How to Stop Your Phone Being Monitored

    Worried someone is monitoring your phone but can't prove it? The most common ways leave no trace — so here's how to make monitoring pointless: lock your accounts, network, and number so no one can watch you.

    JDCS
    By Jordan Dickson · Reviewed by CSG Security Engineers

    Updated July 2026 · 10 min read

    You’ve scanned your phone and it came back clean — or you simply can’t shake the feeling you’re being watched, with nothing you can point to. Here’s the uncomfortable truth: the most common ways someone monitors a phone leave almost no trace. They don’t need anything installed on your device if they can see your accounts, sit on your network, or intercept your number — and you usually can’t prove any of it. So the goal here isn’t to keep hunting for evidence that may not exist. It’s to make monitoring pointless by closing every door at once.
    Affiliate disclosure: if you sign up for a paid Proton plan through links on this page, CyberSecurityGuides may earn a commission at no extra cost to you. We only recommend tools we use and trust.

    Start with the phone itself

    If you haven’t already, rule out the phone itself first — hardening a device that’s still being watched just lets a hidden app see you type the new passwords. Most people reach this page having already done these checks, so if that’s you, skip straight to closing the doors below.

    The surveillance a clean phone can't stop

    These sit outside the phone, so a clean device and tidy settings never reveal them — and you usually can’t prove any of them. Understanding how each one actually works makes it clear why the fixes that follow are the ones that count.

    Network monitoring

    Everything your phone does online travels as packets of data across whatever network you’re on. Whoever controls that network — a home or office router, a partner’s hotspot, a rogue Wi-Fi point — can quietly record those packets as they pass; this is packet sniffing. A more active version, a man-in-the-middle attack, slips the attacker in between you and the sites you visit, so your traffic flows through them on the way to its destination. Most apps now encrypt the contents of a connection, but the network can still see who you connect to and when — the apps you open, the sites you load, your rough location, the rhythm of your day. Stitched together over time, that metadata is enough to track your activity and movements without anyone ever reading a single message.

    SIM swapping

    A SIM swap moves your phone number onto a SIM someone else controls, so your calls and texts — including one-time security codes — start arriving on their device instead of yours. It can be done by impersonating you to the carrier, but the easier route is often your carrier account itself: the online account that controls your number is secured by an email login, and if that email is weak, reused, or one an ex still has access to, an attacker can reset the carrier password, sign in, and order the swap themselves. Once they hold your number, the security codes and password-reset links for everything else follow — which is why the email attached to your carrier account is as important to lock down as the number it protects.

    Your device account

    Your Apple Account or Google account is the most important account you own — the master key to the phone itself. Anyone signed into it can read your messages, open your photos and follow your location from their own device through iCloud or Google sync, with nothing installed on the phone at all. And it’s only ever as secure as the email address it’s built on, because that inbox receives every sign-in alert, verification prompt and password reset. Most people leave this account anchored to an old, everyday email guarded by a reused password — so their single most valuable account sits on one of their weakest. The most important step you can take is to make sure your device account runs on a strong, private email no one else can reach.

    The common thread

    Notice the thread: a SIM swap and a hijacked device account both trace back to one weak point — the email your accounts trust. And none of this leaves proof you can point to. So the goal isn’t to keep hunting for evidence; it’s to close every door at once, starting with that email.

    Close every door at once

    Each fix below closes one of those doors. None of them depends on proving anything — done together, they leave a monitor with nothing to see, whether or not anyone was ever there.

    Encrypt your connection

    A VPN wraps everything leaving your phone in an encrypted tunnel to the VPN’s server. Whoever controls your network can still capture the packets — that part doesn’t change — but all they collect is scrambled, unreadable data. They can’t tell which sites you open, read what you send, or even see who you’re talking to; a man-in-the-middle has nothing to intercept or alter, because the tunnel is sealed before your traffic ever reaches them. The network sees just one thing — a single encrypted connection to the VPN — with your real destinations hidden behind it. So it stops mattering whether anyone is listening on your Wi-Fi or router: the activity and metadata that used to track you simply can’t be read. Proton VPN is the direct fix — switch it on and every connection from the phone runs through that sealed tunnel by default. It’s the one answer to network-level monitoring, and the only one you can’t achieve any other way.

    Secure your carrier account

    Your number is only as safe as the carrier account that controls it, so treat that account like the high-value target it is. Put it on the same strong, private email you set up above, give it a unique password in Proton Pass, and switch on the carrier’s own two-factor and login alerts — that alone shuts the easy door, where an attacker resets the account online and ports your number themselves. Then add the carrier’s port-out PIN or transfer passcode so no swap can go through without it, and move your two-factor codes off SMS onto an authenticator such as Proton Authenticator or a hardware key, so even a stolen number no longer unlocks your accounts. A sudden, unexplained loss of signal can be the first sign of a swap in progress.

