Security

Detecting spyware on your phone: Android and iPhone

## Who this guide is for

Detecting spyware on your phone

Who this guide is for

This guide is for people who suspect their phone may be monitored and want a structured first check before taking irreversible action.

It fits especially:

readers noticing unusual phone behavior and wanting to investigate before resetting
stalking, coercion, or relationship-surveillance situations where evidence may matter
anyone who wants to separate warning signs from proof before acting

What you gain, and what it costs

If you work through the checks here, you usually gain:

a better sense of whether there are real indicators of monitoring
a safer sequence for checking a device before erasing it
a better chance of preserving useful evidence if the situation escalates

What it costs:

time and emotional energy
the possibility that you find ambiguity rather than certainty
the discipline not to jump straight to a factory reset if preserving evidence matters

When this is overkill

If you just want a clean device and there is no legal, safety, or evidence concern, a full reset may still be the simplest answer. Not every case needs a quasi-forensic process.

If you are in a high-risk stalking or domestic-abuse situation, this guide is not enough by itself. Then the order of operations matters as much as the technical checks.

You suspect your phone is being monitored. What do you do?

The most aggressive option — a factory reset — effectively removes spyware, but also destroys forensic evidence that may be important later. And it’s irreversible. Before taking that step, there are concrete checks to see what’s actually on your device.

Important for stalking and domestic violence situations: If your safety is at risk, consult a domestic violence helpline or the police before taking action. A factory reset can destroy forensic evidence needed for a police report.

Signs that suggest monitoring

These are indicators — not proof on their own, but together they’re reason to investigate further:

Battery draining faster than usual without a clear reason
Phone getting warm while you’re not actively using it
Data usage higher than expected (check per app)
Phone has become slower without an update or new apps
Screen lighting up, or you hear clicks, while the phone is idle
Apps installed that you don’t recognise
Someone knows things you only had on your phone

Android: how to check your phone

Step 1 — View data usage per app

Go to Settings → Network → Data usage (exact path varies by manufacturer).

Look for apps consuming unusually large amounts of data while you’re not using them. A background app sending hundreds of megabytes per week is a red flag.

Step 2 — Privacy Dashboard

Android 12 and higher has a Privacy Dashboard:

Settings → Privacy → Privacy Dashboard

This shows a 24-hour timeline: which app accessed your camera, microphone, location, and contacts, and when. Go through the list:

Do you see an app that used your microphone or camera while you didn’t have it open?
Do you see an app that requested location in the middle of the night?

Tap the app for details.

Step 3 — Check permissions per app

Settings → Apps → [app name] → Permissions

Or view it in reverse: Settings → Privacy → Permission manager — shows per category (microphone, location, camera) which apps have access.

Revoke permissions from apps that have no legitimate reason to have them.

Step 4 — Apps with device administrator rights

Some spyware installs itself as a device administrator — this gives it extended permissions and makes it harder to remove.

Settings → Security → Device admin apps (or Device administrator)

Don’t recognise an app listed here? That’s a problem. Revoke the rights and uninstall the app.

Step 5 — Unknown apps

Settings → Apps → Show all apps

Scroll through the full list. Do you recognise everything? Apps with generic names (“System Service”, “Phone Helper”) that you didn’t install yourself are suspicious.

Step 6 — Install from unknown sources

Settings → Apps → Special app access → Install unknown apps

If a browser or file manager has permission to install apps that you didn’t grant, software could have been installed via that route.

iPhone (iOS): how to check your phone

Commercial spyware on iPhone (such as Pegasus) typically requires a zero-click exploit — not something anyone can just install. Stalkerware on iPhone is less common but does exist, especially if someone has had physical access to your phone.

Step 1 — App Privacy Report

Settings → Privacy & Security → App Privacy Report → Turn On App Privacy Report

After building up for a few hours, this shows a 7-day log: which app used your location, microphone, camera, or contacts, and when. Look for access that falls outside normal usage times.

Step 2 — Check location access

Settings → Privacy & Security → Location Services

Check which apps have “Always” access. Apps that can continuously read your location are a potential leak — even without active spyware.

Step 3 — Configuration profiles

This is the most direct way to install stalkerware on iPhone. If someone had your phone and installed a configuration profile, they can push apps and certificates.

Settings → General → VPN & Device Management

Do you see a profile here that you don’t recognise or didn’t install yourself? Tap it → remove the profile.

Step 4 — Check iCloud access

If someone knows your Apple ID password, they can see your location, messages (if iCloud sync is on), and photos via iCloud — without any software on the phone.

Settings → [your name] → Find My → Share My Location

Also check: Settings → [your name] → Devices — do you recognise all devices linked to your Apple ID?

Change your Apple ID password and two-factor authentication from a clean device if you’re unsure.

Step 5 — Enable Lockdown Mode (for high-risk situations)

If you suspect you’re a target of advanced spyware (Pegasus-level):

Settings → Privacy & Security → Lockdown Mode → Turn On Lockdown Mode

This significantly reduces the attack surface. See iPhone privacy settings for what Lockdown Mode does.

After the check: what are your options?

If you find nothing suspicious: The signals may have another explanation such as battery wear or a poorly optimized app. Consider strengthening your baseline settings. If you started this check because of stalking or domestic violence, go back to the stalking safety profile for the next steps.

If you find something suspicious:

Document what you found (screenshot, note on paper)
Remove suspicious apps and revoke permissions
Change passwords from a clean device (a device the suspected person has never touched)
If the situation involves stalking or domestic violence: consult a helpline before doing a factory reset — a reset destroys forensic evidence

If you want to be certain: A factory reset removes everything including spyware. But prepare first:

Back up your contacts and photos from a safe environment
Consult a helpline or police if making a report is an option
Then reset

Commercial stalkerware vs advanced spyware

Stalkerware (FlexiSpy, mSpy, Hoverwatch): requires physical access to the phone and manual installation. Detectable via the steps above — it’s actually installed as an app, needs permissions.

Advanced spyware (Pegasus, Predator): zero-click exploits, no visible installation, self-deletes. Detection requires forensic analysis with tools like MVT (Mobile Verification Toolkit) from Amnesty Tech. If you suspect you’re a target of state-level surveillance, contact the Access Now Digital Security Helpline — free help for threatened journalists and activists.

Next step

Profiles

Profile: stalking and domestic violence — if this suspicion is tied to monitoring, control, or personal danger
Profile: journalist or activist — for high-risk threats

Go further

iPhone privacy settings — Lockdown Mode and App Privacy Report
Android privacy without custom ROM — baseline security on stock Android

← Back to guides