Your phone runs on a single account — your Apple Account on an iPhone, your Google account on Android. It's the master key to the whole device: anyone signed into it from somewhere else can read your messages, open your photos and follow your location through iCloud or Google sync, with nothing installed on the phone at all. Locking that one account down is the single most important thing you can do to stop being watched — here's why it matters, and the exact steps for your phone.
Why this account matters most
Spyware and changed settings are the obvious worries, but they aren't the most common way a phone gets watched. The quiet way is through the account itself: someone who knows the password simply signs in on their own device and mirrors everything, leaving nothing to find on yours. And that account is only ever as secure as the email it's built on, because that inbox receives every login alert, verification prompt and password reset. Secure the account — and the email behind it — and you close the door the rest depends on.
What securing it involves
Whichever phone you have, the same five moves close the door: put the account on a private email only you control, set a strong, unique password, turn on two-factor authentication with an authenticator app, remove any device you don't recognise, and close the recovery back doors (recovery email, phone and trusted numbers). The menus differ by device, so follow the walkthrough for yours:
Already worried it's in place?
These steps lock the account down. To find monitoring that may already be running — forwarded messages, shared location, rogue profiles — check the settings someone can abuse on the phone itself.
Where to go next
Common questions
Is my Apple or Google account really how someone watches my phone?
What's the single most important step?
Do I still need to change my password if I turn on two-factor?
Should I use text-message codes for two-factor?
Was this guide helpful?
Know someone who needs this? Send them the guide.
Written by
Jordan DicksonFounder, CyberSecurityGuides
Founder of CyberSecurityGuides, writing practical, jargon-free guides that help everyday people recover from and protect against online attacks.
Reviewed by CSG Security Engineers
