While your mobile device has a lot of built-in features to keep your data secure and protect your privacy, it may still be vulnerable to snooping if someone you know has access to your accounts or manages to install hidden apps—known as stalkerware—that track your every move. These malicious programs may exploit built-in features and permissions on your iPhone or Android to spy on you. Here’s how to identify and remove stalkerware from your device.
What is stalkerware?
Stalkerware is a form of spyware used to surveil and monitor activity on your device, such as messages, photos, and real-time location, without your consent. Stalkerware is most often found in the form of an app downloaded directly onto your device and may be hidden from your home screen or disguised as something innocent so you’re less likely to notice anything suspicious. As TechCrunch notes, common stalkerware apps include Cocospy, Spyic, and TheTruthSpy. Stalkerware may be side-loaded or installed from unofficial sources outside of the Google Play and Apple stores.
Some possible signs of stalkerware (and other malicious apps) include large amounts of data usage on your device, your phone running warmer or slower than usual, your battery draining more quickly, or increases in screen time as well as strange notifications. However, stalkerware can be present even without any of these issues. According to the Coalition Against Stalkerware, a common sign of monitoring actually has little to do with the technical aspects of your phone: Rather, it’s the stalker’s change in behavior or knowledge about your activities.
Note that while stalkerware apps are one way for someone to covertly keep tabs on you, there are other settings on your phone that can be abused, such as backups, location sharing, and Google and Apple accounts that someone else controls or has access to.
Cornell University’s Clinic to End Tech Abuse (CETA) has detailed resources for identifying and removing stalkerware as well as other precautions for securing your device against spying, which you should refer to if you believe your phone may be compromised.
Create a safety plan first
Before attempting to remove stalkerware from your device or changing shared access to your accounts and apps, it is essential that you have a safety plan in place. Deleting monitoring apps or updating permissions can alert the person who installed them, which may increase the risk of abuse or harassment. The Coalition Against Stalkerware has a list of survivor assistance resources and organizations in different countries.
Another consideration for removing stalkerware: doing so potentially erases evidence you may need if you plan to report the incident to law enforcement. You may want to keep a log of what you experience.
Check for unrecognized apps
You can view apps installed on your device in your settings even if there’s no icon on the home screen. On both iOS and Android, this is in the settings app under a menu titled Apps or App management. (On iOS, you can see hidden apps by scrolling all the way down to the bottom of the list.) Look for anything you don’t recognize.
On Android, stalkerware may take advantage of the access provided by your device’s accessibility mode, so you should check for any apps listed under this section of your settings. If you don’t use accessibility features and/or don’t recognize an app, this may be a sign you have a malicious program installed. Stalkerware may also exploit device admin options. Go to Settings > Security > Device admin app. For most personal devices, there shouldn’t be anything listed here.
Review app permissions and settings
Another way to identify suspicious apps is through permissions, as stalkerware may abuse access to your device’s data. You can see permissions, such as location, camera, microphone, and keyboard access, in your settings on an app-by-app basis. TechCrunch suggests specifically checking which third-party apps on Android have access to your notifications, which allow surveillance of your messages and alerts (look for Special app access in your device settings).
If you have iOS 16 or later, you can use Apple’s Safety Check feature (Settings > Privacy & Security > Safety Check) to manage permissions and sharing with individuals and apps. You can check who you are sharing information with, change devices connected to your Apple account, reset system privacy permissions, and update your passcode, among other settings. There’s an Emergency Reset option, which will immediately stop sharing all information from your device, and a Quick Exit button if you need to close out with one tap.
If you don’t have Safety Check on your device or want to dig into specific phone settings that may be sharing your data with someone else—such as text message forwarding or Family Sharing—use this CETA guide to iOS safety.
How to remove stalkerware from your device
The most extreme step you can take to get away from stalkerware is to get a new phone, which you can and should lock down with a new passcode to prevent someone with physical access to your device from installing malicious apps.
Another option is to perform a factory reset, which will erase apps and data from your device. This is under Settings > General > Transfer or Reset iPhone on iOS and in the Settings app on Android (you can find the exact path on your device manufacturer’s support pages). Note that you will lose any data that aren’t backed up, such as contacts, messages, and photos. A factory reset can be useful even if you’re not 100% sure if there’s a stalkerware app on your phone, though it may not solve the issue if the person spying still has access to the Apple ID or Google account that’s connected to your device.
You can also use an antivirus app from a trusted company to scan for hidden and malicious apps (Google Play Protect can also manually scan on Android) and manually delete or uninstall apps from your device.
Once you’ve removed stalkerware, ensure your device has a new lock screen passcode that’s not easily guessed in the event someone has physical access, and take steps to secure your email and other accounts with strong individual passwords and two-factor authentication.
