How to find and remove spyware from your phone (2022)

How to find and remove spyware from your phone (1)

Our digital selves are now an established part of our identity. The emails we send, the conversations we have over social media -- both private and public -- as well as the photos we share, the videos we watch, the apps we download, and the websites we visit all contribute to our digital personas.

ZDNET Recommends

The best VPN services Every remote worker should consider a virtual private network to stay safe online. Read now

There are ways to prevent a government agency, country, or cybercriminal from peeking into our digital lives, for example, by using virtual private networks (VPNs), end-to-end encryption, and browsers that do not track user activity.

However, governments and law enforcement agencies are now taking advantage of sophisticated spyware developed and offered commercially by companies, including NSO groups. It can be extremely difficult to detect or remove when implanted on a device.

This guide will run through different forms of malicious software on your iOS or Android handset, what the warning signs of infection are, and how to remove such pestilence from your mobile devices if it is possible to do so.

How to find and remove advanced spyware from your iOS, Android phone

How to find and remove spyware from your phone (3)
(Video) How to remove spyware from Android phone? | 3 Ways!

What is spyware?

How to find and remove spyware from your phone (4)

Nuisanceware is often bundled with legitimate apps. It interrupts your web browsing with pop-ups, changes your homepage settings by force, and may also gather your browsing data in order to sell it off to advertising agencies and networks. Although consideredmalvertising, nuisanceware is generally not dangerous or a threat to your core security.

You then have basic spyware. These generic forms of malware steal operating system and clipboard data and anything of potential value, such as cryptocurrency wallet data or account credentials. Spyware isn't always targeted and may be used in general phishing attacks.

Advanced spyware, also known as stalkerware, is a step-up. Often unethical and sometimes dangerous, this malware is sometimes found on desktop systems, but it is now most commonly implanted on phone. Spyware and stalkerware may be used to monitor emails, SMS, and MMS sent and received; to intercept live calls for the purpose of eavesdropping across standard telephone lines or Voice over IP (VoIP) applications; to covertly record environmental noise or take photos; to track victims via GPS, or to hijack social media apps including Facebook and WhatsApp.

Stalkerware is often downloaded to spy on someone as an individual, such as in cases of domestic abuse.

You then have government-grade commercial spyware. Pegasus is the most well-known recent case, sold as a tool to governments for combating 'terrorism' and for law enforcement purposes -- but ultimately was found on smartphones belonging to journalists, activists, political dissidents, and lawyers.

The warning signs of attacks

How to find and remove spyware from your phone (5)

If you find yourself the recipient of odd or unusual social media messages or emails, this may be a warning sign of a spyware infection attempt. You should delete them without clicking on any links or downloading any files. The same goes for SMS content, too, which may contain links to lure you into unwittingly downloading malware.

To catch a victim unaware, these phishing messages will lure you into clicking a link or executing software that hosts a spyware or stalkerware payload. If the malware is being loaded remotely, user interaction is required, and so these messages might try to panic you -- such as by demanding payment or pretending to be a failed delivery notice. Messages could potentially use spoofed addresses from a contact you trust, too.

(Video) How to Remove Spyware from Android | Identify Spyware Apps

When it comes to stalkerware, initial infection messages may be more personal and tailored to the victim.

Physical access or the accidental installation of spyware by the victim is necessary. However, it can take less than a minute to install some variants of spyware and stalkerware.

If your mobile goes missing and reappears with different settings or changes that you do not recognize -- or it has been confiscated for a time -- this may be an indicator of tampering.

How do I know when I'm being monitored?

How to find and remove spyware from your phone (6)

Surveillance software is becoming more sophisticated and can be difficult to detect. However, not all forms of spyware and stalkerware are invisible, and it is possible to find out if you are being monitored.


A giveaway on an Android device is a setting that allows apps to be downloaded and installed outside of the official Google Play Store.

If enabled, this may indicate tampering and jailbreaking without consent. Not every form of spyware and stalkerware requires a jailbroken device, though.

This setting is found in most modern Android builds inSettings>Security>Allow unknown sources. (This varies depending on device and vendor.) You can also checkApps>Menu>Special Access>Install unknown appsto see if anything appears that you do not recognize, but there is no guarantee that spyware will show up on the list.

Some forms of spyware will also use generic names and icons to avoid detection. If a process or app comes up on the list you are not familiar with; a quick search online may help you find out whether or not it is legitimate.


iOS devices that aren't jailbroken are generally harder to install with malware unless a zero-day exploit is used. However, the presence of an app called Cydia, which is a package manager that enables users to install software packages on a jailbroken device, may indicate tampering (unless you knowingly downloaded the software yourself).

(Video) How To Check iPhone for Viruses and Malware and Remove Them

Other signs

You may experience unexpected handset battery drain, overheating, and strange behavior from the device's operating system or apps.

Surveillance without consent is unethical. In domestic situations, it causes a severe imbalance in power. If your sixth sense says something is wrong, listen to it. A physical object is not worth sacrificing your privacy and personal security.

