Insights · Cybersecurity · 17 July 2026

How to Know If Your Phone Is Hacked: The Real Signs

Most of the time, a hot battery and a slow phone are just an old battery and too many apps. Occasionally, they're something else — and knowing the difference takes about ten minutes.

A smartphone face-down on a dark leather desk with faint gold light escaping from beneath it

The honest starting point: the overwhelming majority of "my phone feels hacked" cases are aging batteries, background app updates, or a new operating system version running poorly. But a small percentage are genuine compromises — commercial spyware, a malicious profile, or a SIM-swap in progress — and for people whose calls, messages and location matter to someone else, that small percentage deserves a real check rather than a guess.

Signs worth actually investigating

How to check, platform by platform

CheckiOSAndroid
Unknown profiles/admin appsSettings → General → VPN & Device ManagementSettings → Security → Device Admin Apps
App permissions reviewSettings → Privacy & SecuritySettings → Privacy → Permission Manager
Battery/data anomaliesSettings → Battery / CellularSettings → Battery / Network & Internet → Data usage
Full reset if confirmedBackup, then Erase All Content and SettingsBackup, then Factory data reset
30%
of high-net-worth individuals report at least one suspected device-compromise incident
$11M+
commercial spyware licenses have sold for on the private surveillance market
<5min
time typically needed to check for unknown configuration profiles on iOS

A quick word on operating system updates

Keeping a phone's operating system current is one of the least glamorous and most effective defences available, since major updates routinely patch the exact vulnerabilities that both consumer stalkerware and more advanced tools rely on to gain or maintain access. A phone running an outdated OS version is measurably easier to compromise than an identical model kept current — a simple habit that costs nothing and closes a meaningful share of realistic attack paths before they're ever attempted.

What real spyware actually looks like

Consumer-grade stalkerware is comparatively easy to find — an unfamiliar icon, a battery drain, a strange permission. Commercial-grade surveillance tools built for high-value targets are different: they can require zero clicks to install, leave minimal footprint, and are specifically engineered to survive a standard factory reset in some configurations. If you have reason to believe you're a deliberate target — a contentious transaction, a public profile, a dispute — rather than an opportunistic infection, standard troubleshooting is not sufficient; the device needs a forensic check, not a settings review.

An ordinary infection announces itself. A targeted one is built specifically not to.

Phone compromise rarely arrives alone. The same credential-stuffing and social-engineering campaigns that install spyware are often paired with attempts against email and financial accounts, which is why we treat device, account and identity monitoring as one function rather than three — the surfaced-credential side of this is exactly what dark web monitoring for UHNW families is built to catch. If the concern extends to someone actively tracking your location or reading your messages in real time, the diagnostic steps differ meaningfully from a general hack check — see our companion piece on what to do if someone is spying on your phone.

SIM-swap: a related but distinct threat

A SIM-swap attack doesn't compromise your phone's software at all — it convinces (or bribes) a carrier employee to move your phone number onto an attacker's SIM card, silently redirecting your calls and, critically, your SMS-based verification codes. The signs are specific: your phone suddenly loses all signal and shows "no service" or "SOS only" in a location where you should have full bars, followed by account lockouts as the attacker uses intercepted codes to take over email, banking and exchange accounts in rapid succession.

If this happens, contact your carrier immediately through an alternate channel (their website chat or a second phone) to confirm and reverse the swap, then immediately check every account that uses SMS for two-factor authentication, since those are now compromised by extension. The permanent fix is removing SMS as a verification method wherever possible, replacing it with an authenticator app or hardware key, and asking your carrier to add a PIN or verbal passphrase requirement before any SIM changes are processed on your account.

What a clean bill of health actually looks like

After running the checks above, a phone that's genuinely clean shows: no unfamiliar configuration profiles or device administrators, normal battery and data patterns over several days (not just one), no unexplained account activity across email and financial apps, and carrier account settings that match what you set. If all four hold, the anxiety is very likely just anxiety — a useful thing to know with confidence, not just assume.

For principals, a single compromised device is rarely isolated from everything else — it sits inside a household with shared networks, family accounts and staff access. Obsidian Helm treats device security as part of a standing programme under our Personal Cybersecurity practice: forensic device checks, ongoing monitoring, and a named contact the moment something looks wrong.

Have Your Device Checked Properly, Not Guessed At

A $4,999 Private Strategy Session includes a forensic review of your devices and accounts, and a standing protocol going forward — credited toward membership.

Request Your Invitation

Frequently asked

What are the most reliable signs a phone has been hacked?

Unexplained battery drain and data usage spikes, unfamiliar apps or configuration profiles, and unrecognised login or verification activity on linked accounts are the most reliable signals. A single symptom in isolation is usually not conclusive on its own.

Does a factory reset remove all spyware from a phone?

It removes most consumer-grade stalkerware and malicious apps, but some advanced, targeted surveillance tools are specifically engineered to persist through or reinstall after a standard reset. If you suspect targeted surveillance rather than opportunistic malware, a forensic check is more reliable than a reset alone.

Can someone hack my phone just by calling or texting me?

In most cases no, but zero-click exploits that require no interaction at all do exist and have been used against high-profile targets. For the general public these remain rare; for individuals with genuine reason to believe they're a specific target, the risk is real enough to warrant professional review.

How do I check if there's spyware on my iPhone?

Check Settings, General, VPN and Device Management for any configuration profile you didn't install — legitimate personal iPhones typically have none. Also review battery and data usage for unexplained spikes and review app permissions for anything granted without your knowledge.

Is it normal for my phone's battery to drain faster after an update?

Yes, this is common after major OS updates as the system re-indexes and background processes resettle, and usually improves within a few days. Persistent drain beyond a week, especially paired with heat or data spikes, is worth investigating further.

By Invitation Only

The office answers.
The rest is silence.

Tell us, in confidence, what keeps you up. We reply privately, under NDA.

Request Your Invitation
Related Briefings
Replies under NDA · Strictly Confidential