This article was co-authored by Aydin Yildiz and by wikiHow staff writer, Nicole Levine, MFA. Aydin Yildiz is an Electronics Repair Specialist and the Founder of Aasha Inc. With more than five years of experience, he specializes in phone, tablet, and computer repairs. Aydin holds an MBA from Southern States University.
There are 15 references cited in this article, which can be found at the bottom of the page.
This article has been fact-checked, ensuring the accuracy of any cited facts and confirming the authority of its sources.
This article has been viewed 114,208 times.
It can feel stressful and daunting when someone gets control of your phone. If you suspect that someone hacked your Android device, don't worry—removing the hacker and their point of entry isn't as hard as you'd think, and wikiHow is here to walk you through the steps. We'll show you common signs that you've been hacked or have malware, walk you through fixing your hacked device, and help you improve your Android's security to avoid future hacks.
Quick Steps
- Reset your device.
- Restart your phone in safe mode.
- Take away administrator access and apps.
- Remove any apps that seem unfamiliar.
- Disable app installs from unknown sources.
- Change your Google account password.
- Install antimalware software and monitor your phone.
Steps
Signs Your Android is Hacked
-
Pop-ups and performance issues. If your device is running slowly and a reboot doesn't seem to help, a hacker may have installed malware on your phone. You may also notice a lot of pop-ups, including ads and demands for payment, as well as poor battery performance.[1]
-
Apps you didn't install. If you find strange apps in your app list or on your home screen, they may have been installed by someone who has access to your phone. But because apps installed by hackers might be more hidden than your other apps, the best place to look is in the Apps section of the Settings app.Advertisement
-
Unrecognized texts and emails. If a hacker has access to your phone, they may be using it to send messages to other people, including your contacts. Check for messages you didn't send in your text conversations, as well as in the Sent folder of your email app.[2]
- It's also possible that someone is spoofing your phone number or email address, which would mean they don't actually have access to your phone.
-
A sudden increase in data usage. If you're suddenly using a lot more of your data plan than usual, malware on your phone may be using the internet without you realizing it. To check your data usage, open your Settings and tap Data Usage. Be especially wary if the bulk of your data usage is coming from an app you don't recognize.[3]
- Of course, this only applies if you haven't recently changed your internet habits. If you're suddenly watching more videos or downloading more media through messaging apps, the increase in data usage is probably justified.
Remove the Hacker
-
Consider resetting your device. As long as you back up or sync your device's data to your Google account, one of the ways to get rid of a hacker is to perform a factory reset of your phone.[4]
- Keep in mind that resetting your device will delete all of its data. However, as long as your photos, videos, contacts, and personal data are synced to your Google account, it'll resync back to your device once you sign back in.
- After resetting your phone, change your Google account password if the hacker has access to your account. You can do so in the Settings app—just go to Google > Manage your Google Account > Security > "'Signing in to Google"' > Password to do so from your device.[5]
-
Reboot into safe mode. If you want to try removing hackers and malware without erasing your device and starting over, start by entering safe mode:
- Press and hold the power button on your device.
- When the power options appear, tap and hold Power Off.
- When prompted, tap Reboot to safe mode.[6]
- If this doesn't work, try powering off your device. Then, press and hold the power button until your device turns back on, hold down the Volume Down key until you see "Safe mode" on the screen.[7]
- These steps might only work with Samsung devices. Check your manufacturer's site for steps on how to boot into Safe mode on your device.
-
Remove administrator access and apps. Hackers will often install apps with administrator privileges on target Androids, including crypto miners, keyloggers, and spyware tools. Before you start removing apps, you'll want to check for and deactivate device administrator apps:
- Open Settings.
- If your Settings menu has a search tool, search for admin and tap either Device admin apps or Device Administrators.[8]
- If that doesn't work, go to Security > Advanced > Device admin apps or Lock screen & security > Other security settings > Device administrators.
- If you see any apps you don't recognize, toggle off its switch to deactivate its administrative rights, or select the app and tap Deactivate.
- Some admin apps are installed by the manufacturer (or your workplace) and are necessary to remain active to run properly, so only deactivate the ones that you know aren't required.
