Phone Spyware Detection and Removal

If you are searching for how to tell if my phone is being monitored, you are probably already living with a horrible feeling: a partner who knows things they should not know, messages that seem to have been read, a sense of being watched through the one device you carry everywhere. First, take a breath. That feeling deserves to be taken seriously, it can be investigated properly, and whatever is found can be dealt with safely. Spy and Monitor provides professional spyware and stalkerware detection and removal for phones you own. We examine your device with your consent, tell you in plain language whether monitoring software or a tracking method is present, preserve the evidence if you may need it for police or court, remove the threat, and lock down the accounts around it. This page explains the real warning signs, how spyware actually gets installed, the differences between iPhone and Android, what you can safely check yourself, why you should not factory reset before reading the section on evidence, and exactly how our service works.

One thing before anything else. If the person you suspect is a current or former partner and you fear how they might react, be careful about researching this on the phone in question, because a monitored device may show them your searches. Where possible, use a friend's device or a library computer to read pages like this and to contact us.

Warning signs your phone may be monitored

No single symptom proves spyware. Phones are complicated, batteries age, and operating system updates cause odd behavior all the time. What matters is a pattern, especially when technical symptoms line up with human ones. Here are the signs worth paying attention to.

• Battery draining much faster than before. Spyware that records, uploads, and tracks location runs constantly in the background and consumes power. Caveat: an aging battery, a new OS version, or a misbehaving legitimate app causes exactly the same symptom, so treat this as one data point, not proof.
• The phone runs warm when you are not using it. Background recording and uploading generate heat. Again, so do photo backups and app updates, so look for warmth that is persistent and new.
• Mobile data usage you cannot explain. Surveillance software has to send what it collects somewhere. Check your data usage screen for apps consuming data you do not recognize, or a sharp unexplained rise in total usage.
• Strange text messages containing random characters, codes, or symbols. Some older spyware tools were controlled by specially formatted SMS commands, and a malformed one occasionally lands in the inbox.
• Settings that changed on their own. Unknown apps appearing, a screen lock that was removed or changed, accessibility services enabled for apps you never approved, or on iPhone a configuration profile you never installed.
• The phone is slow to shut down, lights up when idle, or makes faint noises on calls. Weak signals on their own, but worth noting in a pattern.
• The strongest sign is not technical at all: someone knows things they could only know from your phone. They quote private messages, show up where you are, or reference conversations that happened in one app. When a person's knowledge tracks your device activity, take it seriously even if every technical check looks clean.

Be honest with yourself about false positives, because anxiety can turn every glitch into confirmation. A professional examination exists to replace fear with a clear answer either way. Many clients are relieved to learn their phone is clean and the explanation lies elsewhere, such as a shared iCloud account or a compromised email password, which we also find and fix.

How spyware and stalkerware actually get installed

Hollywood suggests that anyone can silently hack any phone from anywhere. The reality is narrower, and understanding it helps you assess your own risk. In practice, consumer spyware and stalkerware reach a phone through a small number of routes. We cover the broader attack landscape in our guide to the five common methods used in phone hacking, but for monitoring specifically, these are the ones that matter.

• Physical access. By far the most common route. Someone who knows or can guess your passcode takes your phone for a few minutes, often while you sleep or shower, and installs a hidden app. Almost all stalkerware cases in domestic situations start exactly this way.
• iCloud or Google credential abuse. On iPhone especially, an abuser who knows your Apple ID password does not need to touch the phone at all. Services exist that pull your backups, messages, photos, and location directly from iCloud. The phone itself stays clean, which is why a spyware scan alone can miss this kind of monitoring entirely.
• Sideloaded apps on Android. Android allows installation of apps from outside the Play Store. Commercial stalkerware is distributed this way, installed during physical access, then disguised with an innocent name and a generic icon such as "Device Health" or "System Service".
• MDM profile abuse. Mobile device management profiles are designed for companies to manage work phones. Installed on a personal phone, a profile can grant sweeping visibility and control. Some abusers enroll a partner's phone in an MDM service for precisely this purpose.
• Parental control apps misused against adults. Many monitoring apps are sold legitimately for supervising a minor child's device. The same software installed on an adult partner's phone without consent is stalkerware, whatever the marketing says, and using it that way is illegal in most jurisdictions.

