick-draining battery, hot device, odd sounds, or frequent crashes due to malware.
Spikes in data usage. Malicious programs may run constantly or send data in the background, leading to unexpected charges on your phone bill.
More pop-ups than usual. Scammers can infect your device with adware, which disrupts your browsing experience and exposes you to phishing scams.
Unfamiliar apps. Some hackers install new apps on your device, often containing hidden malware designed to steal your personal information.
Strange messages, calls, or emails sent from your phone. If your friends and contacts receive unusual messages from your phone number, your phone has probably been hacked.
Unfamiliar photos or screenshots. Hackers may try to access your camera to take photos or record videos without your knowledge. You may even notice photos appearing or disappearing from your camera roll.
The bottom line: Phone and account hacking puts your privacy and security at risk. Consider installing an all-in-one antivirus and digital security solution on your phone.
How To Remove a Hacker From Your Phone (Android and iOS)
If you believe your phone has been hacked, you’ll want to quickly diagnose the problem. Start by removing any malicious software and apps, updating your operating system, and regaining access to hacked accounts.
Before you begin: First, try restarting your device. Your issues may be caused by incompatible apps or corrupted files rather than a hacker. If restarting your device resolves the problems, you probably don't need to follow the steps below.
1. Use antivirus software to scan for mobile malware or viruses
Smartphone operating systems — especially on iPhones — use a closed ecosystem to prevent malicious apps from accessing all of your data and information. Still, hackers can use malware to access your files and photos, track your keystrokes, or spam you with ads and pop-ups.
Zimperium’s 2023 Global Mobile Threat Report found that [*]:
Approximately 23% of Android apps and 24% of iOS apps contained malware.
For iPhone users: There is currently no such thing as antivirus for iPhones, as iOS doesn’t allow third-party apps to fully scan devices. Instead, you’ll need to manually find and remove potentially dangerous or unwanted apps.
For Android users: Run a full scan by using reputable antivirus software. Beware of free scanners, as these may be limited in scope.
🔎 Get award-winning antivirus and digital security. Aura’s award-winning digital security app includes powerful Android antivirus software and advanced mobile security tools for smartphones, tablets, and computers. Download Aura today.
2. Make sure your operating system (OS) and software are up to date
Software updates include security patches that can prevent hacking and even clear up performance issues. One of the best things you can do to remove a hacker (and prevent hacking in the first place) is enable auto-updates for your apps and operating system.
How to enable automatic software updates on iPhones:
Go to Settings > General > Software Update.
Tap on Automatic Updates, and then turn on Download iOS Updates.
Turn on Install iOS Updates. Your device will automatically update to the latest version of iOS. Some updates might need to be installed manually.
How to enable automatic software updates on Android devices:
Open the Google Play Store.
At the top right, tap on your profile icon.
Go to Manage apps & device > Manage.
Find the app you want to update automatically, and then tap on it to view its Details page.
Next, tap on More, and then turn on Enable auto-update.
To update all apps automatically: Tap on Settings > Network Preferences > Auto-update apps. You can also save your data by choosing to update your apps "Over Wi-Fi only."
3. Remove any suspicious apps that you don’t recognize
Unfamiliar apps are among the telltale signs of a phone hack and should be removed immediately.
Even seemingly legitimate apps can contain malware. Earlier this year, Anatsa, a banking trojan malware that steals financial account details, was found disguised as both a “PDF Reader & File Manager” and “QR Reader & File Manager” app in the Google Play store — with nearly 250,000 downloads [*].
How to remove unwanted apps on iPhones:
Find the app you want to delete on your homescreen (or use the search bar).
Hold down on the app until the menu appears.
Select Remove App > Delete App.
How to remove unwanted apps on Android devices:
Open the Settings app, tap on Apps & notifications, and then See all apps.
Select the apps you want to remove, and then tap on Uninstall.
Pro tip: Old or unsupported apps can also leave you vulnerable. Veracode’s 2024 State of Software Security report found unresolved flaws in 80% of all active apps [*]. If you’re not regularly using an app, it’s best to delete it (along with your account for that app).
4. Regain access to hacked accounts
Once you’ve removed malware and unwanted apps that could give hackers backdoor access to your device, you can start to recover your hacked accounts.
Here’s how to secure your most sensitive accounts:
Hacked iCloud accounts: If your Apple ID or iCloud accounts are hacked, you can follow these steps to recover your account.
