PanicStation.org
UK USA
uk Technology & digital loss unknown admin app • device administrator app • phone administrator access • suspicious admin permission • app has full control • device management profile • unknown device management • mdm profile on phone • phone may be compromised • phone hacked signs • malware on android phone • strange apps installed • unwanted app permissions • spyware worry • stalkerware concern • unfamiliar vpn on phone • accessibility service abuse • admin access on android • vpn & device management iphone

What to do if…
you notice unknown apps with administrator access on your phone

Short answer

Treat this as a potential compromise: disconnect the phone from networks, then remove unknown administrator/device-management access before you do anything sensitive (like banking or passwords).

Do not do these things

  • Don’t keep using the phone for sensitive logins (banking, email, password manager) until you’ve removed the admin/device-management access and you’ve secured key accounts.
  • Don’t open the unknown admin app “to see what it is”, accept prompts, or grant additional permissions.
  • Don’t immediately wipe the phone without first noting the app/profile name(s) if it’s safe to do so (you may need them for your bank, employer, or a report).
  • Don’t disable built-in protections (like Play Protect) just to get rid of pop-ups.
  • If this is a work/school-issued phone, don’t remove management profiles/admin controls until you’ve checked with the issuing organisation (some are legitimate and required).

What to do now

  1. Disconnect, but keep the phone powered on.

    • Turn on Airplane mode (and, if you can, also turn off Wi-Fi and Bluetooth).
    • This reduces remote control and stops more data leaving the phone while you take the next steps.

  2. Capture quick details for yourself (30–60 seconds, if safe).

    • Screenshot the app/profile name(s) and the screen showing administrator/device-management access.
    • Write down: name, icon, when you first noticed it, and whether the phone is personal or work/school.

  3. If it’s an iPhone: check for unknown management profiles and remove them if possible.

    • Go to Settings → General → VPN & Device Management.
    • If you see a profile or “Management” you don’t recognise, delete it, then restart the iPhone.
    • If removal is blocked and this is (or might be) a work/school device, pause and verify with the organisation.

  4. If it’s Android: remove unknown “Device admin” access, then uninstall.

    • Go to Settings → Security (or Security & privacy) → Device admin apps / Device administrators.
    • Turn off admin access for anything you don’t recognise.
    • Then uninstall the app (Settings → Apps → the app → Uninstall).
    • If the phone won’t let you remove it, use Safe Mode (next step).

  5. Use Safe Mode on Android if removal is blocked.

    • Boot into Safe Mode (this starts Android with third-party apps disabled).
    • Repeat step 4 to switch off admin access and uninstall the unknown app, then restart normally to exit Safe Mode.

  6. Run a built-in malware check on Android (Play Protect).

    • Open the Google Play Store → your profile icon → Play Protect → run a scan.
    • If Play Protect flags anything, follow its removal prompts.

  7. Check “silent control” settings attackers often abuse (switch off anything unknown).

    • Accessibility: Settings → Accessibility → services you didn’t enable.
    • Notification access (can read codes): Settings → Notifications → Special access / Notification access.
    • VPN: remove unknown VPNs.
    • Work/device management: remove unknown work/school accounts or profiles only if you’re sure they’re not legitimate.

  8. From a different, known-clean device, secure your most important accounts first.

    • Start with email, then Apple ID/Google account, then banking.
    • Change passwords and turn on 2-step verification where offered.
    • For email, check for unexpected forwarding rules/filters.

  9. If you still can’t be confident the phone is clean: factory reset is the safest “clean break”.

    • A factory reset wipes apps and data.
    • Be careful with backups: only restore from a backup you’re confident was made before the unknown admin app/profile appeared. If you can’t be sure, reset and rebuild without restoring apps/settings until things are stable.
    • If you need to save irreplaceable items first (photos/contacts), do the minimum you can and avoid carrying over apps or device settings.

  10. If money, identity, or fraud might be involved, record and report.

  • If you’ve lost money or suspect fraud, follow UK government fraud recovery guidance.
  • Consider reporting cyber-enabled fraud to Action Fraud/Report Fraud.

What can wait

  • You don’t need to decide right now who did it or exactly how it happened.
  • You don’t need to confront anyone or make accusations today.
  • You don’t need to install new security products immediately—stabilise first (remove admin access/profiles, scan, secure accounts).
  • You don’t need a full forensic investigation; the goal is to regain control and stop further harm.

Important reassurance

Seeing unknown administrator/device-management access is genuinely unsettling. You’re not overreacting: those permissions can be powerful, and focusing on containment and account security first is the right move.

Scope note

This is first-steps-only guidance to stop the bleeding, regain control, and reduce immediate risk. If apps/profiles reappear, or you suspect targeted harassment, you may need specialist support later.

Important note

This is general information, not professional security or legal advice. Phone menus vary by model and software version. Some administrator/management controls are legitimate on employer- or school-managed devices—verify with the issuing organisation if you’re unsure before removing required management.

Additional Resources
Support us