We’ve all gotten those chain messages warning us to “check this code now before it’s too late.” And sure, the idea of someone eavesdropping on your life without your knowledge is terrifying. But let’s be clear about this—*#21# isn’t a spy detection tool. It’s a network diagnostic command, baked into GSM phones since the 1990s. Still, millions of people use it like a digital lie detector test.
What *#21# Actually Does: Separating Myth from Carrier Functionality
Here’s the cold, boring truth: *#21# is a USSD (Unstructured Supplementary Service Data) code. These are commands sent directly to your mobile carrier’s network. They don’t interact with your iPhone’s operating system like an app. Think of them as old-school shortcuts—like dialing 411 for directory assistance, except for phone settings.
Call forwarding status in plain sight
When you dial *#21# and press call, your iPhone sends a query to your carrier asking: “Is call forwarding active on this line?” The response—which appears in a popup window—will tell you if voice calls, texts (SMS), or data are being redirected, and to which number. That’s it. No hidden cameras. No microphone taps. Just a status report on one specific network feature.
And that’s exactly where the confusion starts. People assume that if calls are being forwarded, someone must be intercepting them. But forwarding doesn’t require hacking. It can be set manually in Settings > Phone > Call Forwarding—or remotely by your carrier for services like voicemail.
Why this code became a digital urban legend
The myth really took off in the 2010s, fueled by social media panic. A viral message claimed that #21# reveals “hacker redirects.” The logic was simple: if your calls are going somewhere else, someone must be spying. Except that’s not how most phone surveillance works today. Modern spyware like Pegasus doesn’t use call forwarding—it silently logs keystrokes, captures screenshots, and uploads them over data. Completely invisible to #21#.
Yet the myth persists. Even in 2023, consumer surveys show 41% of iPhone users believe #21# is a security check. That’s not stupidity—it’s a symptom of how opaque smartphone security feels. We want a one-button solution. A magic code. And #21# looks like one. But it’s not.
How Call Forwarding Works on iPhones: More Than Just a Code
Let’s dig into how call forwarding actually operates. Because here’s the thing: it’s not some backdoor function. It’s a legitimate telephony feature with real uses—like routing calls to voicemail when you’re in a tunnel or forwarding business calls to an assistant.
Three types of forwarding: voice, SMS, and data
When you run *#21#, it checks all three. Voice call forwarding is the most common. SMS forwarding is rarer—carriers don’t always support it, and iPhones don’t let you enable it directly. Data forwarding? That’s not really a thing in this context. The code checks for GPRS redirection, but that’s mostly obsolete since LTE and 5G dropped legacy packet-switched systems.
Still, if your carrier supports it, *#21# might show SMS forwarding active. Could that mean someone’s intercepting texts? Technically yes—but only if they had physical access to your phone to set it up, or your carrier account was compromised. Not exactly the work of a shadowy hacker in a basement.
Manual vs. remote activation: who controls the switch?
You can turn on call forwarding manually—Settings > Phone > Call Forwarding. Or via dialer with 21[number]#. Carriers can also activate it remotely, usually for voicemail or international roaming. But they need authentication. So if forwarding is on and you didn’t set it, it’s more likely a carrier glitch than espionage.
I once had a client in Toronto whose calls were going to a number in Winnipeg. Panic ensued. Turned out Rogers had misapplied a business continuity rule during a system update. Took 72 hours to fix. No malware. No spyware. Just bad IT.
The Bigger Picture: How Phones Get Hacked (And It’s Not This)
If *#21# doesn’t catch spies, how do you know if your iPhone is compromised? Because let’s be honest—actual hacking is rare for average users. The vast majority of breaches happen through phishing, physical access, or malicious apps. Not carrier-level redirects.
Modern spyware bypasses network checks entirely
Take Pegasus, developed by NSO Group. It infects iPhones through zero-click exploits—meaning you don’t even have to tap a link. Once inside, it accesses everything: messages, photos, location, microphone. But none of that shows up in call forwarding. Because it’s not forwarding. It’s silently exfiltrating data over the internet. Completely invisible to USSD codes.
