Government Spyware Just Flagged Your Phone. Here’s What to Do

Your phone buzzes. Apple or Google says government hackers targeted you. What now?

Jay Gibson knew what this meant. He used to work at spyware companies. Still, panic hit hard when his iPhone flashed that dreaded notification. He called his dad, powered down, and rushed to buy a new device.

“I was panicking,” Gibson told TechCrunch. “It was a mess. It was a huge mess.”

You might be next. Apple, Google, and WhatsApp now warn users when government spyware targets their devices. But the tech giants stop there. They point you toward help, then step back. So what happens after you get that notification?

Take the Warning Seriously

First things first. Don’t ignore it.

These companies analyze billions of data points daily. Their security teams hunt government hackers for a living. They’ve studied spyware from Intellexa, NSO Group, and Paragon Solutions for years.

If they think you’re targeted, they’re probably right.

Here’s the catch. Receiving a notification doesn’t always mean hackers succeeded. Apple and WhatsApp send alerts even when attacks fail. They just want you to know someone tried.

Google usually steps in before damage happens. The company blocks the attack, then tells you to lock down your account. That means turning on multi-factor authentication with a physical security key or passkey. Plus, enable Google’s Advanced Protection Program for extra security layers.

Lock Down Your Devices Fast

Apple users should flip on Lockdown Mode immediately. This feature activates multiple security measures that make targeting your device much harder.

Apple claims no one’s cracked a device with Lockdown Mode enabled. But nothing’s bulletproof.

Mohammed Al-Maskati runs Access Now’s Digital Security Helpline. His team investigates spyware attacks against journalists, activists, and dissidents 24/7. Their advice? Keep everything updated, restart your phone regularly, and watch for weird device behavior.

Also, be paranoid about suspicious links and attachments. That’s how most attacks start.

Use Detection Tools

Anyone with basic tech skills can check their own device. Mobile Verification Toolkit (MVT) lets you hunt for forensic traces of attacks. It’s open source and free.

Not tech-savvy? Skip straight to professional help.

Journalists, dissidents, academics, and human rights activists have options. Access Now’s Digital Security Helpline responds to threats globally. Amnesty International runs its own investigation team. The Citizen Lab at University of Toronto has tracked spyware abuses for nearly 15 years.

Reporters Without Borders also operates a digital security lab focused on journalists.

Where Everyone Else Goes

Politicians and executives face a trickier situation. Access Now and Citizen Lab focus on civil society, not business or government figures.

If you work for a large company, start with your security team. They might not have spyware expertise, but they know who does.

Otherwise, consider these private options. We’re not endorsing them, but security experts we trust suggested them:

iVerify makes apps for Android and iOS. They offer deep forensic investigations too. Matt Mitchell, a respected security expert, launched Safety Sync Group for vulnerable populations. Jessica Hyde runs Hexordia, providing forensic investigation services.

Lookout handles mobile cybersecurity and analyzes government spyware globally. They have an online form for suspected hacks. Costin Raiu leads TLPBLACK, staffed by former Kaspersky researchers who’ve exposed elite government hacking operations worldwide.

The Investigation Process

Initial checks happen remotely. Investigators examine diagnostic reports you create on your device. This first step might detect targeting or infection signs.

Or it might show nothing.

Deeper investigation requires sending a full device backup or your actual phone. Then investigators dig in. This takes time because modern spyware hides its tracks aggressively.

Unfortunately, you might never know for sure. Today’s spyware uses “smash and grab” tactics. It infects your device, steals everything it can, then deletes itself and vanishes.

Hassan Selmi leads incident response at Access Now. He says spyware makers want to protect their product by hiding from investigators and researchers.

Deciding What Happens Next

If you’re a journalist or activist, groups helping you might ask if you want to go public. But you’re not required to.

Going public has benefits though. You can denounce government targeting, warn others, or expose spyware companies abusing their technology.

Some people choose silence. Others prefer transparency. The choice is yours.

Modern spyware represents one of the most invasive surveillance tools governments deploy against civilians. These attacks aren’t just technical problems. They threaten fundamental rights to privacy, free expression, and association.

Tech companies sending warnings deserve credit for transparency. But warnings aren’t solutions. Real protection requires constant vigilance, updated security practices, and professional help when attacks happen.

Nobody should face sophisticated government surveillance alone. Organizations like Access Now, Amnesty International, and Citizen Lab exist precisely because these threats are serious and growing. Use them if you need help.

Stay paranoid. Update everything. Lock down your accounts. And if you get that notification, don’t panic like Gibson did. Follow the steps above, reach out for help, and take it seriously.

Your digital safety depends on it.