How to prevent phone hacking and remove intruders from your device

Smartphone on a blue background with protected logo on screen
(Image credit: Shutterstock)

When you think of hackers, you probably think of someone trying to gain access to your computer to get your passwords, steal your identity or just be an overall nuisance. Your PC isn't the only target, however, as many hackers will go straight to the source and go after your smartphone and all of your sensitive information. Even if you think you're being extra careful, it's still a good idea to use a VPN to keep yourself safe.

Data breaches can be really dangerous — think of the Pegasus scandal, for example. Cybercriminals can record your calls or chats, pinpoint your location, and even activate your mic or camera from nearly anywhere in the world. 

With spyware tools proliferating among authoritative regimes as well as common citizens, often great IT knowledge isn't even needed to do so. It's critical to take care of your mobile digital hygiene and know how to secure your smartphone's defenses from potential hacks, or what to do if there are signs telling you your phone has been hacked.

In this article, we'll cover both: what you should do to stop and prevent intruders to access your mobile data, and the steps you can take in the event of a hack.

Common tactics used by phone hackers:

  • Phishing: This tactic involves sending to targets malicious links and/or dangerous attachments via texts and emails. Once the victim clicks on it, the phone gets infected with malware to snatch your data.
  • Tracking apps: Hackers can use spyware software to collect data. Many of these applications could be even fairly simple to install and use. Everyone could potentially spy on your phone with ease - all they need is a simple app.
  • Infiltrating public Wi-Fi and Bluetooth: Every time you connect to a public Wi-Fi, your personal data can be exposed. That's why we recommend that you use one of the best mobile VPN services when connecting to open wireless. Similarly, hackers can break through Bluetooth connections.
  • Sim swap: This tactic permits malicious actors to transfer your phone number to their own SIM card and take over your accounts.

How to prevent your phone to be hacked  

These are some actions you should take to stay on top of your digital hygiene and protect your mobile data from malicious actors. 

1. Keep up with software updates

The first step to secure your phone from snoopers is making their job more difficult. Hackers often exploit software vulnerabilities to intrude into your data. 

So, even though the updating process can be long and eat up your memory, be sure to always use the most updated software version to mitigate the risks. 

2. Manage your app permissions

Even when your apps look safe, they may still be collecting a lot of your sensitive data. They can track your location, access your mic or camera. Sometimes new updates can make them more intrusive, too. 

As a rule of thumb, allow any new app to only access the necessary information. For example, if you're happy for Google Maps to track your journey to work, the same doesn't apply for your Spotify. You should also take some time to review all the settings of the applications installed on your phone.

3. Use a mobile antivirus software

While the received wisdom is that iPhone users don't need an antivirus to stay safe from malware and viruses, it's not the same for those using a mobile operating through an Android system. 

One of the best Android antivirus apps will run automatic scans for malware, removing any threats they find. They will also actively help prevent you from clicking on malicious web pages as well as open or download infected files in the first place.

4. Use a VPN when accessing public Wi-Fi

A hacker's common tactic is infiltrating your device via public Wi-Fi. For this reason, we'd recommend that you always use an iPhone VPN or Android VPN app when connecting to open wireless.

These services hide your IP address and location, while securing your data through encrypted tunnels (to know more, check our full guide to what a VPN is).

Among our favorites are ExpressVPN, NordVPN and Surfshark - which, all have easy-to-use mobile apps. Plus, you can use your subscription to protect all of your devices — from your mobile, to your laptops, router and TV streaming devices. It is worth noting that Surfshark has no limit of connections you can use at once, while Express allows five and Nord six.  

Hand holding a smartphone with VPN logo on screen

(Image credit: Shutterstock)

5. Avoid auto-login features

Even though it can save you a lot of time, keeping yourself logged-in to sensitive applications — like your online banking or email, for instance — can be dangerous if a cybercriminal manages to hack your phone. Ideally, you should always avoid auto-login for every app running on your device.

For the same reason, don't use the same password for every application. You may also want to install the best password manager to help you secure them even more. 

