Before we get into anything technical, I want you to think about what’s actually on your phone right now. Your location. Your bank. Your private messages. Your photos. Everything.
That’s exactly why phones are the number one target. And here’s the part that trips most students up: phones don’t get hacked and then start flashing warning signs. The whole point of good spyware is that you don’t notice it. It runs silently in the background, forwards your messages, tracks your location, and sends everything to a remote server while you’re going about your day completely normally.
But here’s the good news: it’s never completely invisible. There are always tells. Your job as someone learning security is to know what those tells look like.
I’ve broken this down into 10 signs, starting with the most common ones and working towards the more technical indicators. For each one, I’ll explain why it happens — not just what to look for. Understanding the reason is what makes you a better security thinker.
Sign #1: Your Battery Is Draining Much Faster Than Usual
This is the one students dismiss the most, and I understand why — it’s easy to blame an ageing battery. But let me explain what’s actually happening when spyware runs on your phone.
Spyware isn’t just sitting there. It’s doing real work: recording audio, capturing screenshots, logging every key you press, uploading that data somewhere. All of that takes processor time, GPS, and network connection — constantly, in the background. That invisible workload drains battery the same way a game or video would, just without anything showing on screen.
So ask yourself: has your battery gotten noticeably worse over the last few weeks without you installing anything new or changing your usage? That question matters more than “is my battery old.”
How to check (iPhone): Settings → Battery → Battery Health. If health is above 80% but you’re losing charge fast, something is running that shouldn’t be.
Sign #2: Unexplained Data Usage Spikes
Think about this logically with me. If spyware is collecting your messages, location, and recordings — it has to send that data somewhere. It doesn’t store it on your phone. It uploads it to a server the attacker controls. And that upload costs data.
This is one of my favourite checks to teach because it’s so concrete. Go to Settings and look at your data usage broken down by app. Now look at the background data column specifically. A flashlight app using 400MB of background data this month? That’s not a flashlight doing flashlight things. That’s something else entirely.
Sign #3: Apps You Didn’t Install
Students, I want you to actually do this one right now. Not after you finish reading. Now.
Go to Settings → Apps (Android) or Settings → General → iPhone Storage (iOS). You’re looking at the full list — not just what’s on your home screen. Scroll through every single entry.
Stalkerware hides. It disguises itself as “System Service,” “Phone Manager,” “Sync Manager,” “Device Health.” These names are chosen specifically to make you think they’re legitimate system components. Before you delete anything unfamiliar, Google the exact name — because some genuine Android system apps have odd names. But if Google returns nothing, or returns results about stalkerware? That’s your answer.
Sign #4: Your Phone Is Warm When You’re Not Using It
Phones generate heat when the processor is working hard — playing a game, streaming video, running navigation. A phone that’s just sitting on your desk doing nothing shouldn’t be warm. If yours is, something is actively running.
The background processes that spyware runs — recording audio, capturing screenshots, uploading data — are processor-intensive. They generate heat. A warm idle phone is one of the more reliable physical tells.
Sign #5: Strange Texts or Calls You Didn’t Send
Check your sent messages and your outgoing call log. Right now, not later.
Some malware uses your number to send spam texts or make premium-rate calls to run up charges. Smishing attacks use compromised phones to forward phishing messages to your entire contact list. If you’re seeing texts you didn’t send or numbers in your outgoing calls you don’t recognise, your phone is being used by someone else.
Sign #6: Your Accounts Are Being Accessed from Unknown Locations
This is less about your phone and more about what’s been stolen from it — but it points back to the same source.
Check the login activity on your most sensitive accounts. Gmail: Settings → Security → Recent Security Activity. Facebook: Settings → Security → Where You’re Logged In. If you see logins from a city you’ve never been to, or from a device you don’t own, your credentials have been compromised — and your phone is likely how they got them.
Sign #7: The Screen Lights Up or the Phone Makes Sounds When Idle
This one is subtle but specific. If your phone screen occasionally activates, flickers, or your phone buzzes when you haven’t touched it and haven’t received any notifications — something is triggering it remotely. Remote access tools sometimes need to “wake” the device to execute commands.
This is less common with modern spyware (most of it is built to be invisible), but older or lower-quality tools sometimes cause this symptom.
Sign #8: Autocomplete Suggests Passwords or Words You’ve Never Typed
This is one of the weirder signs, but it’s real. If a keylogger has been running on your phone, it may have poisoned your keyboard’s autocomplete dictionary with data it collected. You might see your own passwords, account numbers, or strings of text suggested by autocomplete that you have absolutely no memory of typing.
It’s rare, but if you see it — that’s as close to a confirmed infection as you’ll get without running a forensic tool.
Sign #9: Your Phone Is Significantly Slower Than It Used to Be
Spyware competes with your apps for RAM and processor time. The more sophisticated the spyware — especially anything recording audio or video — the more resources it consumes. If your phone has become noticeably sluggish and you haven’t installed a lot of new apps, that background load is worth investigating.
Combined with battery drain and data usage, sluggishness completes what I call the “classic spyware triangle.” If you have all three, your phone almost certainly has something on it.
Sign #10: Your Antivirus or Security App Has Been Disabled
Modern mobile malware sometimes tries to neutralise defences. If your security app is showing as disabled, if you can’t update it, or if it’s been uninstalled and you didn’t do it — something on your device is actively working against your defences. This is the most serious sign on this list.
What to Do If Your Phone Has Been Hacked
Okay, class — this is the part that actually matters. If you’ve spotted signs on this list, here’s exactly what to do. Do not skip steps and do not change the order. Each step depends on the one before it.
How to Make Sure This Never Happens Again
These are the habits I want every student to build. Not optional extras — actual habits.
- Only install apps from the official App Store or Google Play
- Keep your operating system updated — most phone malware exploits unpatched vulnerabilities
- Never click links in unsolicited texts or emails — check our free Phishing URL Scanner if you’re unsure about a link
- Enable MFA on every account that supports it
- Be careful what permissions you grant apps — a torch app has no reason to need your contacts or location
- Use a strong, unique PIN. Not 1234. Not your birthday.
Check your email against known breach databases too — our Email Breach Checker will tell you if your credentials are already circulating on the dark web.
If you want to go deeper on how attackers actually get into devices in the first place, our Exploitation techniques guide covers the full picture from the attacker’s perspective.
Quick Reference: 10 Signs Summary
| # | Sign | Urgency |
|---|---|---|
| 1 | Rapid battery drain | Medium |
| 2 | Unexplained data spikes | Medium |
| 3 | Apps you didn’t install | High |
| 4 | Warm when idle | Medium |
| 5 | Texts/calls you didn’t send | Critical |
| 6 | Unknown account logins | Critical |
| 7 | Screen activates randomly | Medium |
| 8 | Autocomplete shows strange data | High |
| 9 | Phone significantly slower | Medium |
| 10 | Security app disabled | Critical |
Frequently Asked Questions
Can someone hack my phone without touching it?
Yes. Remote attacks via malicious links, zero-click exploits (that require no interaction from you at all), or compromised WiFi networks can install malware without the attacker ever physically handling your device.
Does factory reset remove all phone hackers?
A standard factory reset removes virtually all malware and spyware. The exception is extremely advanced firmware-level exploits used by nation-state actors — these are incredibly rare and almost certainly not relevant to the average person’s situation.
Can someone hack my phone just by calling me?
A regular phone call cannot hack your device. However, voice phishing (vishing) can trick you into revealing information or taking actions that lead to a compromise. Zero-click exploits targeting specific phone vulnerabilities are a different matter, but again, these are sophisticated and targeted attacks.
