Someone Might Be Spying on Your Phone Right Now: How to Detect and Remove Stalkerware

I need to start this article with something most cybersecurity guides skip.

If you suspect that someone — a partner, an ex, a family member — has installed surveillance software on your phone, removing it might not be the safest first step. Stalkerware is frequently used in the context of domestic abuse, and the person who installed it may receive an alert or notice when the software stops working. Abusers who lose visibility into a partner's activities can escalate. This is a documented pattern, and it's real.

If you're in a domestic violence situation, please contact the National Domestic Violence Hotline (1-800-799-7233) or the National Network to End Domestic Violence's Safety Net project from a different device — a friend's phone, a library computer, anything that isn't the phone you suspect is compromised. They have trained advocates who understand technology-facilitated abuse and can help you develop a safety plan before you make changes to your device.

I'm saying this first because it's the most important thing in this article. Technical knowledge is only useful if it's applied safely.

Now let's get into the technical reality.

What Stalkerware Actually Is

Stalkerware — also called spouseware or creepware — is software designed to secretly monitor everything that happens on a phone. Not "some things." Everything.

Depending on the specific app, stalkerware can capture your text messages (including encrypted messaging apps in some cases), your call history and call recordings, your real-time GPS location, your photos and videos, your browsing history, your social media activity, your email, your calendar, your contact list, your keystrokes, and in some cases, activate your camera and microphone remotely without any visible indicator.

All of this data gets transmitted silently to a control panel — typically a web dashboard — that the person who installed it can access from anywhere.

The app runs invisibly. There's no icon on your home screen. No notification that it's active. It's designed, from the ground up, to be undetectable by the person being monitored.

And in February 2026, security researchers at iVerify exposed ZeroDayRAT, a new commercial spyware platform being sold on Telegram for $2,000. For that price, anyone gets a turnkey surveillance kit: live camera feeds, real-time GPS, keylogging, SMS interception including 2FA codes, and modules to drain bank accounts and crypto wallets. It targets both Android and iOS.

This is where the stalkerware industry is heading. Not million-dollar tools reserved for intelligence agencies. Consumer-grade surveillance kits, accessible to anyone with bad intentions and a couple thousand dollars.

How Stalkerware Gets on Your Phone

Understanding installation methods tells you what to watch for.

Physical access is the primary vector. Most stalkerware requires someone to physically handle your phone for a few minutes. They need to unlock it, install the app (usually from a direct download link, not an app store), grant the necessary permissions, and then hide the app from view. This is why stalkerware is overwhelmingly used by people who have regular physical access to the target's device — intimate partners, family members, or coworkers.

If someone borrows your phone for "just a minute," or if you've left your phone unattended around someone you don't fully trust, the window exists.

Pre-installed on gifted devices. A disturbingly common tactic: the abuser buys the victim a new phone as a "gift" with stalkerware already installed and configured before it's given. The FTC has specifically warned about this vector. If you receive a phone from someone who has a reason to monitor you, treat it as potentially compromised.

Jailbreaking or rooting required for some features. On iPhones, the most invasive stalkerware features require the device to be jailbroken — a process that removes Apple's built-in restrictions. If your iPhone has been jailbroken without your knowledge, that's a significant indicator. On Android, rooting serves a similar purpose, though many stalkerware apps work without root access by abusing accessibility permissions.

iCloud credential exploitation (iPhone-specific). Some iPhone stalkerware doesn't require installation on the device at all. If someone has your Apple ID credentials, they can access your iCloud backups — which contain messages, photos, location history, and more — through a web interface. No physical access to your phone required.

Warning Signs: How to Tell If Your Phone Has Stalkerware

Stalkerware is specifically engineered to avoid detection. There's no flashing red light. But there are indicators — some technical, some behavioral — that should trigger investigation.

Technical Indicators

Unusual battery drain. Stalkerware runs continuously in the background, processing and transmitting data. This consumes power. If your phone's battery life has deteriorated noticeably without a clear explanation (new apps, software update, aging battery), it's worth investigating.

Unexplained data usage spikes. Check your mobile data usage statistics (Settings → Cellular/Mobile Data on both platforms). If you see apps or processes consuming significantly more data than expected, or if your overall usage has increased without a change in your habits, stalkerware could be transmitting captured data.

Phone overheating when idle. If your phone is warm to the touch when you haven't been using it — especially at night when it should be idle — background processes are running. Stalkerware maintaining a GPS lock and transmitting data can cause this.

Unusual device behavior. The phone screen lighting up randomly. Delayed shutdown or restart. Unexpected sounds during calls (though modern stalkerware is increasingly silent). Apps taking longer to load than usual. Settings that you didn't change being altered.

Increased Screen Time reports without matching usage. Both iOS and Android track screen time. If the reported usage is significantly higher than your actual usage, background activity from stalkerware could be the cause.

Behavioral Indicators

This is often the strongest signal. If someone in your life knows things they shouldn't know — details about private conversations, places you've been, people you've contacted — and there's no obvious explanation for how they'd have that information, your device may be compromised.

An abuser who responds to things you've said in private messages that you never shared with them. A partner who shows up at locations you mentioned only in text conversations. Someone who references the contents of emails you haven't discussed. These patterns matter more than any technical symptom.

How to Check Your Phone for Stalkerware

Android Detection Steps

1. Check Google Play Protect status.
Go to Google Play Store → tap your profile icon → Play Protect → Settings. Verify that "Scan apps with Play Protect" is enabled. If someone installed stalkerware, they may have disabled this first. If you find it turned off and you didn't do that, that's a red flag.

