I think my Android phone was hacked and someone is controlling my device. What should I do right now?

If you believe that someone is controlling your Android phone, the first rule is: stay calm and act methodically. Protectstar begins its own emergency FAQ with exactly this point, and rightly so: rash reactions often make situations like this worse. At the same time, you should take a real suspicion seriously and handle the device carefully from this point on.

1. Do not perform any more sensitive actions on the device for now
For the time being, do not use the smartphone for online banking, purchases, password changes, or confidential communication until the suspicion has been clarified. If a device is actually compromised, any further input may be monitored or misused. In cases of suspected spyware, Protectstar also recommends resetting important login credentials after the cleanup.

2. If the suspicion is acute, disconnect temporarily
If you believe data is actively being captured right now or the device is being controlled remotely, temporarily turn on airplane mode or disable Wi‑Fi and mobile data. In cases of confirmed or strongly suspected spyware, Protectstar explicitly recommends taking the device offline first so that no further data can be transmitted and ongoing connections are interrupted.

3. Secure important accounts on a second device
Secure your Google account, your email, banking access, messengers, and social networks on a different, trusted device. Google recommends checking security events and signed-in devices for a compromised account, removing unknown devices, and enabling 2‑Step Verification. If your phone may be compromised, password changes should not be done there first.

4. Check the smartphone itself in a targeted way
Then review the device's installed apps, remove anything unknown, and check suspicious permissions and special access rights. Camera, microphone, Accessibility, device administrator apps, VPN connections, and notification access are especially important. In spyware or stalkerware cases, these are exactly the areas that are often abused.

5. Run security scans and keep Play Protect enabled
In situations like this, Protectstar recommends using its security apps according to their role: Antivirus AI for malware and trojans, Anti Spy for spyware and stalkerware, and Firewall AI for suspicious network connections. In addition, Google Play Protect should remain enabled because Google explicitly recommends this service as an important Android protection feature. If a detected app cannot be removed, save the warning as a screenshot and then work through the removal step by step.

6. If suspicion remains strong: a clean reset instead of half measures
If suspicious apps keep reappearing, cannot be removed, or the device appears compromised overall, a factory reset is often the safest solution. Protectstar explicitly describes this as a sensible last step in cases of persistent spyware. Back up only what is truly important beforehand, then set up the device as a new device if possible, and do not restore questionable APKs or old unclean backups.

7. Preserve evidence and seek outside help if it is serious
If you suspect stalking, extortion, account takeovers, or financial abuse, save evidence such as screenshots, suspicious app names, or unusual activity. Protectstar explicitly recommends preserving evidence in such cases. For compromised accounts, Google also mentions contacting your bank or local authorities if financial or security-related consequences are possible.

In short:
If you believe someone has hacked and is controlling your Android phone, the right immediate order is: stay calm, stop performing sensitive actions, disconnect if necessary, secure your accounts on a second device, check the phone systematically, run scans, and reset it decisively if suspicion remains. That turns fear into a structured emergency plan.