6. Make it harder physical accessing your phone

Not every data breach happens in the digital world. It's rare, of course, but sometimes intruders may simply get physical access to your smartphone and steal your information.

Stating the obvious, but you should never leave your phone unattended in public. It's also good practice to always set the six-digit passcode to access the device. This is the most secure option you have, as fingerprints and facial biometrics are actually easier to hack.   

Skull and crossbones on a smartphone

(Image credit: Shutterstock)

7. Enable 'Find my device' option

Didn't follow the guidance at 6 above? Well, if you do lose your phone, it's essential to be able to locate it and erase any information that could be compromised. The good news is that you can do so from your computer at ease. 

Both Apple and Google run 'Find my device' services that allow you to locate your phone on a map, as well as remotely locking or erasing sensitive data. Head to your smartphone's settings and enable the feature.

8. Disable voice assistant on lock screen

Siri and Google Assistant are useful tools that allow you to save typing time, but they can be a double-edge sword. If a cybercriminal manages to physical access your phone, it may use these services to bypass your passcode protection and infiltrate your contacts, chats, emails and calls. 

To safeguard your mobile data security, we suggest that you should always disable the voice assistant option on lock screen. 

9. Beware of public charging stations

Public charging stations are a blessing - most of the time at least. While really handy for those emergencies when your battery level is down to the last few percent, they are also an easy target for hackers. Cybercriminals can access your phone's data or introduce malware on your device through a USB drive, experts warn

That's why you should use an AC charging port instead whenever possible. In fact, AC outlets transmit only power rather than data. There are even charge-only adapters and data blockers you can use.  

Illustration of a hacker in a hoody using a laptop

(Image credit: ozrimoz / Shutterstock)

What to do if you've been hacked

If you've read our article on signs that your phone has been hacked and think you may be a victim, do not panic. There are some actions you can take to beat the hacker and liberate your smartphone from danger.

1. Run antivirus software

As said before, malware removal and antivirus software are perfect for eliminating threats running on your device. Once you have it installed, just keep it active on the background for avoiding any similar situations in the future. Good antivirus doesn't even cost much these days, and the best value comes from full internet security suites that protect your whole range of devices.

2. Secure your credit card information

Check your transactions and report to your bank in case you find any anomalies. Block your card, if needed. You may also want to contact all the e-commerce businesses that have your credit card or bank account information saved on your phone app.

3. Delete untrustworthy apps

If hackers got inside your phone, it is likely they are doing so through a malicious application running on the background. That's why you should review all the installed apps and delete everything looking suspicious - it only takes a few minutes. 

4. Reset your device

It may be worth fully resetting your phone and wiping all data, sinister apps and/or malware from it. After backing up your important information on your laptop or cloud storage, go to settings and perform a factory reset.

Yes, it's a massive inconvenience that means you have to reinstall your favorite apps and get your settings just how you like them again, but is your last resort if you just can't flush away the nasties from your device.

5. Change all your passwords

If a cybercriminal gets access to your device, your passwords are very likely to have been exposed. That's why you should change all your login credentials to make sure your accounts are protected from any data breaches. That's a whole load of new passwords to remember, but essential to reduce your risk from being hacked again.

6. Report to authorities 

If you realize you have been a victim of identity theft and/or you are scared for your wellbeing, you should definitely report the incidents to the authorities responsible to investigate digital crimes within your country. 

If you are living in the US, the Federal Trade Commission is your go-to. While those in the UK If you are living in the UK should contact Action Fraud, the national fraud and internet crime reporting center.

Chiara Castro
Senior Staff Writer

Chiara is a multimedia journalist committed to covering stories to help promote the rights and denounce the abuses of the digital side of life—wherever cybersecurity, markets and politics tangle up. She mainly writes news, interviews and analysis on data privacy, online censorship, digital rights, cybercrime, and security software, with a special focus on VPNs, for TechRadar Pro, TechRadar and Tom’s Guide. Got a story, tip-off or something tech-interesting to say? Reach out to