in Robotics

Is spyware hiding on your phone? How to find and remove it – fast

20 Views

Elyse Betters Picaro / ZDNET

Follow ZDNET: Add us as a preferred source on Google.

ZDNET key takeaways

  • Spyware can secretly track, record, and steal data from your phone.
  • Watch for strange behavior, data spikes, or unknown apps as warning signs.
  • Use antivirus tools, update often, and avoid untrusted app sources.

Spyware is a threat to your personal security and privacy that you may not know is on your smartphone.

But what is spyware? It’s a form of malware, often packaged as a legitimate mobile application, that may steal your information, track your location, record your conversations, monitor your social media activity, screenshot your actions, and more. It may land on your handset through phishing, as a fake mobile application, or via a once-trustworthy app updated over the air to become an information stealer.

Also: I found the easiest way to delete myself from the internet – and it’s fast

Similarly, a remote monitoring app promoted for parental use or work purposes could be abused to become a privacy invader rather than a legitimate service.

Our guide will run through different forms of malicious software that could end up on your iOS or Android handset, the warning signs of infection, and how to remove spyware from your smartphone. We will also discuss stalkerware and other ways threats closer to home may spy on you — and what you can do about it.

What is spyware?

Spyware comes in many forms, and it’s helpful to know the basic differences before you tackle infections on your handset.

Nuisanceware is often bundled with legitimate apps. It interrupts your web browsing with pop-ups, changes your homepage or search engine settings, and may also gather your browsing data to sell to advertising agencies and networks.

Although considered malvertising, nuisanceware is generally not dangerous or a threat to your core security. Instead, these malware packages focus on generating revenue by forcing ad views or clicks.

Also: The best password managers of 2025

There’s also generic mobile spyware. These forms of malware steal operating system and clipboard data, as well as anything of potential value, such as cryptocurrency wallet data or account credentials. Spyware isn’t always targeted and may be used in spray-and-pray phishing attacks.

Spyware may land on your device through phishing, malicious email attachments, social media links, fraudulent SMS messages, or physical device tampering.

Advanced spyware, sometimes also classified as stalkerware, is a step up from basic spyware. Unethical and often dangerous, this malware is sometimes found on desktop systems but is now more commonly installed on phones.

Also: How to find out if an AirTag is tracking you – and what to do about it

Spyware and stalkerware may be used for the following purposes:

  • To monitor emails, SMS, MMS messages, and other forms of communication sent and received
  • To intercept live calls to eavesdrop across standard telephone lines or Voice over IP (VoIP) applications
  • To record environmental noise
  • To hijack camera functions to take photos and videos
  • To screenshot mobile device activities and send them to a controller
  • To track victims via GPS
  • To hijack social media apps such as Facebook and WhatsApp
  • For keylogging, account compromise, and data theft

Stalkerware is typically used to spy on an individual and monitor what they do, say, and where they go. Stalkerware is commonly linked to cases of domestic abuse.

Finally, there’s government-grade commercial spyware. Pegasus is one of the most well-known variants, sold to governments as a tool for combating terrorism and for law enforcement purposes. Pegasus was ultimately found on smartphones belonging to journalists, activists, political dissidents, and lawyers. Unless you’re part of a group of specific interest to ethically challenged governments, it’s unlikely that commercial-grade spyware will impact you due to its high cost and the expense of individually selecting and targeting victims.

What are the warning signs of someone trying to install spyware?

There are signs to watch for that might indicate a spyware or stalkerware operator is targeting you.

Finding yourself the recipient of odd or unusual social media messages or emails might be part of a spyware infection attempt. You should delete these without clicking on any links or downloading any files.

The same is true for SMS messages, which may contain links to trick you into unwittingly downloading malware. For example, you could receive an SMS failed delivery notice or a payment “request” that’s masked to appear to come from a well-known service. Sometimes these will just be phishing attempts or spam, but they may also have a darker purpose.

Also: What is ransomware? Everything you need to know and how to reduce your risk

To catch you unaware, phishing messages will lure you into clicking a link or running software that hosts a spyware or stalkerware payload. If the malware is being loaded remotely, user interaction is required, and so these messages might try to panic you — for example, by demanding payment to a tax office or bank. Messages could also use spoofed addresses from a contact you trust.

