If you believe your phone has been hacked, start by removing any suspicious apps, updating your phone, and getting access back to any hacked accounts. This will be somewhat time-consuming, but it may help you avoid more serious fallout — like extortion or identity theft.
Before you begin: Try restarting your device. Your phone overheating or slowing down could be because of incompatible apps or corrupted files, and not a hacker.
1. Use antivirus software to scan for mobile malware
iOS and Android have strong privacy settings in place, but they don’t always block unauthorized access without extra help from app developers.
Because of this, a large percentage of Android apps (16-34%) and iOS apps (60%) have no code protection at all. You’re more prone to credential theft and hacks this way.
For iPhone users: iOS's sandboxing prevents traditional "full system scans" (like on a desktop), so you may have to remove suspicious apps yourself.
For Android users: Run a full scan with a reputable antivirus software. Free antivirus tools are often limited to one device and may lack features such as firewalls or real-time protection.
2. Make sure your software is up to date
One of the best ways to remove a hacker (and prevent hacking in the first place) is to enable auto-updates for your apps and OS. Software updates include security patches that block malicious activity and clear up performance issues.
To enable automatic software updates on iPhones:
- Go to Settings → General → Software Update.
- Turn on Automatic Updates, and then turn on iOS Updates.
To enable automatic software updates on Android devices:
- Open the Google Play Store.
- At the top right, tap on your profile icon.
- Go to Manage apps & devices.
- Under Updates available, tap on See details.
- Tap on Update next to the app you want to update.
To update all apps automatically: Tap on Settings → Network Preferences → Auto-update apps. You can also save data by choosing Update apps over Wi-Fi only.
3. Remove any unfamiliar apps
Even seemingly legitimate apps can contain spyware. In May 2024, Anatsa, a banking trojan malware that steals financial account details, was found disguised as both a “PDF Reader & File Manager” and “QR Reader & File Manager” app in the Google Play store. These infected apps had over 5.5 million installs.
To remove unwanted apps on iPhones:
- Find the app you want to delete on your homescreen (or use the search bar).
- Press and hold on the app until the menu appears.
- Tap on Remove App → Delete App.
To remove unwanted apps on Android devices:
- Open the Settings app, tap on Apps & notifications, and then See all apps.
- Select the apps you want to remove, and then tap on Uninstall.
{{hacker-view-widget}}
4. Regain access to hacked accounts
Once you’ve completed steps one through three, you can start to recover your hacked accounts. To restore and secure your most sensitive accounts:
- Hacked Apple ID or iCloud: Follow these steps to recover your account.
- Hacked Google accounts: Change your password and enable additional security settings. If you can't access your account, follow these steps. Per Google, account recovery can take multiple days if two-factor authentication (2FA) is enabled.
- Hacked email addresses: Here’s how to recover a hacked email account hosted by Gmail, Yahoo, or Microsoft.
- Hacked social media accounts: Account recovery steps differ slightly for each compromised social media account. Here's how to recover a hacked account on Instagram, Facebook, X (Twitter), TikTok, Snapchat, and YouTube.
- Hacked online banking accounts: Contact your bank's fraud department by calling the phone number on the back of your debit or credit card.
5. Review and limit app permissions
Some compromised apps ask for permission to access your phone's files, data, settings, GPS location, camera, and microphone. Review your app permissions so that no unwanted apps have control over your smartphone.
To change app permissions on iPhones:
- Open your phone's Settings → Privacy & Security.
- Tap on a category, such as Calendars, Files & Folders, or Photos. You’ll see a list of apps that have requested access. Toggle access on or off.
To stop all apps from requesting permission to track you, go to Settings → Privacy & Security → Tracking, and then turn off Allow Apps to Request to Track (at the top of the screen).
To change app permissions on Android devices:
- Open your device’s Settings app, and tap on Apps.
- Tap on the app you wish to edit, and then tap on Permissions.
- Choose Allow or Don't Allow.
6. Delete your browsing history, cache, and downloads
Deleting your browser history, temporary cache files, and downloads can help remove many simple viruses.
To clear your cache on iPhones:
- Open the Settings app, and then find and select Safari.
- Scroll down, and tap on Clear History and Website Data.
- Choose your selected clear timeframe, and then tap on Clear History.
To clear your cache on Android phones:
- Open the Chrome app, and tap on More in the upper right corner.
- Tap on History and then Clear browsing data.
- Choose a time range. Select All time to delete everything.
- Check the boxes next to Cookies and site data and Cached Images and Files.
- Tap on Clear data.
7. Restore your phone from a previous (and safe) backup
If you have a previous backup of your phone that you made before it got hacked, you can safely restore your phone from that point.
To back up your iPhone to macOS Catalina or later:
- Connect your iPhone to your Mac by using a USB or USB-C cable.
- Open a Finder window by clicking on the Finder icon in the dock.
- Select your iPhone from the list in the Finder sidebar under Locations.
- If there’s a prompt, click on Trust and enter your device passcode to connect.
- In the Finder window, click on the General tab at the top.
- Under the Backups section, choose Back up all of the data on your iPhone to this Mac.
To encrypt your backup and include sensitive data like passwords and health information, select Encrypt local backup, create a password, and click on Set Password. Click on Back Up Now to begin the backup process.
To back up your Android phone’s data to your Google Account:
Go to Settings → Google → All services → Backup.
- If this is your first time backing up data, turn on Backup your device with Google One, and then follow the instructions on your screen.