Hacked Google accounts: Attempt to log in to your account to change your password and enable additional security settings. If you can't access your account, follow these steps. Note that Google advises that account recovery requests can be delayed for several days, especially if you have two-factor authentication (2FA) enabled [*].
Hacked email accounts: Follow the email service provider’s instructions. Here’s how to recover a hacked email account hosted by Gmail, Yahoo, or Microsoft.
Hacked social media accounts: Your account recovery steps will differ slightly for each compromised social media account. Here's how to recover a hacked account on Instagram,Facebook, X (Twitter), TikTok, Snapchat, and YouTube.
Hacked online banking accounts: Contact your bank's fraud department directly by calling the phone number on the back of your bank card.
Some malicious or compromised apps ask for permission to access your phone's files, data, settings, GPS location, camera, and microphone. Regularly review your app permissions to ensure that no unwanted app has control or access to your smartphone.
How to change app permissions on iPhones:
Open your phone's Settings app, and tap on Privacy.
Tap on an app to see its current permissions.
To stop all apps from asking permission to track you, go to Settings > Privacy & Security > Tracking, and then turn off Allow Apps to Request to Track (at the top of the screen).
How to change app permissions on Android devices:
Open your device’s Settings app, and tap on Apps.
Tap on the app you wish to edit, and then tap on Permissions.
You can edit any permission setting by tapping it and choosing Allow or Don't Allow.
6. Delete your browsing history, cache, and downloads
Deleting your browser history, temporary cache files, and downloads can remove many simple viruses. It may not work for sophisticated malware, but it’s a fast and safe way to clear your phone of potentially malicious files.
How to clear your cache on iPhones:
Open the Settings app, and then select Safari.
Scroll down, and tap on Clear History and Website Data.
How to clear your cache on Android phones:
Open the Chrome app, and tap on More in the upper right corner.
Tap on History and then on Clear browsing data.
Choose a time range. Select All time to delete everything.
Check the boxes next to Cookies and site data and Cached Images and Files.
Tap on Clear data.
{{hacker-view-widget}}
7. Restore your phone from a previous (and safe) backup
If you have a previous backup of your phone that you made before it got hacked, you can safely restore your phone from that point.
Android and Apple iOS phones support free cloud-enabled backups but have limited storage space. You can purchase additional storage space from Google (for Android) or Apple (for iOS).
How to back up your iPhone’s data to a Mac:
The first time you sign in to an iPhone with your Apple ID, you get 5GB of free iCloud storage [*]. When you connect an iPhone to your computer, iTunes automatically backs up your device.
You can also back up your device manually at any time:
Connect your iPhone to the computer with a USB or USB-C cable or a Wi-Fi connection.
Open iTunes on your computer, and click on the Device button near the top left.
Click on Summary > Back Up Now.
On iOS 3.0 or later, iTunes can encrypt your backups to secure your data. To encrypt your backups, select Encrypt [device] backup, create a password, and then select Set Password.
How to back up your Android phone’s data to a PC:
Go to Settings > Google > Backup.
Look for Backup to Google Drive with a toggle next to it. (If you have Google One on the account you are signed in to, this option may be Backup by Google One.) Check to make sure that the toggle is switched on.
Tap on the Back up now button. Remember that backups can take several hours to complete. Leave your phone plugged into a charger and connected to Wi-Fi overnight.
In the worst-case scenario, you may need to “wipe” your phone and reset it to its original factory settings. While this won’t guarantee that you’ll remove all viruses (and it can’t help with hacked accounts), it’s one of the best ways to troubleshoot and help determine where the problem is coming from.
How to factory reset an iPhone:
Back up your device to restore data later, including photos and phone numbers.
Navigate to Settings > General > Transfer or Reset iPhone, and then tap on Erase All Content and Settings.
Enter your passcode or Apple ID password.
Confirm that you want to erase your device. After confirming, wait a few minutes for the reset to complete.
How to factory reset an Android device:
Back up your data to your Google account, cloud storage services, or transfer files to a computer.
Deactivate Factory Reset Protection (FRP). This security feature asks you to enter the Google password associated with the device before and after a factory reset. You can disable FRP by going to Settings > Security.
Note any passwords, PINs, or account information that you will need to enter after the reset.
Tap on Apps> Settings> Backup and reset.
Tap on Factory data reset > Reset Device and finally Erase Everything.
Note: A factory reset will delete your device's apps, data, and settings. Ensure that you save important data to an external device before resetting your phone to its factory state.
Was Your Phone Hacked? Take These Steps To Protect Yourself!