Should your device become compromised, take back control of your right to privacy -- whether or not this means replacing your handset entirely -- but only if your physical safety isn't being threatened. In those cases, you should contact the authorities and investigators rather than tamper with your handset.

By design, spyware and stalkerware are hard to detect and can be just as hard to remove. It is not impossible in most cases, but it may take some drastic steps on your part. Sometimes the only option may be to abandon your device.

When removed, especially in the case of stalkerware, some operators will receive an alert warning them that the victim's device has been cleaned up. Should the flow of your information suddenly stop, this is anotherclear sign that the malicious software has been removed.

Do not tamper with your device if you feel your physical safety may be in danger. Instead, reach out to the police and supporting agencies.

Now, here are some removal options:

  1. Run a malware scan:There are mobile antivirus solutions available that can detect and remove spyware. This is the easiest solution available, but it may not be effective in every case. Cybersecurity vendors, includingMalwarebytes,Avast, and Bitdefender, all offer mobile spyware-scanning tools.
  2. Change your passwords:If you suspect account compromise, change the passwords of every important account you have. Many of us have one or two central 'hub' accounts, such as an email address linked to all of our other services. Remove access to any 'hub' services you use from a compromised device.
  3. Enabletwo-factor authentication (2FA):When account activity and logins require further consent from a mobile device, this can also help protect individual accounts. (However, spyware may intercept the codes sent during 2FA protocols.)
  4. Consider creating a new email address:Known only to you, the new email becomes tethered to your main accounts.
  5. Update your OS:It may seem obvious, but when an operating system releases a new version, which often comes with security patches and upgrades, this can -- if you're lucky -- cause conflict and problems with spyware. Keep this updated.
  6. Protect your device physically: A PIN code, pattern, or enabling biometrics can protect your mobile device from future tampering.
  7. If all else fails, factory reset... or junk it:Performing a factory reset and clean install on the device you believe is compromised may help eradicate some forms of spyware and stalkerware. However, make sure you remember to back up important content first. OnAndroidplatforms, this is usually found underSettings>General Management>Reset>Factory Data Reset. OniOS, go toSettings>General>Reset.

Unfortunately, some stalkerware services may survive factory resets. So, failing all of that, consider restoring to factory levels and then throwing your device away.

(Video) How To Detect Spyware & Malware On Your iPhone

An open source project developed by Amnesty International,MVT (Mobile Verification Toolkit)is a cyber forensics package able to scan for advanced spyware on mobile devices. However, this is most suited to investigators.

Government-grade spyware can be more difficult to detect. However, as noted in a guide on Pegasus published by Kaspersky, there are some actions you can take to mitigate the risk of being subject to such surveillance, based on current research and findings:

  • Reboots: Rebooting your device daily to prevent persistence from taking hold. The majority of infections have appeared to be based on zero-day exploits with little persistence and so rebooting can hamper attackers.
  • Disable iMessage and Facetime (iOS): As features enabled by default, iMessage and Facetime are attractive avenues for exploitation. A number of new Safari and iMessage exploits have been developed in recent years.
  • Use an alternative browser other than Safari, default Chrome: Some exploits do not work well on alternatives such as Firefox Focus.
  • Use a trusted, paid VPN service, and install an app that warns when your device has been jailbroken. Some AV apps will perform this check.

It is also recommended that individuals who suspect a Pegasus infection make use of a secondary device, preferably running GrapheneOS, for secure communication.

Google and Apple are generally quick to tackle malicious apps which manage to avoid the privacy and security protections imposed in their respective official app stores.

Several years ago, Googleremoved seven appsfrom the Play Store that were marketed as employee and child trackers. The tech giant took a dim view of their overreaching functions -- including GPS device tracking, access to SMS messages, the theft of contact lists, and potentially the exposure of communication taking place in messaging applications. Google has also banned stalkerware ads. However, some apps still apparentlyslip through the net.

(Video) How to Spot and Remove Stalkerware

When it comes to Apple, the firm hascracked downon parental control apps, citing privacy-invading functions as the reason for removal. The company offers its own parental device control service calledScreen Timefor parents who want to limit their child's device usage. Furthermore, the company does not allow sideloading, a practice Apple says stops mobile threats from proliferating in the iOS ecosystem.

More how-tos

  • How to stop spam messages on your iPhone
  • How to fix slow internet connections
  • How to clean any flat screen TV or monitor
  • How to improve and enhance the Windows 11 Taskbar


Is there a way to detect spyware on your phone? ›

How can you detect spyware on an Android phone? If you look in Settings, you'll see a setting which allows apps to be downloaded and installed that aren't in the Google Play Store. If this has been enabled, it's a sign that potential spyware may have been installed by accident.

How do I run a spyware scan on my Android? ›

How to check for malware on Android
  1. Go to the Google Play Store app.
  2. Open the menu button. You can do this by tapping on the three-line icon found in the top-left corner of your screen.
  3. Select Play Protect.
  4. Tap Scan. ...
  5. If your device uncovers harmful apps, it will provide an option for removal.

