How to Find and Remove Stalkerware From Your Phone
Even though your mobile device comes with many built-in features to protect your data and privacy, it may still be vulnerable to surveillance if someone you know gains access to your accounts or installs hidden apps (called stalkerware) that track your every move. These malicious apps can use your iPhone or Android’s built-in features and permissions to spy on you. Here’s how to spot and remove stalkerware from your device.
What is stalkerware?
Stalkerware is a type of spyware used to spy on and monitor activity on your device, such as messaging, viewing photos, and tracking your location in real time, without your consent. Stalkerware most often comes in the form of an app downloaded directly to your device and may be hidden from your home screen or disguised as something innocuous so that you are less likely to notice anything suspicious. As noted by TechCrunch, common stalkerware include Cocospy, Spyic, and TheTruthSpy. Stalkerware can be installed from third-party sources or from unofficial sources outside of the Google Play and Apple stores.
Possible signs of stalkerware (and other malware) include a large amount of data on your device, a hot or slow phone, faster battery drain, increased screen time, and strange notifications. However, stalkerware can be present without any of these issues. According to the Anti-Stalkerware Coalition, a common sign of tracking actually has little to do with your phone’s hardware specifications, but rather a change in the stalker’s behavior or awareness of your actions.
Please note that while spy apps are one way that bad actors can secretly monitor you, there are other settings on your phone that can be misused, such as backups, location sharing, and Google and Apple accounts that are controlled or accessed by someone else.
Cornell University’s Clinic Against Technology Abuse (CETA) has detailed resources on identifying and removing spyware, as well as other precautions to protect your device from spying, that you should consult if you think your phone may be hacked.
Create a safety plan first
Before attempting to remove spyware from your device or change shared access to your accounts and apps, it’s critical to develop a security plan. Removing spyware apps or changing permissions can alert the person who installed them, which could increase the risk of abuse or harassment. The Coalition Against Spyware providesa list of resources and organizations around the world that help victims .
Another thing to consider when removing stalkerware is that it potentially destroys evidence that you may need if you plan to report the incident to law enforcement. It may be worth keeping a log of the events.
Check for unrecognized applications
You can see a list of apps installed on your device in Settings, even if there’s no icon on your home screen. On both iOS and Android, you can do this in Settings, under Apps or Manage Apps . (On iOS, hidden apps can be seen by scrolling to the bottom of the list.) Note any that aren’t familiar.
On Android, stalker apps can use the access granted by your device’s accessibility mode, so you should check for apps listed in this section of the settings. If you don’t use the accessibility features and/or don’t recognize the app, it may be a sign that malware has been installed. Stalkers can also use the device administrator features. Go to Settings > Security > Device administrator app . For most personal devices, there should be nothing listed here.
Check the app permissions and settings.
Another way to identify suspicious apps is to check permissions, as spyware can abuse access to your device’s data. Permissions such as location, camera, microphone, and keyboard access can be found in the settings for each app. TechCrunch recommends specifically checking which third-party Android apps have access to your notifications, which allows you to spy on your messages and alerts (look for the Special App Access section in your device’s settings).
If you have iOS 16 or later, you can use Apple’s Security Checkup ( Settings > Privacy & Security > Security Checkup) to manage permissions and sharing for individual users and apps. You can review who you share information with, change the devices connected to your Apple account, reset system privacy permissions and update your passcode, and adjust other settings. There’s an emergency reset that immediately stops sharing all information from your device, and a quick exit button to quickly sign out.
If you don’t have Security Checkup set up on your device, or you want to understand certain phone settings that could share your data with someone else, like text message forwarding or Family Sharing, check out CETA’s iOS security guide .
How to remove stalkerware from your device
The most extreme step you can take to get rid of spyware is to get a new phone, which you can and should lock with a new password to prevent anyone with physical access to your device from installing malicious apps.
Another option is to perform a factory reset, which will delete apps and data from your device. You can do this in Settings > General > Transfer or reset iPhone on iOS and in the Settings app on Android (check your device manufacturer’s support pages for the exact path to your backup). Note that you’ll lose any data that wasn’t backed up, such as contacts, messages, and photos. A factory reset can be helpful even if you’re not 100% sure whether your phone has spyware installed, though it may not fix the problem if the spy still has access to the Apple ID or Google account associated with your device.
You can also use an antivirus app from a reputable company to scan for hidden and malicious apps (Google Play Protect can also perform manual scans on Android devices) and manually remove or uninstall apps from your device.
Once you’ve removed the spyware, make sure your device has a new screen lock code that’s difficult to guess if someone has physical access, and take steps to protect your email and other accounts with strong, custom passwords and two-factor authentication.