When it comes to stalkerware, initial infection messages may be more personal and tailored to the victim. Physical access to a handset may be necessary. Unfortunately, installing some variants of stalkerware or advanced spyware can take nothing more than a few seconds.

If your phone goes missing or is out of your possession for a period of time and then reappears with settings or changes you do not recognize, this may indicate that your device has been tampered with.

What are the signs that spyware is on my phone?

Depending on the type of mobile malware, there are signs you can watch out for that may indicate your smartphone has been compromised.

You may experience unexpected handset battery drain, overheating, and strange behavior from your handset’s operating system or apps. Settings such as GPS and location functions may turn on and off unexpectedly, or you may experience random reboots and unexplained crashes.

If you suddenly are using far more cellular data than usual, this could also indicate that information is being sent from your smartphone without your knowledge or that remote connections are active.

In addition, you may hear unusual noises or distortion during phone calls — although this could simply be due to poor reception, it may also be a sign of interception.

Also: Best VPN services 2025: Our top picks for speed and security

You may also have trouble completely turning off your device.

Specific forms of spyware designed to generate fraudulent revenue may be able to obtain sufficient permissions to affect your bank balance. If you are signed up for services or premium SMS plans and you know you didn’t consent to them, this could be a sign that spyware is on your device.

Keep an eye on your credit cards for any signs of suspicious payments, as well as any cryptocurrency wallets you own.

Also: Your Android phone’s most critical security feature is turned off by default – how to enable it ASAP

An important point to mention is that sometimes spyware or other forms of malicious software might end up on your device via an initially benign app. There have been cases of developers releasing a genuine, useful app in official repositories, such as a currency converter or weather app, and then — after a large user base has been gathered — the developers twist the app’s functions through a software update.

Unfortunately, there’s little that the average user can do if an app is updated with data-stealing and other malicious functions. However, if you recently downloaded a mobile app and now your phone is displaying odd behavior, consider removing it and running a malware scan.

What other signs of spyware might I see on my devices?

Surveillance software is becoming more sophisticated and can be difficult to detect. However, not all forms of spyware and stalkerware are invisible, and it is possible, in many cases, to find out if you are being monitored.

Android

One telltale sign on an Android device is a setting that allows apps to be downloaded and installed outside of the official Google Play Store.

If this setting is enabled, it may indicate tampering and jailbreaking without your consent. Not every form of spyware and stalkerware requires a jailbroken device, though.

Also: Updated to Android 16? You should enable these 2 critical security features ASAP – here’s why

This setting is found in most modern Android builds in Settings > Security > Allow unknown sources. (This varies depending on the device and vendor.) You can also check Apps > Menu > Special Access > Install unknown apps to see if anything appears that you do not recognize, but there is no guarantee that spyware will show up on the app list.

Some forms of spyware also use generic names and icons to avoid detection. For example, they may appear to be useful utility apps such as calendars, calculators, utilities, or currency converters. If a process or app appears in the app list that you are not familiar with, a quick online search may help you determine whether it is legitimate.

iOS

iOS devices that aren’t jailbroken are generally harder to infect with malware than Android handsets, unless a spyware developer is exploiting a zero-day or unpatched vulnerability.

Also: 7 ways to lock down your phone’s security – before it’s too late

However, the same principles apply: with the right tool, exploit, or software, your device could be compromised either with physical access or remotely. You may be more susceptible to infection if you have not updated your iPhone’s firmware to the latest version and you do not run frequent antivirus scans.

Both iOS and Android phones, however, will typically show some sign of a malware infection.

Will there always be symptoms of a spyware infection?

Unfortunately, no. Advanced spyware and stalkerware may hide themselves well, disguised as legitimate system apps or services, and may limit power usage to avoid detection.

How can I remove spyware from my device?

By design, spyware and stalkerware are hard to detect and can be difficult to remove. It is not impossible in most cases, but it may take some drastic steps on your part. Sometimes, the last resort may be to scrap your device and start again.

When spyware is removed, especially stalkerware, operators may receive an alert indicating that the victim’s device has been cleaned. Should the flow of your information suddenly stop, this would be another clear sign to the attacker that the malicious software has been removed.