-
Delete unrecognized apps. Whether you've found any odd apps with administrator rights or not, you'll want to go through all of your apps and delete the ones you didn't install. If you see some apps that came preinstalled on your phone, you might not be able to remove those, but others are easy to uninstall from your app list or in the Settings app under Apps.EXPERT TIPTechnology SpecialistBrandon Phipps is a Technology Specialist based in Bakersfield, CA. He is the owner of Second Star Technologies and specializes in Managed IT Services for small and mid-sized businesses in Bakersfield, CA. With over 23 years of experience, he offers expert cloud computing, cybersecurity, and network management solutions. Brandon is a committed community member and coach who leads and innovates in tech and sports coaching. His dedication to local businesses and communities is evident in his hands-on, tailored approach to IT solutions.Brandon Phipps
Technology SpecialistDetect spyware by reviewing your system settings regularly. Keep an eye out for unfamiliar apps running, your phone turning off randomly, or strange icons popping up. Be aware that certain spyware may be well-hidden and difficult to detect through a basic system review.
-
Turn off app installs from unknown sources. If you use an alternative app store or download apps from the web rather than the Play Store, you won't have the bonus of Google's safety moderation and Play Protect features. Disabling installs from unknown sources ensures that you can only install apps from the Play Store.
- Open the Settings app.
- Tap Apps or Apps & notifications.
- If you're using a Samsung Galaxy, tap the three dots at the top-right, choose Special access > Install unknown apps.
- On other devices, go to Advanced > Special app access > Install unknown apps.
- Select each app in the list and toggle its "Allow from this source" switch to Off.
-
Clear app cache. In case anything shady is hiding in your app cache, it's a good idea to delete all cached data.[9] Here's how:
- Open the Settings app.
- If you have a Samsung Galaxy, go to Apps, select an app, choose Storage, and then tap Clear cache. Repeat for all apps in the list.[10]
- On other devices, tap Storage, choose Other Apps, select an app, and then tap Clear cache. Repeat for all other apps.
-
Change your Google account password. If someone had access to your device, it may be because your Google account is compromised. Before you reboot your phone to exit safe mode, make sure you're starting fresh with a brand new Google password.[11]
- Don't reuse the same password you use for any other account—your new password should be completely unique.
- Remove any third-party apps which have access to your account that you don't recognize, and check your devices and sessions to see if there's suspicious activity you don't recognize. This will ensure no suspicious devices or apps have access to your account.
-
Reboot your phone. Now that you've made these changes, you can reboot your device into normal operating mode.
-
Install antimalware software and run a scan. There are many antimalware/antivirus options for your Android that don't cost anything at all. Most of the best options have paid upgrade options that allow the software to always run in the background, which can help you avoid getting hacked in the future. But for now, we'll just want to install some software so we can run a malware scan. Some excellent free options are Mobile Security, Sophos Intercept X, AVG Antivirus & Security, and Avast Antivirus & Security. All of these options are available for free in the Play Store.
- Once you download the app, open it, and then follow the on-screen instructions to scan for viruses and malware.
- If the scanning tool identifies a threat, you'll be prompted to remove it.
EXPERT TIPTechnology SpecialistBrandon Phipps is a Technology Specialist based in Bakersfield, CA. He is the owner of Second Star Technologies and specializes in Managed IT Services for small and mid-sized businesses in Bakersfield, CA. With over 23 years of experience, he offers expert cloud computing, cybersecurity, and network management solutions. Brandon is a committed community member and coach who leads and innovates in tech and sports coaching. His dedication to local businesses and communities is evident in his hands-on, tailored approach to IT solutions.Brandon Phipps
Technology SpecialistMalwarebytes is a top choice for scanning your Samsung and Android phones for spyware. It monitors your system to see what apps and services are running in the background and detects anything malicious.
-
Reset your phone if needed. If you've tried to remove a hacker or malware from your device, but are still noticing poor performance and signs of intrusion, your best bet would be to reset your device to its original settings. Once you reset your device, you can sign in with your Google account password and start with a clean slate.[12]
Prevent Future Hacks
-
Keep your device up to date. Installing the latest versions of the Android operating system and Play Store app updates ensures that your device has the latest security patches.[13]
-
Use a VPN. When you access the internet through a VPN, all of your internet activity is encrypted, making it difficult for potential hackers to monitor your activity. It's especially important to use a VPN when connecting to public hotspots, such as at a café or on campus. Choose a reputable VPN service rather than a free option.
-
Avoid rooting your device. While rooting your device gives you more customization options, it also enables access to malicious apps that can take advantage of your administrator privileges. Androids are highly customizable as-is—if security is a concern, don't install custom ROMs.