- If it’s not your first time backing up, select the data you want to back up (Photos & videos, Device data, or both), and then toggle on Backup by Google One.
Backups can take 24 hours to complete. Plan to leave your phone charging and connected to Wi-Fi overnight. You’ll know your data is saved when you see On displayed below each data type.
8. Perform a factory reset on your phone
In the worst-case scenario, you may need to wipe your phone and reset it to its original factory settings. A reset won’t guarantee that you’ll remove all viruses, and it can’t help with hacked accounts. But it can get rid of most types of malware.
To factory reset an iPhone:
- Back up your device to restore data later, including photos and phone numbers.
- Navigate to Settings → General → Transfer or Reset iPhone, and then tap on Erase All Content and Settings.
- Enter your passcode or Apple ID password.
- Confirm that you want to erase your device. After confirming, wait a few minutes for the reset to complete.
To factory reset an Android device:
- Back up your data to your cloud storage service, or transfer files to a computer.
- Note any passwords or account information that you will need to enter after the reset.
- Factory resets can take up to an hour. Charge your phone’s battery to at least 70% before resetting it.
- Tap on Apps → Settings → Backup and reset.
Tap on Factory data reset → Reset Device, and finally Erase Everything.
What To Do in Case of a Hack:
- Freeze your credit with all three bureaus. Freezing your credit stops hackers from using stolen personal data to take out loans or open new financial accounts in your name. To freeze your credit, contact each of the three major credit bureaus individually: Experian, Equifax, and TransUnion.
- Update all of your passwords. Create strong and unique passwords for every account, and enable 2FA whenever possible. Also, use an authenticator app (such as Authy or Google Authenticator), rather than SMS, to get authentication codes.
- Enable a port freeze. This stops scammers from transferring your phone number to a SIM card that they control — a scam called SIM swapping. Some mobile carriers let you lock your SIM directly from your account.
- File an official report with the Federal Trade Commission (FTC). If someone uses your online accounts to impersonate you, report it to the FTC at IdentityTheft.gov. An FTC affidavit can help you prove that your identity was stolen and dispute fraudulent transactions.
- Contact your bank. Ask to cancel any compromised cards and report suspicious transactions as fraud.
- Warn your friends and family. Have them confirm the authenticity of any messages by contacting you directly.
- Sign up for identity and credit monitoring. Aura’s award-winning, all-in-one digital security solution tracks your most sensitive accounts and provides near real-time alerts if you’re being targeted. See how how Aura keeps you safe online →
To Prevent Hacking, Do This:
- Don’t jailbreak your phone. A jailbroken device gives you more customization, but it also makes you a more vulnerable target for viruses. And rooted Android mobile devices are 250 times more likely to be compromised than non-rooted devices.
- Only download apps from official app stores. Both the Apple App Store and Google Play Store have guardrails in place to make sure only legitimate apps are listed. Before you download an app, make sure you know what you're getting and from whom you're getting it.
- Keep your phone with you at all times. Hackers can cause significantly more damage by having physical access to your phone. Lock it with a secure password or biometrics whenever you’re not using it.
- Add a SIM lock. If a hacker attempts to remove your SIM card, it locks and requests a PIN number. Follow these instructions for iOS and Android devices.
- Be wary of public charging stations. Though the Federal Communications Commission (FCC) isn’t aware of any confirmed “juice jacking” incidents, it is theoretically possible to transmit malware through a charging port. Use an AC power outlet or an external power bank instead.
- Create strong passwords for every account. If you reuse passwords, a single security breach can give hackers access to multiple accounts. Use complex passwords for each account, and save them in a password manager. Disregard “remember my password” and auto-fill browser prompts.
- Turn on the Find My phone feature. Besides helping you locate a lost phone, Find My can also help you remotely lock or wipe your phone to prevent unauthorized access to your data.
- On iPhones: Go into Settings, tap on your name, and then Find My. Enable Find My iPhone and Find My network.
- On Android devices: Tap on Google → All Services → Personal device & safety → Find My Device. For Android versions 5.0 and lower, Find My will be in your Google Settings app.
- Disable voice assistants on your lock screen. If you have Siri or Google Assistant available before unlocking your phone, someone could potentially compromise your device with voice commands.
- On your iPhone: Go to your iPhone’s Settings → Siri (or Apple Intelligence & Siri), and then toggle off Allow Siri When Locked.
- On your Android device, say: “Hey, Google, open Assistant settings.” Go to All Settings → Lock Screen and then turn off Allow Assistant on lock screen.
- Use a virtual private network (VPN) when you can. VPNs don’t prevent all hacks, and using public Wi-Fi doesn’t guarantee you’ll get hacked. But a hacker on public Wi-Fi can still see what sites you visit or redirect you to fake pages (DNS spoofing).
- Keep Bluetooth off until you need to pair a device. Active Bluetooth signals — like those used by Find My — can be used to track you. Turning off Bluetooth stops this, but it also means you won’t be part of the Find My network.
- Learn to spot the warning signs of a phishing scam. Keep an eye out for ads on torrent sites, phony emails, and fake text messages containing links. Test your ability to spot suspicious messages with Aura's free Spot the Scam quiz.
It’s unlikely a hacker will take over your entire phone, but a single compromised account is enough to cause trouble.
Aura helps protect you and your family from many different types of online threats. In addition to antivirus software, Aura offers a military-grade VPN, secure password manager, identity monitoring, spam call and text blockers, and 24/7 U.S.-based customer support.