How to Fix a Hacked Android Phone

7 Ways to Fix a Hacked Android Phone

A hacked phone can feel overwhelming, but the good news is that most threats can be dealt with quickly — and you don’t need to be a tech expert to do it.

1. Delete suspicious apps

Run through all your installed apps, including those in folders, and search for anything that doesn’t look right.

Uninstall any unknown apps that you didn’t install yourself or that look suspicious.

However, it’s important to keep in mind that there are several system apps on an Android phone that come pre-installed on the device. These apps might have names you don’t recognize, but aren’t necessarily malicious.

Before deleting an app you’re unsure about, check the web to see if it’s actually a legitimate app.

You can view a list of all your apps by following these steps:

1. Go to the Settings app on your phone.
2. Tap Apps.
3. Run through the list for any suspicious apps.

Fig 1. View installed apps on an Android device.

2. Review and Revoke App Permissions

Hackers often exploit Android’s permission system to spy on you. Even if an app looks legitimate, it might have dangerous permissions that allow it to record your screen, read your messages, or track your location.

The most dangerous of these is Accessibility Services — a feature originally designed to help people with disabilities interact with their phone. Spyware commonly abuses it to take near-total control of a device, recording everything you do in real time.

In February 2026, Certo’s security researchers discovered a new Android RAT (Remote Access Trojan) called Oblivion that takes this to another level.

Unlike most malware, Oblivion can grant itself Accessibility Service access automatically, without any interaction from you. Once it has that permission, attackers can read your messages, intercept banking codes, capture passwords, and even control your phone remotely, all while staying completely hidden.

Check for suspicious permissions by following these steps:

1. Go to Settings and search for Accessibility.
2. Tap Installed Apps or Accessibility Services.
3. Review the list and toggle OFF any apps you don’t recognize.
4. Next, go to Settings > Apps > Permission Manager (or App Permissions).
5. Review sensitive permissions like Camera, Microphone, Location, SMS, and Notification Access.
6. Revoke permissions from any apps you don’t trust or recognize.

You should also check Special App Access in your Settings for permissions like “Display over other apps” and “Notification access” – these are commonly used by spyware.

Fig 2. Checking installed apps with Accessibility permissions.

3. Change your Google account password

These days, many of our apps are linked to our Google account. In fact, your Android phone will typically need you to sign in to a Google account when you first set up the phone.

If you suspect someone has hacked your phone, you need to change your Google account password immediately, as this is a common way that hackers could access data from your phone.

You can change your password by following these steps:

1. Open the Settings app.
2. Tap on Google.
3. Navigate to Manage Your Google Account.
4. Tap Security.
5. Find Password and then change it to something new.

Fig 3. Changing your Google password.

When setting any password for online accounts, be sure to use something that would be difficult for a hacker to guess. Don’t use names of family members, pets, or memorable dates as your password.

If the hacker is someone close to you, which is often the case, they may be able to guess your password based on what they know about you. Ensure that your password is strong enough to prevent people close to you from getting into your phone.

4. Remove administrator access

Often, a hacker will install apps with administrator access to gain control over even more data on your phone and make it more difficult to remove the malware.

By deactivating administrator access, you can disable any unknown apps that might be used to spy on your phone.

You can do this by following these steps:

1. Open Settings.
2. Type “Device Admin” in the search box, then tap Device Admin Apps.
3. If you see any unknown apps that you don’t recognize, toggle administrative access off or select the app and choose the Deactivate function.
4. You can then uninstall the app like any other app.

Fig 4. Disabling Device Admin Apps.

5. Download antivirus software

Even after manually removing suspicious apps, some malware is designed to hide itself to avoid detection. That’s where running an antivirus scan can help.

A good mobile security app will dig deeper than a manual check — scanning system files, app behaviors, and background processes for anything that shouldn’t be there. It can also flag threats you might not even know to look for, like stalkerware or hidden remote access tools.

It’s worth making this a habit too. Running a scan every few weeks means you’re far more likely to catch something early, before it has a chance to do real damage.

If you want a quick and easy way to check your Android device, Certo AntiSpy is a free app that scans for malware, spyware, and other threats in just a few minutes.

Fig 5. Certo AntiSpy for Android.

6. Clear your Android phone cache

Even after deleting suspicious apps, malicious code can still hang around in your cache. So, it’s a good idea to clear it.

Clearing your phone’s cache can be beneficial if you suspect hacking because it removes potentially malicious data that hackers may use or have left behind.

Cached data can be exploited to gather personal information, execute repetitive malicious actions, or cause app misbehaviors.

How to clear cache for an individual app

1. Open the Settings app on your Android device.
2. Navigate to Apps or Applications (this may vary depending on your device).
3. Scroll through the list and find the app whose cache you want to clear.
4. Tap on the app’s name.
5. Tap on Storage.
6. Tap on Clear Cache.

Note: If you tap Clear Data, you’ll remove all data related to the app, which might include saved games, settings, etc.

Fig 6. Clearing the cache for an individual app.

How to clear system cache (cache partition)

The process to clear the system cache may vary depending on the device manufacturer, model, and Android version. Here’s a general guide for devices with a built-in recovery mode:

1. Turn off your Android device.
2. Boot into Recovery Mode. This usually involves holding down a combination of buttons (like Volume Up + Power) as the device starts. The exact combination varies by device, so you may need to look it up for your specific model.
3. Once in Recovery Mode, use the volume buttons to navigate and the power button to select.
4. Highlight and select Wipe cache partition or Wipe device cache or something similar.
5. Once the process is complete, select Reboot system now.

7. Do a factory reset

A factory reset restores your Android phone to the state it was in when you first bought the phone.

What’s useful about a factory reset is that it completely removes any malicious apps like spyware.