-
Only install apps from the Play Store. The apps you install from alternative app stores aren't necessarily inspected for malware. When you stick to apps in the Play Store instead of installing alternative app stores, you have the added protection of Google's quality assurance and safety oversight.
-
Turn on Google Play Protect. This feature of the Play Store runs safety checks on apps before you download them, which can protect you from malware and other harmful apps.[14] The feature is turned on by default, but may have been disabled. Here's how to check:
- Open the Play Store app and tap your profile icon.
- Tap Play Protect.
- Tap Settings.
- Turn on "Scan apps with Play Protect."
-
Keep your eyes on your device at all times. Don't let your device out of your site—a hacker might look at an unguarded device as an easy hacking opportunity.
- Your PIN or password should be difficult to guess—using "1234" is not a good idea, even if it is easy to remember.
-
Don't fall victim to phishing scams. Sometimes hacks occur because an unsuspecting user clicks a link in an email or text message and enters their login information, thinking they are signing into a website they use often. If you're not completely sure that a message comes from a trusted source, never click unfamiliar links, open attachments, or reply to messages with personal information.[15]
-
Avoid charging your device at public charging stations. "Juice jacking" is a type of hacking that occurs when you plug a susceptible phone into a charging station that has malware installed. To avoid data theft and malware installation without your consent, stick to using your own charger.[16]
Expert Q&A
-
QuestionHow can I be safe with my phone?Aydin YildizAydin Yildiz is an Electronics Repair Specialist and the Founder of Aasha Inc. With more than five years of experience, he specializes in phone, tablet, and computer repairs. Aydin holds an MBA from Southern States University.
Electronics Repair SpecialistAlways check and see what's running in the background of your phone. Make sure you know what permissions these apps have, and that they aren't doing anything you don't want them to do, like tracking your location. -
QuestionHi, my 2 phones are hacked by a guy in the USA. I can't make calls, texts or use the internet. He has deleted my gigggaff account and my emails or changed the passwords. Advice please.AnotsSpaenCommunity AnswerDownload your android's firmware on your computer, and a version of odin from XDA developers, and then reflash the full phone back to normal after entering download mode.
-
QuestionHow can my friend stop someone from getting his passwords. No matter how many times he changes them, he is still hacked!Ennan GeographicCommunity AnswerPasswords should be strong. For example, hackers guess passwords easier that have names of people, things, or pets. ilovedaniel is one example. A strong password like @6utterf1y is easy to remember, but hard to guess.
Tips
-
If the hacker performed activities that increased your phone bill, such as overusing your data plan or making long distance phone calls, contact your mobile provider to let them know you were hacked. Depending on the situation and the provider, you may be able to get a discount on the overage charges.Thanks
References
- ↑ https://support.google.com/accounts/answer/9924802#malware-signs&zippy=%2Cfind-more-signs-of-malware
- ↑ https://www.samsung.com/us/support/troubleshooting/TSG01209886/
- ↑ https://support.google.com/accounts/answer/9924802#malware-signs&zippy=%2Cfind-more-signs-of-malware
- ↑ https://support.google.com/android/answer/6088915
- ↑ https://support.google.com/accounts/answer/41078?hl=en&co=GENIE.Platform%3DAndroid&oco=1
- ↑ https://www.sony-asia.com/electronics/support/articles/00255266
- ↑ https://www.samsung.com/us/support/answer/ANS00062983/
- ↑ https://www.samsung.com/us/support/troubleshooting/TSG01001623/
- ↑ https://www.avg.com/en/signal/how-to-clear-cache-on-android-phones
- ↑ https://www.samsung.com/us/support/answer/ANS00077611/
- ↑ https://support.google.com/accounts/answer/41078
- ↑ https://support.google.com/android/answer/6088915
- ↑ https://www.samsung.com/us/support/answer/ANS00078568/
- ↑ https://support.google.com/nexus/answer/2812853?hl=en
- ↑ https://consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams
- ↑ https://www.fcc.gov/juice-jacking-tips-to-avoid-it
About This Article
1. Reboot your Android in Safe Mode.
2. Remove admin access for apps.
3. Remove apps you don't recognize.
4. Turn off app installs from unknown sources.
5. Clear all app caches.
6. Change your Google account password.
7. Install antimalware software and run a scan.
8. Do a factory reset if necessary.