How to Know If Your Phone Is Hacked: The Real Signs
Most of the time, a hot battery and a slow phone are just an old battery and too many apps. Occasionally, they're something else — and knowing the difference takes about ten minutes.
The honest starting point: the overwhelming majority of "my phone feels hacked" cases are aging batteries, background app updates, or a new operating system version running poorly. But a small percentage are genuine compromises — commercial spyware, a malicious profile, or a SIM-swap in progress — and for people whose calls, messages and location matter to someone else, that small percentage deserves a real check rather than a guess.
Signs worth actually investigating
- Battery drains fast even when idle, particularly if it's a recent change and the phone feels warm doing nothing.
- Data usage spikes without a change in your habits — spyware and remote-access tools have to transmit data somewhere.
- Apps you don't remember installing, or existing apps with permissions you don't recall granting.
- Unusual pop-ups, redirects, or the phone unlocking to a different screen than expected.
- Calls or texts you didn't make appear in your history, or contacts report messages from you that you didn't send.
- Sudden loss of signal followed by "no service" while your phone should have coverage — a possible sign of an active SIM-swap.
- Unfamiliar configuration profiles under iOS Settings → General → VPN & Device Management, which shouldn't be present at all on a personal phone.
How to check, platform by platform
| Check | iOS | Android |
|---|---|---|
| Unknown profiles/admin apps | Settings → General → VPN & Device Management | Settings → Security → Device Admin Apps |
| App permissions review | Settings → Privacy & Security | Settings → Privacy → Permission Manager |
| Battery/data anomalies | Settings → Battery / Cellular | Settings → Battery / Network & Internet → Data usage |
| Full reset if confirmed | Backup, then Erase All Content and Settings | Backup, then Factory data reset |
A quick word on operating system updates
Keeping a phone's operating system current is one of the least glamorous and most effective defences available, since major updates routinely patch the exact vulnerabilities that both consumer stalkerware and more advanced tools rely on to gain or maintain access. A phone running an outdated OS version is measurably easier to compromise than an identical model kept current — a simple habit that costs nothing and closes a meaningful share of realistic attack paths before they're ever attempted.
What real spyware actually looks like
Consumer-grade stalkerware is comparatively easy to find — an unfamiliar icon, a battery drain, a strange permission. Commercial-grade surveillance tools built for high-value targets are different: they can require zero clicks to install, leave minimal footprint, and are specifically engineered to survive a standard factory reset in some configurations. If you have reason to believe you're a deliberate target — a contentious transaction, a public profile, a dispute — rather than an opportunistic infection, standard troubleshooting is not sufficient; the device needs a forensic check, not a settings review.
An ordinary infection announces itself. A targeted one is built specifically not to.
Phone compromise rarely arrives alone. The same credential-stuffing and social-engineering campaigns that install spyware are often paired with attempts against email and financial accounts, which is why we treat device, account and identity monitoring as one function rather than three — the surfaced-credential side of this is exactly what dark web monitoring for UHNW families is built to catch. If the concern extends to someone actively tracking your location or reading your messages in real time, the diagnostic steps differ meaningfully from a general hack check — see our companion piece on what to do if someone is spying on your phone.
SIM-swap: a related but distinct threat
A SIM-swap attack doesn't compromise your phone's software at all — it convinces (or bribes) a carrier employee to move your phone number onto an attacker's SIM card, silently redirecting your calls and, critically, your SMS-based verification codes. The signs are specific: your phone suddenly loses all signal and shows "no service" or "SOS only" in a location where you should have full bars, followed by account lockouts as the attacker uses intercepted codes to take over email, banking and exchange accounts in rapid succession.
If this happens, contact your carrier immediately through an alternate channel (their website chat or a second phone) to confirm and reverse the swap, then immediately check every account that uses SMS for two-factor authentication, since those are now compromised by extension. The permanent fix is removing SMS as a verification method wherever possible, replacing it with an authenticator app or hardware key, and asking your carrier to add a PIN or verbal passphrase requirement before any SIM changes are processed on your account.
What a clean bill of health actually looks like
After running the checks above, a phone that's genuinely clean shows: no unfamiliar configuration profiles or device administrators, normal battery and data patterns over several days (not just one), no unexplained account activity across email and financial apps, and carrier account settings that match what you set. If all four hold, the anxiety is very likely just anxiety — a useful thing to know with confidence, not just assume.
For principals, a single compromised device is rarely isolated from everything else — it sits inside a household with shared networks, family accounts and staff access. Obsidian Helm treats device security as part of a standing programme under our Personal Cybersecurity practice: forensic device checks, ongoing monitoring, and a named contact the moment something looks wrong.
Have Your Device Checked Properly, Not Guessed At
A $4,999 Private Strategy Session includes a forensic review of your devices and accounts, and a standing protocol going forward — credited toward membership.
Request Your InvitationFrequently asked
What are the most reliable signs a phone has been hacked?
Unexplained battery drain and data usage spikes, unfamiliar apps or configuration profiles, and unrecognised login or verification activity on linked accounts are the most reliable signals. A single symptom in isolation is usually not conclusive on its own.
Does a factory reset remove all spyware from a phone?
It removes most consumer-grade stalkerware and malicious apps, but some advanced, targeted surveillance tools are specifically engineered to persist through or reinstall after a standard reset. If you suspect targeted surveillance rather than opportunistic malware, a forensic check is more reliable than a reset alone.
Can someone hack my phone just by calling or texting me?
In most cases no, but zero-click exploits that require no interaction at all do exist and have been used against high-profile targets. For the general public these remain rare; for individuals with genuine reason to believe they're a specific target, the risk is real enough to warrant professional review.
How do I check if there's spyware on my iPhone?
Check Settings, General, VPN and Device Management for any configuration profile you didn't install — legitimate personal iPhones typically have none. Also review battery and data usage for unexplained spikes and review app permissions for anything granted without your knowledge.
Is it normal for my phone's battery to drain faster after an update?
Yes, this is common after major OS updates as the system re-indexes and background processes resettle, and usually improves within a few days. Persistent drain beyond a week, especially paired with heat or data spikes, is worth investigating further.