2. Review installed apps — including hidden ones.
Go to Settings → Apps → See all apps. Stalkerware hides from your home screen but usually still appears in the full app list. Look for apps with generic names you don't recognize: "System Service," "Phone Manager," "Device Health," "Sync Services," "System Update," or anything that sounds utility-like but you didn't install.

3. Check Device Admin apps.
Go to Settings → Security → Device Admin Apps. Stalkerware sometimes registers as a device administrator to prevent easy removal. If you see an app with admin privileges that you don't recognize, that's suspicious.

4. Check Accessibility Services.
Go to Settings → Accessibility. Stalkerware frequently abuses Android's accessibility features to capture screen content, keystrokes, and notifications. If an app you don't recognize has accessibility access, investigate it.

5. Review app permissions.
Go to Settings → Privacy → Permission Manager. Check which apps have access to Location (especially "Always"), Microphone, Camera, Contacts, Call Logs, and SMS. Any unfamiliar app with these permissions is a concern.

6. Check for unknown installation sources.
Go to Settings → Apps → Special app access → Install unknown apps. If any app has permission to install other apps from unknown sources, and you didn't enable it, someone may have used it to sideload stalkerware.

iPhone Detection Steps

1. Check for profiles or MDM configurations.
Go to Settings → General → VPN & Device Management. If you see any profiles or management configurations you don't recognize — especially if you're not using a work-managed device — that's a strong indicator. Some stalkerware uses configuration profiles to gain deeper access.

2. Check if the device is jailbroken.
Look for apps like Cydia, Sileo, or Zebra on your phone. These are package managers used on jailbroken iPhones. You can also check by looking for any apps that shouldn't be installable through the official App Store.

3. Review all signed-in devices.
Go to Settings → [Your Name] → scroll down to see all devices signed into your Apple ID. If you see devices you don't recognize, someone may be accessing your account from another device.

4. Check iCloud backup access.
Go to Settings → [Your Name] → iCloud. Review what's being backed up and check "Manage Account Storage" → Backups. If iCloud backup is enabled but you didn't set it up, someone may be accessing your backups remotely using your Apple ID credentials.

5. Review app permissions.
Go to Settings → Privacy & Security and review each permission category, especially Location Services, Microphone, and Camera. Check for any apps you don't recognize with access to sensitive data.

Use Dedicated Detection Tools

Malwarebytes for Android can detect and identify known stalkerware. The app labels detections as "Android/Spyware" or "Android/Monitor" with specific identification.

iVerify offers mobile threat detection for both iOS and Android and was the team that discovered ZeroDayRAT.

Lookout provides mobile security scanning that includes stalkerware detection.

On iPhone, full device scans are limited by Apple's restrictions on third-party security apps, which is why checking profiles, signed-in devices, and iCloud access manually is especially important.

How to Remove Stalkerware Safely

Before removing anything, consider your safety. If you're in an abusive situation, the stalker will likely notice when the software stops sending data. Plan accordingly. Contact a domestic violence advocate from a safe device first.

If it's safe to proceed:

Option 1: Factory reset. The most thorough option. A factory reset wipes everything and returns the phone to its original state. This removes all stalkerware, including deeply embedded variants. After reset, create new accounts (new Apple ID or Google account) rather than restoring from a backup — the backup might contain the stalkerware configuration.

Option 2: Use anti-malware removal. Run Malwarebytes or another detection tool and follow its removal prompts. This is less disruptive than a factory reset but may not catch all variants.

Option 3: Manual removal. If you've identified the specific app through the detection steps above, you can uninstall it. On Android, you may need to remove its Device Admin privileges first (Settings → Security → Device Admin Apps → deactivate the app), then uninstall from Settings → Apps.

After removal, regardless of method:

Change ALL passwords — email, social media, banking, everything. Do this from a device you know is clean. Enable two-factor authentication using an authenticator app (not SMS). Review your iCloud/Google account for unrecognized devices and sign them all out. Consider changing your phone number if the stalker has been intercepting SMS-based verification codes. Set a strong screen lock (6+ digit PIN or biometric) and never share it.

Beyond Stalkerware: Other Ways Someone Can Monitor You

Stalkerware gets the attention, but it's not the only way someone can surveil you through your phone.

Shared cloud accounts. If someone knows your Apple ID or Google account password, they can see your location (Find My / Google Find My Device), read your messages (if synced to iCloud), view your photos, and access your email — all without installing anything on your device.

Shared family plans. Family Sharing on Apple and Google Family Link give certain visibility into other users' activity. Review whether you're part of a family plan you didn't join willingly.

AirTag and Bluetooth tracker stalking. Small tracking devices like Apple AirTags can be hidden in bags, cars, or clothing to track physical location. Both iOS and Android now have detection capabilities for unknown trackers. On iPhone, you'll receive an "AirTag Found Moving With You" alert. On Android, Google has rolled out unknown tracker detection as well.

Social media tracking. Reviewing someone's public social media activity, location check-ins, tagged photos, and story posts requires no technical skill at all. Being careful about what you share publicly is its own form of protection.

The Bigger Picture

The stalkerware industry has been breached 27 times since 2017, exposing millions of victims and the people who purchased the surveillance. Yet the market keeps growing because demand keeps growing. The Coalition Against Stalkerware — a partnership of security companies, domestic violence organizations, and digital rights groups — continues to push for better detection, prosecution, and awareness.

Your phone contains your entire life. Your conversations, your location history, your financial data, your photos, your authentication codes. For a few hundred or a few thousand dollars, someone can see all of it without you ever knowing.

The only defense is awareness, good device hygiene, and the willingness to check. If anything in this article triggered recognition of something happening on your own device, take it seriously. Check today. And if you're in danger, reach out for help from a safe device first.

Your privacy is not a luxury. It's a right. Protect it.