With so much sensitive data and access to so many apps and services on our phones and laptops, it makes sense that we don’t want unwelcome visitors snooping around.
That’s why it’s essential to get a PIN code, fingerprint lock, password or some other kind of security protection in place, so that you and only you can access everything within your gadgets.
However, you might have let your guard down and now you think somebody else may have spent a few minutes with your hardware. Or perhaps you suspect someone knows your device PIN or password and can get access any time they like.
Investigating a potential breach doesn’t take a forensics kit, and you can easily run some basic checks to help you figure out if you were a victim to an intruder. These diagnostics won’t necessarily provide definitive proof someone has accessed your devices, but they can give you a pretty good idea whether that’s the case.
(By the way, if you want to lend your phone out to people every now and again, there are ways of doing it safely).
Apps can’t hide on smartphones. If someone has installed an additional app on your handheld device, you’ll be able to see it in the main list. On Android, open Settings and pick Apps and notifications then See all apps. On iOS, just open Settings and scroll down to see everything that’s installed.
You can specifically look at recently installed apps too, but only on iPhones. Scroll to the App Library screen (it’ll be to the right of all your home screens), and you’ll see there’s a Recently Added window showing the last apps installed.
If you have web and app activity logging set up for your Google account, this will show what’s been happening on any Android devices linked to your Google ID, and any Google apps you’re signed into on iOS devices. Visit the My Google Activity page on the web to set up this feature, and see which apps have been used and what websites have been visited.
[Related: Keep your online accounts safe by logging out]
Don’t forget that the latest versions of Android and iOS also keep local logs of device activity, if you’ve enabled the feature. Pick Digital Wellbeing and parental controls from Android Settings or Screen Time from iOS Settings. There,you can dig in to see which apps have been in use in the past 24 hours or the past few days—if there are apps you don’t remember using, it might be a sign that someone else has been on your phone.
Then there are the activity logs inside your individual apps, and your mobile web browser is a good example. Open up Chrome for Android, tap the three dots (top right), then choose History to see recently viewed webpages. In Safari on iOS, tap inside the address bar, tap the book icon, then open the History tab that is under the icon that looks like a clock.
If you’re an Android user, another useful place to check is your notification history. From Settings tap Apps and notifications, Notifications, and Notification history to see alerts that have come in recently. It’s possible that if an unwelcome guest has been on your phone, there will be some traces of what they’ve been up to here.
Regardless of your operating system, you’ve got plenty of other options too—open your phone’s gallery app to see recently taken photos, for example, or open your email client and switch to the sent items folder to check if any messages have been sent in your name. Apps like YouTube and Netflix let you look back on what you’ve viewed recently as well.
These checks don’t really give you any guarantees. For example, someone could send a message on your phone and then go back and delete it before you have a chance to check. But they might turn up some clues of suspicious activity.
Checking your laptop for recent activity is similar to the process we just described for your phone. Looking at the installed apps is a good start: On Windows, open up Apps from Settings, and head to the Apps & features screen. You can sort the list of apps by installation date to see if something unfamiliar has been added to your computer.
On macOS head to the Applications folder in Finder. Here you can group the installed apps by date by clicking View, Group By, and Date Added. There’s also Screen Time on a Mac, which works just as it does on an iPhone or iPad. Open the Apple menu, then choose System Preferences and Screen Time to see which programs have been open recently.
Digging back through your web browser’s history may reveal activity on your laptop you didn’t know about. In Chrome, for example, you can click the three dots (top right) then History to see it. In Safari, choose History then Show All History. Any other browser you or someone else might have used will have a similar history feature that shouldn’t be difficult to find.
[Related: How to clear your web history in any browser]
Any kind of activity related to Google apps—from search to Gmail—will be logged on the My Google Activity page in your account. It’s handy if you use Google apps inside your web browser a lot.
Another idea is to check the list of recently edited files, which might reveal unauthorized activity. On Windows, type “run” into the taskbar search box, choose the Run app, and run the “recent” command—a list of recently edited files will appear. It’s a little easier in macOS, because you can just click the Recents link in Finder.
It’s also worth diving into individual applications to see what you can discover about recent activity. For example, image editing programs, word processors and many other apps will have a list of recently opened files, which you can check out. In Excel for Windows, for example, go to File, Open, and Recent. Other programs will have something similar.
Remember that a lot of websites and web apps will give you a customized breakdown of your recent history, too. You can very easily bring up your YouTube history or your Netflix history and check if there’s any unfamiliar movements.
If someone has accessed your computer, there are ways of getting around the checks that we’ve mentioned. Browsing the web in an incognito or private mode so it won’t show up in your history, is an easy one most people know about. Keep this in mind and treat these checks as helpful pointers rather than conclusive evidence that your laptop has or hasn’t been accessed.