fast-guide
If You Think Your Phone Is Compromised
Immediate steps to take if you suspect your phone has been accessed or monitored.
fast actiondigital safety
TECH SAFETY
If Your Phone Is Compromised
1. What To Do First (3 Steps)
These steps focus on limiting new access while you review risks.
-
Turn off easy remote access
- Turn off Bluetooth, location sharing, and hotspot if they are on.
- Log out of any shared screen-mirroring or casting features.
- Disable “Find My Device” or similar services that the other person may control.
-
Change high‑risk passwords from a safer device
- Use a device you believe is safer (library computer, work device, trusted friend’s phone).
- Change passwords for:
- Email accounts linked to your phone
- Cloud backup accounts (Apple ID, Google account, Samsung account, etc.)
- Banking, payment apps, and shopping accounts
- Turn on two‑factor authentication using a safer device or a backup phone if possible.
-
Reduce what the phone can access
- Turn off automatic cloud backups if the other person might access that cloud account.
- Remove or pause access for shared accounts (for example, shared music, storage, or carrier logins).
- Avoid using the phone for sensitive searches, calls, or messages until you understand the risk.
If the person harming you controls the phone account, carrier login, or cloud login, any step that changes settings may be visible to them. Consider the level of risk before making noticeable changes.
2. Permission Audit
A permission audit is a quick review of what each app can see or do.
- Open your device’s settings and find the “Permissions” or “Privacy” section.
- Review which apps can access:
- Location / GPS
- Microphone
- Camera
- Contacts and call logs
- Text messages
- Files and photos
- For each permission, consider:
- Does this app truly need this access to work (for example, maps and location)?
- Do I recognize this app and know what it does?
- Is there another app from the same person/company already doing the same thing?
- Options for high‑risk or unclear apps:
- Set their permissions to “Deny” or “Ask every time.”
- Turn off “Allow in background” or similar options if available.
- Disable the app (instead of uninstalling) if you want to limit a reaction.
3. Suspicious Apps
Some apps may be clearly unsafe, and others may only seem slightly unusual.
- Scan your apps list for:
- Apps you do not remember installing.
- Apps with generic names (for example, “System Service,” “Update Service,” “Settings Service”).
- Duplicates (two calculator apps, two settings apps, etc.).
- Apps that have “device admin,” “accessibility,” or “VPN” roles.
- Check app details where possible:
- Open the app info screen and review:
- Who developed it (developer name or company).
- What permissions it has.
- How much data or battery it uses in the background.
- Search the app name from a safer device to see if others have flagged it as spyware or tracking software.
- Open the app info screen and review:
- Handling suspicious apps:
- If removing the app could cause a reaction, consider:
- Disabling its permissions first.
- Limiting what you do on the phone while you plan next steps.
- If you plan to collect evidence, note:
- App name and developer
- Install date
- Screenshots of permissions and settings
- Only uninstall when it feels safe and when you do not need it for documentation.
- If removing the app could cause a reaction, consider:
Some monitoring tools hide behind “Accessibility,” “Device Admin,” or “VPN” settings. Reviewing those sections in your settings can help you spot hidden apps.
4. Safe Backup Phone
A backup device can reduce what is exposed on a compromised phone.
- Choosing a backup phone:
- Options can include an old device, a low‑cost basic phone, or a trusted person’s spare phone.
- If possible, use a different account login and password than on your main phone.
- Consider a different mobile carrier if the current account is shared or monitored.
- How to use the backup phone:
- Use it for sensitive calls, messages, and account recovery steps.
- Turn off contact and message sync with any shared cloud account.
- Install only essential apps (for example, messaging, authenticator, email).
- What to keep off the compromised phone:
- Plans for moving, separating, or legal steps.
- Passwords, recovery codes, and security questions.
- Notes about incidents or safety plans.
Some people also review independent technology safety guidance and local support options listed through resources at DV.Support when thinking about device security.
5. When NOT To Reset The Device
Resetting a phone can remove harmful software, but it can also remove evidence and alert the person monitoring you.
- Consider avoiding a factory reset when:
- You may want records of possible surveillance for documentation or legal processes.
- The other person closely watches the device and is likely to react if the phone looks “new.”
- You still need time to change passwords and update security from a safer device.
- Alternatives to an immediate reset:
- Use the compromised phone only for low‑risk tasks (for example, public information searches).
- Move sensitive communication to a backup phone or safer device.
- Gradually reduce permissions and access rather than making sudden visible changes.
- If you do plan a reset later:
- Decide whether you need to save any screenshots or records first.
- Make a list of accounts and apps you will need to sign back into.
- Plan a time when the change is less likely to be noticed or questioned.