Android · Recovery Guide

What to Do If Your Android PIN or Password Was Changed Without You Knowing

Discover the signs that your Android might have been compromised, and learn how to check without altering any settings.

Signs Your PIN or Password Has Been Altered

It's unsettling if your usual PIN or password suddenly stops working. Here are some common indicators that your device's security might have been changed without your consent.

• You cannot unlock your device using your usual PIN, pattern, or password.
• You receive notifications on your lock screen that seem unusual or out of place.
• Apps appear to be missing or new, unfamiliar apps have been installed.
• Your device 's battery drains much faster than usual, even without heavy use.
• Unexpected data usage spikes occur, suggesting background activity you didn't initiate.

Check Locked Device Notifications and System Messages

Even if you can't unlock your phone, the lock screen can often provide clues. Look for anything out of the ordinary.

• Observe the lock screen carefully for any unusual notifications or banners that might indicate a system change or suspicious app activity.
• Try to trigger the 'Emergency call' option (if available) to see if it allows access to any network or system messages.
• On some Samsung devices, a subtle change in the lock screen wallpaper or font might be an early indicator.

Verify Google Account Activity (from another device)

If your phone's security has been compromised, your linked Google account might also show signs of unusual activity. You'll need another device for this step.

1. On a trusted computer or another mobile device, go to your Google Account security page at myaccount.google.com/security.
2. Look for the 'Recent security activity' section and review any unfamiliar sign-ins, especially from new devices or locations.
3. Check the 'Your devices' section to see if any unknown devices are logged into your Google account.
4. Review 'Third-party apps with account access' and revoke access for any apps you don't recognise.

Examine App Permissions and Device Administrators (if accessible)

If you manage to briefly access your device, or if the attacker has left specific settings unprotected, you can check for changes to app permissions.

• Navigate to Settings → Apps → See all apps. Scrutinise recently installed or updated apps for anything suspicious.
• Review the permissions for any unknown apps by tapping on them and selecting Permissions. Look for apps with excessive or unusual permissions.
• Go to Settings → Security & privacy (or Biometrics and security on Samsung) → More security settings → Device admin apps. Confirm that only legitimate apps like 'Find My Device' are listed.
• On Samsung devices, this path might be Settings → Biometrics and security → Other security settings → Device admin apps.