Also: 7 simple things I always do on Android to protect my privacy – and why you should too

Do not tamper with your device if you feel your physical safety may be in danger. Instead, reach out to the police and supporting agencies.

Now, here are some removal options:

  • Run a malware scan: There are mobile antivirus solutions available that can detect and remove spyware. This is the easiest solution available, but it may not be effective in every case. Cybersecurity vendors including Malwarebytes, Avast, and Bitdefender all offer mobile spyware-scanning tools. This is the easiest option for run-of-the-mill infections.

Also: The best antivirus software 2025

  • Use a dedicated spyware removal tool: You can also try using software specifically designed to detect and remove spyware. However, be careful to download tools only from reputable firms and official sources, as one of the most common ways to distribute malware is to disguise it as antivirus software.
  • Delete suspicious apps: Examine the list of installed apps on your handset and remove any you don’t recognize, as well as any you don’t use anymore.
  • Check device administration: Found within advanced security settings, you can check to see if any suspicious apps have administration permission levels. If so, you can try to remove them, although this could mean you need to restore your handset to factory settings.
  • Reboot in Safe mode: Restarting your smartphone in Safe mode will prevent third-party software from operating. On Android handsets, you can usually do this by long-pressing the power-off button and selecting Safe mode. This can allow you to safely uninstall apps — but it is not a failsafe solution against advanced spyware variants.
  • Update your operating system: It may seem obvious, but when an operating system releases a new version, which often comes with security patches and upgrades, it can — if you’re lucky — cause conflict and problems with spyware. Keep this updated.

Also: Rebooting your phone daily is your best defense against zero-click attacks – here’s why

If you have found suspicious software on your handset, consider the following:

  • Change your passwords, enable biometrics: If you suspect account compromise, change the passwords of every important account you have. Many of us have one or two central “hub” accounts, such as an email address linked to all of our other services. Remove access to any such hub services you use from a compromised device. For added security, consider changing your account passwords on a PC and forcing a logout on other devices, and enabling biometric authentication to prevent physical handset tampering.
  • Create a new email address: Known only to you, the new email becomes tethered to your main accounts. If stalkerware is involved, this should be an option you consider if it is safe. It can help you wrestle back control of your accounts in a discreet and quiet way without alerting anyone.

What can I do about advanced, commercial spyware?

Government-grade spyware can be more difficult to detect. However, as noted in a guide on Pegasus and other forms of commercial-grade malware published by Kaspersky, there are some actions you can take to mitigate the risk of being subject to such surveillance, based on current research and findings:

  • Reboots: Reboot your device daily to prevent persistence from taking hold. The majority of infections appear to be based on zero-day exploits with little persistence; therefore, rebooting can hamper attackers.
  • Disable iMessage and FaceTime (iOS): As features enabled by default, iMessage and FaceTime are attractive avenues for exploitation. A number of new Safari and iMessage exploits have been developed in recent years.
  • Use an alternative browser other than Safari or default Chrome: Some exploits do not work well on alternatives such as Firefox Focus or the Tor Browser.
  • Use a trusted, paid VPN service and install an app that warns when your device has been jailbroken. Some AV apps will also perform this check.
  • GrapheneOS: It is also recommended that individuals who suspect a Pegasus infection make use of a secondary device, preferably running the Android-based GrapheneOS, for secure communication.

How do I keep spyware and stalkerware off my device?

Unfortunately, no mobile device is completely protected against the scourge of spyware. However, we have provided some tips below to mitigate the risk of future infections:

