Consumer-grade spyware applications pose a significant risk to Android users, surreptitiously monitoring private messages, photos, phone calls, and real-time locations. These invasive tools often masquerade as child monitoring or family tracking software, yet they are more accurately labeled as “stalkerware” or “spouseware,” given their potential to surveil partners without consent. Typically downloaded from sources outside of the Google Play Store, these apps can be stealthily installed on a device, often vanishing from the home screen to evade detection.
Stalkerware exploits built-in Android features that are generally intended for legitimate purposes, such as remote management of work devices or accessibility functions. Users may notice unusual behavior on their phones, including excessive heat, sluggish performance, or unexpected data usage, even when the device is not actively in use.
Before you start
Establishing a safety plan and having trusted support is crucial before attempting to remove spyware. It is important to recognize that the act of removing the spyware could alert the individual who installed it, potentially leading to unsafe circumstances. The Coalition Against Stalkerware offers valuable resources and guidance for those affected by such invasive technologies.
This guide focuses solely on identifying and removing spyware applications; it does not erase any data that may have already been collected and transmitted to external servers. Additionally, variations in Android versions may result in differing menu options. As with any advice, proceed at your own discretion.
Make sure Google Play Protect is switched on
Google Play Protect serves as a vital line of defense against malicious apps on Android devices. This security feature scans applications downloaded from both the Google Play Store and external sources for signs of harmful activity. To ensure that Play Protect is functioning effectively, users should verify that it is enabled through the Play Store app settings and perform a scan for harmful applications if one has not been conducted recently.
Check if accessibility services have been changed
Stalkerware often takes advantage of Android’s accessibility mode, which is designed to provide broader access to the operating system for assistive technologies. Users who do not utilize accessibility features should not see any unfamiliar apps listed in this section of their settings. If an unrecognized service appears, it may be prudent to disable it and remove the associated app, as stalkerware frequently disguises itself under innocuous names such as “Accessibility” or “Device Health.”
Check any app access to notifications
Android allows third-party applications to access incoming notifications, which can be exploited by stalkerware to monitor messages and alerts. Users can review which apps have notification access by navigating to the Special app access settings. Any app that appears unfamiliar should have its notification access revoked.
Check if a device admin app is installed
Another common tactic employed by stalkerware is the misuse of Android’s device admin features, which grant extensive access to user data. Typically used by companies for managing employee devices, these features can also enable stalkerware to surveil the device’s activity. Users should check the device admin app settings under Security and remain vigilant for any unrecognized applications.
Check the apps to uninstall
Even if stalkerware apps do not display icons on the home screen, they will still be listed among the installed applications. Users can access the complete list of apps through the settings menu, looking for any unfamiliar entries that may have broad access to sensitive data such as calendars, call logs, and location information. Uninstalling these apps may trigger alerts to the individual who installed them, indicating that the spyware has been compromised.
Secure your device
If spyware has been discovered on a device, it is likely that the phone was previously unsecured or that the screen lock was easily guessed. Strengthening the lock screen password can enhance security, and utilizing two-factor authentication for email and other online accounts is highly recommended.
If you or someone you know needs help, the National Domestic Violence Hotline (1-800-799-7233) provides 24/7 free, confidential support to victims of domestic abuse and violence. In an emergency, please call 911. The Coalition Against Stalkerware offers resources for those who suspect their phone may be compromised by spyware.
