Android · Recovery Guide

How to Recover and Re-secure a Hacked Google Account on Android

If your Google account has been compromised, quick action is vital. This guide provides clear steps to regain control and enhance your security on an Android device.

Step 1: Change Your Google Account Password Immediately

The first and most crucial step is to change your password. This can stop the attacker from further access to your account and linked services.

1. Open your device's Settings app.
2. Scroll down and tap Google, then tap Manage your Google Account.
3. Navigate to the Security tab. Under 'How you sign in to Google', tap Password.
4. You may be asked to verify your identity. After verification, enter a new, strong password. Make sure it's unique and not used for any other accounts. Avoid using personal information or common phrases.
5. Confirm your new password and tap Change Password.

Step 2: Review and Secure Your Device

After securing your password, it's essential to check your Android device for any signs of tampering or unauthorised access that the attacker might have left behind.

1. Check Installed Apps: Go to Settings > Apps > See all apps (or App info on Samsung One UI). Look for any unfamiliar applications you didn't install. Uninstall anything suspicious.
2. Review Device Administrators: Go to Settings > Security & privacy > More security settings > Device admin apps. Disable or uninstall any unknown apps that have administrator privileges.
3. Inspect Account Sync Settings: Go to Settings > Passwords & accounts (or Accounts and backup > Manage accounts on Samsung One UI). Tap your Google account and ensure all sync options are as you expect. Disable any that seem unusual.
4. Scan for Malware: Consider installing a reputable anti-malware app from the Google Play Store and run a full scan. Examples include Malwarebytes or Google Play Protect (already integrated).

Step 3: Check Google Account Security Settings

Google provides robust security features. Reviewing these settings can help you identify and revoke any unauthorised access and establish stronger protection.

1. Open Settings > Google > Manage your Google Account. Go to the Security tab.
2. Under 'Your devices', tap Manage all devices. Sign out of any devices you don't recognise. This will log the attacker out of your account on their devices.
3. Review 'Third-party apps with account access'. Remove access for any apps you don't recognise or no longer use. Attackers sometimes grant access to malicious apps.
4. Examine 'Signing in to other sites'. Remove any linked accounts you don't recognise or trust.
5. Check 2-Step Verification status. If it's off, turn it on immediately. If it's on, review the trusted devices and backup codes, and remove any you don't recognise. Consider adding more security keys for enhanced protection.

Step 4: Consider a Factory Reset (Last Resort)

If, after following the above steps, you still suspect your device is compromised, a factory reset may be necessary. This will erase all data, so ensure you have backed up important files.

1. Back up your data: Before resetting, back up all important photos, videos, contacts, and documents. Use Google Drive, Google Photos, or a computer for this.
2. Go to Settings > System > Reset options (on Samsung One UI, it's Settings > General management > Reset).
3. Tap Erase all data (factory reset). You'll need to enter your PIN or password.
4. Confirm your choice. The device will restart and erase all data. This process can take some time.
5. When setting up your device again, choose to set it up as a new device rather than restoring from a backup, as the backup might contain the compromise. Reinstall apps manually from the Google Play Store.