Skip to main content

Reading is great. Tracking makes it stick. Sign up for a free Dashboard to tick off tasks and see your Security Score.

Get my free Dashboard →
CE: All

What to do if your Android is hacked

If you suspect your Android phone has been compromised, acting quickly can limit the damage. This guide walks you through the warning signs of a hacked phone and the steps to take (in order) to secure your device and accounts.

Unrecognisable person in dark hoodie using a smartphone and laptop

Signs your Android may be compromised

These can indicate malware or unauthorised access, though some have innocent causes too:

  • Battery draining significantly faster than usual without a change in your usage
  • Phone running hot when idle
  • Unexpected data usage: check Settings > Network > Data usage
  • Apps you do not recognise in Settings > Apps
  • Emails or messages sent from your accounts that you did not send
  • Friends reporting unusual messages from your number or accounts
  • New accounts appearing in Settings > Accounts that you did not add
  • Your Google account shows sign-ins from unknown locations

Immediate steps: secure your accounts

Start with your Google account: it is the master key to everything on your Android:

  • Change your Google account password immediately from a different device, a laptop or another phone
  • Enable two-factor authentication on your Google account if not already active
  • Sign out of all devices: myaccount.google.com > Security > Your devices > Sign out of all other devices
  • Change passwords for any other accounts you accessed on the phone, starting with banking and email
  • Contact your bank immediately if you accessed banking apps on the device

Check and clean your device

Once you have secured your accounts, check the phone itself:

  • Run Google Play Protect: Google Play > Profile > Play Protect > Scan
  • Go to Settings > Apps and look for apps you do not recognise: uninstall anything suspicious
  • Check Settings > Accessibility > Installed services: malware sometimes uses accessibility services
  • Check Settings > Device admin apps: legitimate apps rarely need device admin access; remove anything unexpected
  • Remove any Google accounts you do not recognise from Settings > Accounts

Factory reset as a last resort

If you cannot identify and remove the problem, a factory reset wipes everything and starts fresh:

  • Backup contacts and photos first: a backup made while the phone is compromised may back up the threat too
  • To factory reset: Settings > System > Reset > Factory data reset
  • After reset, restore from a backup made before the incident if possible
  • Re-install only the apps you genuinely need
  • Report to Action Fraud if you have lost money or personal data: actionfraud.police.uk

Track your Android security progress. Free.

Create a free account to tick off tasks, see your Security Score improve, and know exactly what you've done and what's still to do.

Start your free security check
← Back to Android Security Hub