How can you tell if your phone is being monitored by someone else? ›

Here are 10 of the most common signs that someone is spying on your phone:
  • Unfamiliar Applications. ...
  • Your Device is 'Rooted' or 'Jailbroken' ...
  • The Battery Is Draining Fast. ...
  • Your Phone Is Getting Very Hot. ...
  • Unusually High Data Usage. ...
  • Strange Activity In Standby Mode. ...
  • Issues With Shutting Down the Phone. ...
  • Odd SMS Messages.
7 days ago

What app can detect spyware? ›

More videos on YouTube
S. No.Anti-spy app
1Spyware Detector – Anti Spy Privacy Scanner
2Anti Spy (Spyware Removal)
3Cell Spy Catcher (Anti Spy)
4Anti Spy Mobile Free
1 more row

Does *# 21 tell you if your phone is tapped? ›

Our ruling: False. We rate the claim that dialing *#21# on an iPhone or Android device reveals if a phone has been tapped FALSE because it is not supported by our research.

How do I block my phone from being tracked? ›

On Android: Open the App Drawer, go into Settings, select Location, and then enter Google Location Settings. Here, you can turn off Location Reporting and Location History.

How can I tell if I'm being spied on? ›

Some of the most obvious signs you are being spied on include: Someone seems to always be “bumping into you” in public. As if they always know when and where to find you. During divorce or separation, your ex-partner knows more details than they should about your activities, finances, or other details.

What are some spyware names? ›

The top spyware threats facing organizations today include:
  • Advanced Keylogger. Advanced Keylogger, a keystroke logger, monitors keystrokes and takes screenshots.
  • CoolWebSearch (CWS) ...
  • FinSpy (aka FinFisher) ...
  • Gator (GAIN) ...
  • GO Keyboard. ...
  • HawkEye. ...
  • HuntBar. ...
  • Look2Me.

Is system tracing spyware? ›

A new malicious application that steals user data, monitors movements, and actively searches online history has been discovered. This app pretends to update the android phone but, in reality, it serves as a giant spyware program. Do not download this Android app called "System Update."

What is Omacp on my phone? ›

Omacp is an Android virus that sneaks into your phone, steals data, and slows down your device. It also makes your phone vulnerable to potential hacking attacks. My phone had several issues like hanging regularly, pop-ups app stopped working, battery draining insanely fast, and receiving code-like messages from apps.

What do I dial to see if my phone has been hacked? ›

Use the code *#21# to see if hackers track your phone with malicious intent. You can also use this code to verify if your calls, messages, or other data are being diverted. It also shows your diverted information's status and the number to which the information is transferred.

How can I tell if I'm being spied on? ›

Some of the most obvious signs you are being spied on include: Someone seems to always be “bumping into you” in public. As if they always know when and where to find you. During divorce or separation, your ex-partner knows more details than they should about your activities, finances, or other details.

How do I stop my phone from being tracked? ›

Turn off the cellular and Wi-Fi radios on your phone. The easiest way to accomplish this task is to turn on the “Airplane Mode” feature. This shuts down both your cell radios as well as the Wi-Fi radio installed inside your phone so that neither of them can connect to their respective networks.

Will resetting phone remove hackers? ›

The majority of malware can be removed with a factory reset of your phone. This will, however, wipe any data stored on your device, such as photos, notes, and contacts, so it's important to back up this data before resetting your device. Follow the instructions below to reset your iPhone or Android.


1. How to Detect and Remove Spyware from Your iPhone
(Get Science & Technology)
2. How to Find And Remove Spy /Hacking apps From Android Phone | Malayalam | Remove Spyware | Part 2
(Bro 4 Tech)
3. How to Uninstall or delete Hidden Apps / Delete Spying apps from your phone
(RaRe iTech)
4. How to Uninstall Spy Hidden Apps || Remove Spyware from Android || Protect Phone from hack Apps
(Orbit Tech Informer)
5. How-To Detect If Someone's Spying on Your Phone [HACKED]
6. How to Detect Spy APP in Mobile | Find Spy App in Mobile | How to Find and Remove Spy App in Mobile
(Global IT Zone)

Top Articles

Latest Posts

Article information

Author: Clemencia Bogisich Ret

Last Updated: 09/11/2022

Views: 6369

Rating: 5 / 5 (60 voted)

Reviews: 91% of readers found this page helpful

Author information

Name: Clemencia Bogisich Ret

Birthday: 2001-07-17

Address: Suite 794 53887 Geri Spring, West Cristentown, KY 54855

Phone: +5934435460663

Job: Central Hospitality Director

Hobby: Yoga, Electronics, Rafting, Lockpicking, Inline skating, Puzzles, scrapbook

Introduction: My name is Clemencia Bogisich Ret, I am a super, outstanding, graceful, friendly, vast, comfortable, agreeable person who loves writing and wants to share my knowledge and understanding with you.