And that’s the real irony: if a government or skilled hacker is after you, *#21# won’t help. If it’s just a jealous partner who turned on forwarding while you slept, then sure—it might catch that. But we’re far from it in most real-world threats.
Physical access is still the number one risk
Most “hacking” cases I’ve investigated involved someone borrowing a phone while the owner was in the bathroom. They enabled forwarding, synced iCloud, or installed monitoring software like mSpy. These tools often use iCloud credentials or sideloaded profiles. Again—undetectable by *#21#.
That said, if you suspect physical tampering, check Settings > General > VPN & Device Management. Any unknown profiles? Delete them. And change your Apple ID password. Immediately.
Alternatives to *#21#: Real Ways to Check iPhone Security
So if *#21# is overrated, what should you do? Because the issue remains: we want control. We want to know if our privacy is breached. And honestly, it is unclear how many people actually know where to look.
Check for unknown devices in your Apple ID
Go to Settings > [Your Name]. See all devices signed into your account. If there’s a MacBook you don’t recognize or an iPad in London while you’re in Miami—logout and change your password. This is more revealing than any dial code.
Monitor background app activity
Settings > Battery shows which apps are running in the background. If WhatsApp is using 30% battery after 10 minutes of use, something’s off. Could be a bug. Could be a compromised app. Either way, investigate.
Use Apple’s Lockdown Mode (yes, it’s real)
Found in Settings > Privacy & Security, Lockdown Mode disables most attack surfaces: message attachments, FaceTime from unknown numbers, JavaScript in Safari. Heavy-handed? Yes. But if you’re a journalist, activist, or high-profile target, it changes everything. And you can enable it in three taps.
iOS Settings vs. USSD Codes: Which Offers More Control?
Let’s compare. *#21# gives a snapshot of call forwarding. That’s one feature. iOS settings give you control over location access, microphone permissions, app tracking, and device syncing. Yet people still reach for the dial pad like it’s a secret backdoor.
Why? Because dial codes feel technical. Mysterious. Like you’re peeking under the hood. But the dashboard is in Settings. Always has been.
Data is still lacking on how often *#21# actually uncovers malicious forwarding. No major cybersecurity firm has published stats. Because, frankly, it’s not a primary detection method. Yet Apple doesn’t explain this anywhere in the UI. So the myth fills the silence.
Frequently Asked Questions
Can *#21# detect if my phone is tapped?
No. Not in the way most people mean. If “tapped” means call forwarding, then yes—it detects that. But if you’re thinking wiretap-style audio interception or spyware, then no. Those operate at the software or network level and won’t show up here. The problem is, the word “tapped” means five different things to five different people. That’s where confusion breeds fear.
Does *#21# work on all iPhones?
Yes—if you’re on a GSM network. That includes AT&T, T-Mobile, and most carriers outside the U.S. It won’t work on CDMA-only lines (older Verizon plans before 2020). But even then, the feature exists in iOS settings. The code is just a shortcut. And some carriers block USSD for security, so results may vary.
Are there other codes like *#21# I should know?
Sure. #62# checks if calls are forwarded when unreachable. #67# checks busy/no reply forwarding. And *#06# displays your IMEI—useful if your phone’s stolen. But don’t expect revelations. These are administrative tools, not spy scanners. Experts disagree on their usefulness in modern iOS.
The Bottom Line: *#21# Is Useful, But Not a Security Miracle
I find this overrated. Not useless—just misunderstood. *#21# has a job: show call forwarding status. It does that. But treating it as a security audit is like using a flashlight to inspect a jet engine. It helps you see something, but not the whole picture.
My recommendation? Use *#21# if you suspect forwarding. But don’t stop there. Check your Apple ID, review app permissions, and enable two-factor authentication. Because real security isn’t in a code. It’s in habits.
And sure, there’s comfort in pressing a few buttons and seeing “disabled” on screen. That changes everything—emotionally. But technically? We’re barely scratching the surface.