Freeze your credit with all three bureaus. Freezing your credit prevents hackers from using stolen personal data to take out loans or open new accounts in your name. To freeze your credit, contact each of the three major credit bureaus individually — Experian, Equifax, and TransUnion.
Update all of your passwords, and enable two-factor authentication (2FA). Create strong and unique passwords for every account, and enable 2FA whenever possible. For added security, use an authenticator app (such as Authy) rather than SMS for receiving authentication codes.
File an official report with the Federal Trade Commission. If someone uses your online accounts to impersonate you, report it to the FTC at IdentityTheft.gov. An FTC affidavit can help you dispute fraudulent accounts and prove that your identity was stolen.
Contact your bank, and cancel compromised cards and accounts. Contact your bank and ask them to cancel your cards until you regain control over your account.
Warn your friends and family. Make sure all of your contacts know that they can’t trust SMS messages and phone calls that appear to come from you. Ask them to confirm the authenticity of any messages by contacting you directly.
Sign up for identity and credit monitoring. Identity theft and fraud don’t always happen right away. Aura’s award-winning all-in-one digital security solution tracks your most sensitive accounts and provides near real-time alerts if you’re being targeted. Learn more about how Aura keeps you safe online →
Hackers know that your phone contains sensitive information and photos, financial details like credit card numbers, and access to your online accounts.
You can boost your phone’s security and help protect yourself from hackers by following these steps:
Don’t jailbreak your phone. While a jailbroken device can give you more customization options, it makes you a much more vulnerable target for viruses and hacking. Digital privacy expert Attila Tomaschek warns that, “Users who have jailbroken their iPhones are at a considerably greater risk of having their device infected with malware” [*].
Only download apps from official app stores. Both the Apple App Store and Google Play Store have security measures in place to ensure that only legitimate apps are listed. While malicious apps occasionally slip past them, you’re still safer sticking to apps that are hosted here.
Keep your phone with you. Hackers can do much more damage if they have physical access to your phone. Keep an eye on your phone, especially in public places, and make sure you lock it with a secure password or biometric security.
Create unique and strong passwords for every account. If you reuse passwords, a single security breach can give scammers access to multiple accounts. Instead, make sure you’re using unique and complex passwords for each account (and save them in a secure password manager).
Turn on the “Find My” phone feature. A lost phone should be regarded as a serious security issue. The Find My phone feature can help you locate or even remotely lock and wipe a lost phone to help prevent hackers from accessing your data.some text
On iPhones: Go into Settings, tap on your name, and then Find My. Enable Find My iPhone and Find My network.
On Android devices: Tap on Google, and then All Services. (For Android versions 5.0 and lower, go to Google Settings.) Tap on Find My Device and ensure that it’s turned on.
Disable voice assistants on the lock screen. If you have Siri or Google Assistant available before you unlock your phone, someone could compromise your device with voice commands. Follow the steps below to disable these voice assistants:some text
On iPhones: Go to your iPhone’s Settings and tap on Face ID & Passcode or Touch ID & Passcode. Turn off Siri.
On Android devices: On your phone, say: “Hey, Google, open Assistant settings.” Go to All Settings > Lock Screen and then turn off Allow Assistant on lock screen.
Enable automatic updates for your phone’s operating system. Installing the latest OS is crucial so that your phone receives security patches and stays ahead of emerging threats.
Learn to spot the warning signs of a phishing scam. Watch out for phony emails and suspicious text messages containing links — these could initiate a malware download that gives hackers access to your phone.
Use a Virtual Private Network (VPN) on public Wi-Fi networks. Cybercriminals can intercept data sent over unsecured Wi-Fi networks and use it to discover your login details or other sensitive information. Use a VPN to hide your browsing activity and data, or turn off Wi-Fi and use your phone’s mobile data.
While a hacker completely taking over your phone is somewhat unlikely, the impact of any compromised sensitive account or device can be devastating.
Aura helps protect you and your family from many different types of malware and cyberattacks. Aura’s all-in-one solution includes antivirus software, a military-grade VPN, secure password manager, identity monitoring, an optional AI-powered spam call and text blocker, and more.
Editorial note: Our articles provide educational information for you to increase awareness about digital safety. Aura’s services may not provide the exact features we write about, nor may cover or protect against every type of crime, fraud, or threat discussed in our articles. Please review our Terms during enrollment or setup for more information. Remember that no one can prevent all identity theft or cybercrime.
Is this article helpful so far?
Yes
No
Skip
Need an action plan?
No items found.
Is your child ready for a cell phone? Take this quiz to find out.