  • Protect your device physically: Your first line of defense is to maintain adequate physical controls. Modern smartphones allow you to set PIN codes and patterns or use biometrics, including fingerprints or retina scans, to prevent your handset from being physically tampered with.
  • Update your operating system: When updates are available, install them promptly. They contain security fixes and patches and are one of the most important defenses against malware.
  • Use antivirus software: Mobile antivirus solutions can detect and remove spyware. Running frequent scans will help protect your handset.
  • Only download apps from official sources: Most spyware and malware are found outside Google Play and the App Store, so be cautious about installing apps from third-party websites.
  • Enable app security: Enable built-in scanners that check any new app installs. On Android, you can find this setting in Security and privacy > App security.
  • Check permissions: You should monitor what permissions have been issued to what apps, and when. On Android, this can be found in Security and privacy > Permission manager. If you haven’t used an app for a while that has extensive permissions, consider deleting it. If any apps appear more intrusive than necessary, remove them.
  • Watch out for malicious links: Mobile malware is often spread through phishing and malicious links on platforms such as social media services. These links may urge you to download apps from outside of Google Play or the App Store and may be disguised as everything from antivirus software to streaming services.
  • Do not jailbreak your device: Jailbreaking not only voids your warranty but can also allow malicious apps and software to have a deep foothold in your operating system, which may make removal extremely difficult or impossible.
  • Enable multi-factor authentication (MFA): When account activity and logins require further consent from a mobile device, this can also help protect individual accounts. (However, spyware may intercept the codes sent during 2FA protocols.)

Also: 5 ways to avoid spyware disguised as legit apps – before it’s too late

Are parental control or employee monitoring apps spyware?

There are cyberthreats around every corner online, and while children often want a smartphone and to be on social media at a young age, parents want to be able to monitor what they are viewing and who they are interacting with online in order to protect them.

This is a responsible position to take in itself, but at their core, parental control apps are designed for surveillance — as can some “employee productivity” apps.

The main issue is the potential for abuse, turning what may have been a product developed with good intentions into invasive software used for purposes beyond protecting a minor or ensuring employee time is used wisely.

Also: The best parental control apps of 2025

A balance between a right to privacy and protection has to be maintained, and it’s a difficult tightrope to walk. With this in mind, both Apple<!–> and Google have introduced parental controls for Android devices, Chromebooks, iPhones, and iPads. These platforms focus on restricting screen time, locking and unlocking devices, and features such as permissions list management, restricting web content and app downloads, and purchase approvals.

However, they are limited in scope, and you may not be able to use them once a child reaches a certain age – and at this point, you should consider, anyway, whether or not you should still monitor them so closely.

Regarding employee monitoring apps, I do not recommend installing them on your personal handset. If your employer insists on them, then they should issue you a laptop and phone for work purposes only.

Does a factory reset remove spyware?

If all else fails, factory reset… or junk it. Performing a factory reset and clean install on the device you believe is compromised may help eradicate some forms of spyware and stalkerware – but not always.

Also: This silent Android feature scans your photos for ‘sensitive content’ – how to disable it

However, make sure to back up important content, such as photos, first. On Android platforms, the reset option is usually found under Settings > General Management > Reset > Factory Data Reset. On iOS, go to Settings > General > Transfer or Reset Phone.

Google’s guide to factory resetting your device can be found here, and Apple has also provided instructions–> on its support website.

Unfortunately, some stalkerware services may survive factory resets. So, failing all of that, consider restoring to factory levels and then throwing your device away.

What are Google and Apple doing to protect devices?

Google and Apple are generally quick to tackle malicious apps that manage to avoid the privacy and security protections imposed in their respective official app stores.

Also: Apple’s iPhone 17 has a big anti-spyware upgrade built in – here’s what it can do

Google has banned stalkerware ads, and the firm’s Threat Analysis Group is constantly publishing research on new commercial spyware strains and their potential targets. Google researchers frequently cover the privacy and security concerns posed by mobile spyware, and they are the authors of investigative reports warning of the dangers of the commercial spyware industry.

Also: How to use iPhone’s Security Keys feature to protect your Apple ID

Apple has cracked down on parental control apps, citing privacy-invading functions as the reason for removal. The company offers its own parental device control service called Screen Time for parents who want to limit their child’s device usage. Furthermore, the company does not allow sideloading<!–> – that is, the installation of third-party apps from sources other than Apple’s App Store – and is quick to remove any iOS apps that display privacy-eroding functionality.

Get the morning’s top stories in your inbox each day with our Tech Today newsletter.

I hope you’ve found ZDNET’s guide on removing spyware from your smartphone useful. Consider checking out ways to remove yourself from the internet and our recommended data brokers of 2025.

–>

Source: Robotics - zdnet.com

Motorola’s next Moto G series may deliver 2026’s best phone value – check availability

The Apple Watch SE 3 just got its first discount – here’s where to buy one