The good news is that a factory reset doesn’t have to mean losing everything. Back up your device to Google beforehand, and you can restore all your data and settings once the reset is complete.

Follow these steps to safely perform a factory reset:

1. Back up your data and familiarize yourself with the restore process.
2. Open the Settings app on your phone.
3. Scroll down and tap on System (On Samsung devices, this is usually General Management).
4. Tap on Reset options (or just Reset).
5. Select Erase all data (factory reset) or Factory data reset and the follow the on-screen instructions.

How to Verify Your Phone Is Clean

After taking steps to fix your hacked Android phone, you need to confirm the threat is actually gone. Hackers can be persistent, and some malware is designed to survive basic removal attempts.

Here’s how to verify your phone is truly clean and what to watch for in the weeks ahead.

Verify the threat is gone

Your first step should be immediate verification:

• Re-scan with Certo AntiSpy 24-48 hours after your initial cleanup.
• Check that all suspicious apps you deleted haven’t mysteriously reappeared.
• Review your app permissions again to ensure nothing has changed.
• Verify that Play Protect is enabled. It’s Google’s built-in app scanner and hackers often disable it.

If you find new threats after you’ve already removed malware, this suggests either the malware wasn’t fully removed, or you’re being actively targeted and need to take more aggressive action (like a factory reset).

Monitor these warning signs for 7-30 days

Even after cleaning your phone, stay alert for these red flags:

• Data usage – Keep an eye on your data usage daily for the first week. An unexplained spike could be a sign that something is still running in the background and communicating with an outside source.
• Battery performance – Unusual battery drain is a common sign of hidden activity. If your battery is depleting faster than expected, it may suggest that a background process is still active on your device.
• Account activity – Check the login history for your Google account, banking apps, and social media. Look for logins from unfamiliar locations or devices.
• Strange messages or emails – Watch for password reset requests, two-factor codes you didn’t request, or friends receiving weird messages “from you.”
• Unknown apps returning – Some sophisticated malware can reinstall itself. Check your app list weekly to catch this early.

When to seek professional help

Sometimes, despite your best efforts, the problem persists. Consider getting professional help if:

• Threats keep coming back after multiple removal attempts and even after a factory reset.
• You’re being targeted by someone with technical skills (like a tech-savvy ex-partner or someone who works in IT).
• Financial accounts have been compromised and you’re seeing unauthorized transactions.
• The hacker has access to multiple accounts beyond just your phone (email, social media, banking).
• You’re experiencing harassment or stalking related to the hack.
• You’ve tried everything in this guide and your phone still shows signs of compromise.

In these cases, you may need to:

• Contact your cell phone carrier to get a new SIM card and phone number.
• Work with your bank’s fraud department to secure your accounts.
• File a police report, especially if you know who’s behind the hack.
• Consult with a cybersecurity professional who specializes in mobile device forensics.

Remember, if you’re dealing with domestic abuse or stalking situations, organizations like the National Domestic Violence Hotline (1-800-799-7233) can provide guidance on digital safety alongside other support.

We’ve also put together a list of support organizations from around the world — find one near you here.

How to Improve Your Android Phone’s Security

Fixing a hacked phone is only half the battle. Once your device is clean, it’s worth taking a few simple steps to make sure it stays that way.

So here are some essential security tips you should follow to ensure your phone doesn’t get hacked in the first place:

• Don’t leave your phone unattended in a public space. If someone has physical access to your phone, it’s a lot easier for them to install apps that can be used to monitor your activity.
• Use a VPN when connecting to unsecured public Wi-Fi networks. This will prevent anyone from being able to intercept your communications.
• Use a biometric authentication method on your lock screen, which means only your face or fingerprint can unlock your phone. This is much stronger than any password could be.
• Use different passwords for all your accounts. You can use a password manager to store all your passwords in one place while keeping them protected from prying eyes. We recommend NordPass.
• Only download apps from the official Play Store, as they are vetted by Google. Avoid downloading apps from other sources.
• Never open links or download attachments if you don’t know exactly what they are or who sent them.
• Keep your Android OS and apps updated. If there are any security updates available, always be sure to install them. These updates can prevent hacking and can even disable any active malware already on your phone.

Final Thoughts

Finding out your Android phone has been compromised is unsettling, but acting quickly makes a real difference. The steps in this guide give you everything you need to remove the threat and lock down your device before any more damage is done.

Android threats are also getting harder to spot. Earlier this year, our researchers uncovered Oblivion — a RAT that can silently seize control of an Android device without the victim ever tapping an approval.

Staying on top of your app permissions and watching out for warning signs like high data or battery usage can help you stay one step ahead.

If you’re still not 100% sure your device is clean, a quick scan with Certo AntiSpy can give you a definitive answer in just a few minutes.

Frequently Asked Questions (FAQs)

Can you fix a hacked Android phone?

In most cases, you don’t need to be particularly tech-savvy to fix a hacked Android phone.

Reviewing your app permissions, removing suspicious apps, and running a security scan with an app like Certo AntiSpy can resolve the majority of threats.

For more serious cases, a factory reset will remove almost anything that’s managed to take hold on your device.

What are the signs of a hacked Android phone?

Some of the signs of a hacked phone include:

• Your phone is getting very hot.
• The battery drains faster than usual.
• You have unusually high data usage.
• A phone performance issue, such as the phone being slow or taking a long time to shut down.
• Someone knows something that you have only communicated via your phone.

What happens if your Android phone is hacked?

If your Android device has been hacked, the culprit could obtain access to all your personal and sensitive information, such as login details, your photos and videos, and your Internet and social media activity.

If you notice any telltale hacking signs, it is best to act swiftly to remove any spyware and lock the hacker out of your device.