    Take your accounts back — on an email they don't control

    It starts with the email. Set up a clean, private inbox no one else has ever touched — a fresh Proton Mail address is built for exactly this — and make it the recovery email on your Apple Account or Google account, so the master key to your phone finally sits on something strong. With that foundation in place you can take the rest back: work through your important accounts, switch each one over to the new email, and rebuild every password as you go in Proton Pass so each is unique and none can be guessed from an old breach. Turn on two-factor authentication with an authenticator like Proton Authenticator instead of SMS, and while you’re in your inbox, remove any forwarding rule you didn’t set up — one quietly copying your mail to someone else is easy to miss. Once it’s done, every way back in — the email, the passwords, the codes — runs through accounts only you control.

    Once all three are shut

    With your connection encrypted, your carrier account locked and your accounts rebuilt on an email no one else holds, there’s nothing left for a monitor to reach — whether or not anyone ever was. You’ll have noticed the same few tools did most of the work; that’s no accident, and it’s where the next part comes in.

    Why Proton Unlimited does all of this at once

    Every fix above needs a tool: a VPN for the network, a clean email to anchor your accounts, a password manager to rebuild your logins, and an authenticator to replace SMS codes. You could assemble those from four different companies — four logins, four privacy policies, several of them paid for by advertising — and end up spreading the very accounts you’re trying to protect across providers you have to trust one at a time. Proton Unlimited puts all of them under one roof: Proton Mail, Proton VPN, Proton Pass and Proton Authenticator, in a single plan that maps straight onto the doors you just closed.
    What makes it worth doing is who’s behind it. Proton is end-to-end encrypted and based in Switzerland, so even Proton can’t read your mail, your passwords or your files — and it’s funded by subscriptions, not by selling what it learns about you. For someone rebuilding after being watched, that’s the whole point: a fresh start on a foundation built for privacy, where your email, your logins and your codes all sit with a provider whose business is protecting them rather than mining them. One plan, and the entire base your phone depends on is clean and yours alone.
    Proton Unlimited

    Rebuild on a foundation they can't see into

    Proton VPN encrypts your connection, a fresh Proton Mail address gives you a recovery email no one else controls, and Proton Pass rebuilds every password — the three fixes above, in one plan.

    • End-to-end encrypted
    • Swiss-based, no ads
    • One plan, every app
    New to Proton? See how each app fits together and why it’s built for privacy & security — read more about the full Proton suite →

    Lock it down — your next steps

    One more door: cables & chargers

    Less common, but worth knowing — a tampered cable, charger or dock, especially one handed to you, can be a way in. Here’s the honest risk and how to lock it out.
    USB cables & chargers

    Common questions

    Can a VPN stop someone spying on my phone?
    It stops network-level monitoring — if someone is watching your traffic over Wi-Fi, a VPN makes it unreadable. It does not remove spyware already on the device, and it can't stop someone who has your account password. That's why you clean the device and secure your accounts first, then add a VPN.
    Can someone track my phone if it's turned off?
    Not in real time — a powered-off phone isn't reporting its location to anyone. Newer iPhones keep a low-power Find My signal for a while after shutdown, but that's Apple's own anti-theft feature, not live tracking by a stranger. The account and SIM steps above matter far more than the power button.
    How do I know if my number has been SIM-swapped?
    The clearest sign is suddenly losing all signal — no calls or texts — while others around you are fine, often followed by login alerts you didn't trigger. If that happens, contact your carrier immediately and check your important accounts.
    I changed my password — am I safe now?
    Not on its own. If they still receive your SMS codes, or your recovery email goes to an inbox they control, they can simply reset the password again. Changing it only sticks once you've also turned on app-based two-factor and moved to a recovery email they can't reach.
    Is Proton actually more private?
    Proton Mail is end-to-end encrypted and based in Switzerland, so even Proton can't read your mail, and it isn't funded by advertising. For someone rebuilding after being monitored, the value is a clean account with no shared history and strong privacy by default.

    Was this guide helpful?

    Know someone who needs this? Send them the guide.

    JD

    Written by

    Jordan Dickson

    Founder, CyberSecurityGuides

    Founder of CyberSecurityGuides, writing practical, jargon-free guides that help everyday people recover from and protect against online attacks.

    Reviewed by CSG Security Engineers

    More from Device Security