🔍 Check for Spyware
Detect & Remove Surveillance Apps
Identify stalkerware, commercial spyware, and surveillance apps on your Android device. Learn the warning signs, collect evidence, and safely remove threats.
Why This Matters
Spyware and stalkerware are designed to be invisible. They run silently in the background, monitoring your location, reading your messages, recording your calls, and tracking your every move. This guide teaches you how to detect and remove them.
Types of spyware to look for:
- Stalkerware: Apps installed by intimate partners to monitor and control
- Commercial spyware: FlexiSPY, mSpy, Spyic, Cocospy, etc.
- Parental control apps: Qustodio, Net Nanny, mSpy (misused for surveillance)
- Nation-state spyware: Pegasus, Predator (requires professional forensics)
⚠️ Safety First
If you're in an abusive relationship:
- Do NOT confront your abuser about spyware
- Do NOT remove spyware immediately (they'll know you found it)
- Document everything first
- Contact a domestic violence organization for guidance
- Have a safety plan before taking action
National Domestic Violence Hotline: 1-800-799-7233
Warning Signs of Spyware
🚩 Behavioral Red Flags
- Someone knows too much: They know where you've been, who you've talked to, what you've searched
- Unexpected confrontations: They bring up things you never told them
- Physical access to your device: They've had your phone alone, even briefly
- Controlling behavior: They insist on knowing your passwords, check your phone frequently
📱 Device Symptoms
- Battery drains quickly: Spyware runs constantly, consuming power
- Device gets hot: Even when idle, the phone feels warm
- Increased data usage: Spyware uploads your data to remote servers
- Strange notifications: Apps you don't recognize, permission requests
- Slow performance: Phone lags, apps crash frequently
- Unusual sounds during calls: Clicks, echoes, static (call recording)
Step-by-Step Spyware Detection
Check Installed Apps
Go to Settings → Apps → See all apps. Look for suspicious apps you don't recognize.
Common stalkerware app names:
- "System Update" or "System Service"
- "Device Health" or "Device Care"
- "WiFi Service" or "Internet Service"
- Apps with generic names like "App," "Service," "Update"
- Apps with no icon or a generic Android icon
🔍 How to Spot Hidden Apps
Spyware often disguises itself as system apps. Look for:
- Apps with permissions they shouldn't need (calculator with location access)
- Apps installed around the time suspicious behavior started
- Apps that can't be uninstalled (may have device admin privileges)
Check Device Administrator Apps
Go to Settings → Security → Device admin apps. Spyware often requests device administrator privileges to prevent removal.
Red flags:
- Apps you don't recognize with admin access
- Apps that won't let you revoke admin access
- Multiple "system" apps with admin privileges
⚠️ If you find suspicious admin apps, document them before attempting removal
Check Accessibility Services
Go to Settings → Accessibility → Installed services. Spyware abuses accessibility services to read screen content and record keystrokes.
Legitimate accessibility apps:
- Google's TalkBack, Select to Speak
- Password managers (LastPass, 1Password)
- Screen readers
Suspicious: Any app you don't recognize with accessibility access
Review App Permissions
Go to Settings → Privacy → Permission manager. Check which apps have access to:
- Location: Especially "Allow all the time"
- Camera & Microphone: Apps that shouldn't need them
- SMS & Phone: Apps reading your messages and call logs
- Contacts: Apps harvesting your contact list
💡 Permission Red Flags
Spyware typically requests:
- Location (all the time)
- Camera and microphone
- SMS and call logs
- Contacts
- Storage (to access photos and files)
Check Battery Usage
Go to Settings → Battery → Battery usage. Spyware runs constantly and shows up as high battery consumption.
Look for:
- Apps you don't recognize consuming significant battery
- System apps with unusually high usage
- Apps running in the background when they shouldn't be
Check Data Usage
Go to Settings → Network & internet → Data usage → Mobile data usage. Spyware uploads your data to remote servers.
Red flags:
- Apps with high data usage you don't recognize
- Data usage when you're not actively using your phone
- Sudden spikes in data consumption
Use PCAPdroid to Monitor Network Activity
Install PCAPdroid (Guide #2) to see which apps are connecting to the internet and where they're sending data.
Spyware indicators:
- Apps connecting to unknown IP addresses
- Apps sending data to servers in other countries
- Connections to known spyware command & control servers
- Apps uploading large amounts of data
How to Remove Spyware
⚠️ Before You Remove Spyware
If you're in danger:
- Document everything (screenshots, app names, permissions)
- Contact a domestic violence organization
- Have a safety plan
- Consider getting a new device instead of cleaning this one
If the person who installed spyware will notice it's gone, removing it may escalate the situation.
Option 1: Remove Individual Apps
- Go to Settings → Apps → Select the suspicious app
- If it has device admin access, go to Settings → Security → Device admin apps and revoke it first
- Go back to the app and tap "Uninstall"
- If "Uninstall" is grayed out, the app may be a system app or have admin privileges you can't revoke
Option 2: Factory Reset (Recommended)
The most reliable way to remove spyware is a complete factory reset. See Guide #10: Factory Reset for detailed instructions.
Why factory reset is better:
- Removes all spyware, including hidden system-level malware
- Ensures nothing is left behind
- Gives you a clean slate
Option 3: Professional Help
If you suspect nation-state spyware (Pegasus, Predator) or need evidence for legal proceedings, contact:
- Coalition Against Stalkerware: Resources and support
- Access Now Digital Security Helpline: [email protected]
- Electronic Frontier Foundation: [email protected]
After Removing Spyware
🔐 Change All Passwords
Assume the person who installed spyware has all your passwords. Change them immediately:
- Email accounts
- Social media
- Banking and financial accounts
- Google Account
- Any accounts with sensitive information
🛡️ Enable 2FA Everywhere
Use hardware security keys (Yubikey) or authenticator apps. Never use SMS 2FA if you can avoid it.
📱 Secure Your Device
- Set a strong PIN (Guide #7)
- Enable biometric lock
- Never share your PIN or password
- Don't leave your phone unattended
🚨 Document Everything
If you may need legal protection:
- Screenshot suspicious apps before removing them
- Note dates, times, and behaviors
- Save PCAPdroid logs showing suspicious connections
- Contact law enforcement if appropriate
Prevention
🔒 Physical Security
- Never share your PIN or password
- Don't leave your phone unattended
- Use biometric lock as a backup
- Enable "Power button instantly locks"
🛡️ Software Security
- Regularly audit app permissions (Guide #4)
- Use NetGuard to control network access (Guide #3)
- Monitor network traffic with PCAPdroid (Guide #2)
- Keep your device updated
🚨 Trust Your Instincts
If someone knows things they shouldn't, or your device behaves strangely, investigate immediately. Spyware is real, and it's more common than you think.
Next Steps
- Factory reset if needed: The most reliable way to remove spyware → Guide #10: Factory Reset (Coming Soon)
- Harden Google Account: Prevent account takeover → Guide #12: Google Account Security (Coming Soon)
- Get support: Contact domestic violence organizations if you're in danger
📞 Resources
- National Domestic Violence Hotline: 1-800-799-7233
- Coalition Against Stalkerware: stopstalkerware.org
- Access Now Digital Security Helpline: [email protected]
