What To Do If Your Android Phone Has Been Hacked
Android is designed to be inherently secure — primarily because of its sandbox approach to processes and file management. Apps run in isolated environments, so they can't see or access other apps or services (via Android). You have to grant access and permissions expressly for that to happen (which is why it's a good idea to be cautious before granting unusual permissions requests from apps). This greatly reduces the potential attack vectors of malware. Modern Android devices also feature an extra security layer called Google Play Protect that quietly scans and flags suspicious applications (per Google).
Still, there are ways to hack into a device. Android has the option to sideload apps from outside the Google Play Store. If used unwisely, sideloading can make Android more vulnerable than Apple's more restrictive iOS.
Once a phone or tablet is infected with malware, hackers can use it to dig for personal information. They might steal banking information and login credentials or hold your data for ransom, according to Google. You might notice things like unexpected pop-ups or apps that you didn't install. The device might be overheating, lagging, crashing, or consuming too much data or battery (via Google). You could receive unusual spam texts, notifications, or link prompts. If you notice odd behavior like this, here are some steps you can take to secure it.
Examine your apps
You need to be careful when installing APK files since it is the most common way hackers gain unauthorized access to your device. The Google Play Store isn't immune from malware since malicious apps do occasionally pop up on the platform, but Google takes them down once they're reported (per Google). You can read our guide on how to detect fake Android apps for further details.
On the other hand, apps sideloaded from third parties or unofficial stores should never be completely trusted. You always run the risk of sideloading hostile apps if you're installing from sources outside of the Google Play Store. This is especially true of pirated apps or anything that promises to "unlock" or enhance certain apps. If you notice unusual behavior after sideloading an app, that app is probably responsible.
Head to Settings > Apps (or your device's equivalent section) to uninstall suspicious apps. You should also delete any compromised APK files. Some malware apps can attempt to stop users from uninstalling them. If this happens, try safe-booting your device. The exact steps can vary between manufacturers (consult yours for exact instructions), but many current Android models can reach safe mode by holding down the power button and then long-tapping the power icon that appears. From safe mode, you'll be able to uninstall the malicious app (via Google).
Update Android
If you notice issues even within safe mode, your device could have been hacked using another method. Hackers can also break in by exploiting vulnerabilities in the Android operating system. Google developers regularly find and patch security threats in Android (via Google), but until those flaws are discovered and their patches released, there's little the user can do to defend themselves against them.
This is why Google regularly sends out over-the-air (OTA) updates for Android. Besides major OS updates, your device can also receive regular security updates, so it's important to install these as soon as you can. You can review the details of published patches on the Android Security Bulletin page. Keep in mind that older devices may eventually no longer be eligible for security updates, depending on your manufacturer's policies. In these cases, upgrading is your best option from a security standpoint (per MakeUseOf).
Make sure you're on the newest version of Android and running the latest security patches by heading to your device's Settings app and looking for the software update section.
Run security checks or reset
If you can't manually pin down and remove the exploit that hacked your device, launch Google Play Store, tap your profile icon, then Google Play Protect. Tap the green scan button to scan for any potentially harmful apps. Some manufacturers preload their version of Android with their own security solutions. Samsung devices, for instance, feature Samsung Knox protection which can scan and quarantine threats.
If everything else fails, you can always reset to factory settings to foil the hackers. A factory reset erases your files, preferences, and accounts (via Google). We recommend memorizing the login credentials for the Google account(s) on your device before resetting (you'll need them to log back in). Try and back up what files you can, but be careful that you don't copy any files that might be compromised and capable of spreading the malware again.
1. Go to Settings and search for the reset menu there.
2. Tap Reset and follow the on-screen instructions.
3. Your device will reboot and present you with a fresh setup.
If hackers have locked you out of the device entirely, you can also perform a hard reset. Exact instructions may vary, but most manufacturers require you to power down completely and hold the volume up or down key while powering back on. This will usually launch a boot menu with the option to wipe the system entirely.