Notice what is mostly absent from that list: silent remote infection of a fully updated phone with no interaction from anyone. That class of attack exists, but it is rare, expensive, and aimed at journalists, dissidents, and executives. If someone had your phone in their hands, knows your passcode, or knows your Apple or Google password, those are the routes to examine first.

iPhone vs Android: how monitoring differs

The two platforms fail in different ways, and knowing which one you carry changes both the symptoms and the checks.

iPhone: the jailbreak myth and the iCloud reality

Apple's locked-down design means traditional spyware apps generally cannot be installed on an iPhone unless the device is jailbroken, which is difficult on modern iOS, breaks easily with updates, and leaves traces a professional can find. So when someone claims they can put spy software on any iPhone remotely, they are almost always lying, and usually trying to scam the buyer. We wrote about exactly this scam pattern in our breakdown of "spy on an iPhone with just the number" offers.

The real iPhone risk is different: iCloud-based monitoring. If someone has your Apple ID and password, they can sync your messages, photos, notes, and location to their own devices, read your backups through third-party services, or quietly enable Family Sharing location features. They can also simply log into your iCloud on a spare device and watch everything mirror across. None of this requires touching your phone, and none of it shows up as a suspicious app. It shows up as unfamiliar devices in your Apple ID device list, unexpected Family Sharing members, and forwarding rules you never created. This is where our examination spends much of its time on iPhones.

Android: sideloaded apps and accessibility abuse

Android's openness is a strength that stalkerware exploits. A sideloaded APK installed during a few minutes of physical access can hide its icon, rename itself to look like a system component, and grant itself broad powers. The two permissions that matter most are accessibility services, which let an app read everything on screen and capture keystrokes, and device administrator rights, which make an app hard to uninstall. Commercial stalkerware uses both, and both leave fingerprints: an audit of which apps hold those privileges, arrived outside the Play Store, or consume data and battery out of proportion to their purpose usually exposes them.

What you can safely check yourself

If you do not believe you are in physical danger from the person who may be monitoring you, there are first steps you can take on your own. If you are in danger, skip to the evidence section below before changing anything, because sudden changes can alert an abuser and destroy proof.

1. On iPhone, run Safety Check. Go to Settings, then Privacy and Security, then Safety Check. Apple built this feature specifically for people in abusive situations. It shows who you are sharing information with, which devices are signed into your Apple ID, and lets you review or reset everything in one guided flow.
2. Review your Apple ID devices and sharing. In Settings, tap your name and scroll through every device listed. Remove anything you do not recognize. Check Family Sharing and the Find My app for sharing you did not set up.
3. On Android, run Google Play Protect. Open the Play Store, tap your profile icon, then Play Protect, then Scan. It detects many known stalkerware families, though not all, especially apps installed from outside the store.
4. Audit permissions. On Android, check Settings, then Accessibility, and question every app listed there. Then check device admin apps under security settings. On both platforms, review which apps have access to location, microphone, and camera, and revoke anything you cannot explain.
5. Look for unknown profiles. On iPhone, go to Settings, then General, then VPN and Device Management. A configuration or MDM profile you did not install is a serious red flag.
6. Check account access elsewhere. Look at your Google account's device list and security events, your email forwarding rules, and recovery phone numbers and addresses on every major account. Monitoring often happens at the account level, not the device level.

The factory reset question

A factory reset removes almost all spyware, and it is tempting to just wipe the phone and move on. Before you do, understand three tradeoffs. First, a reset destroys the evidence, which can matter enormously if you later need a protective order or criminal charges, as the next section explains. Second, a reset does not fix account-level monitoring: if someone knows your iCloud or Google password, they will be reading your data again the moment you restore and sign in. Third, restoring from a backup made while the spyware was installed can, in some cases, bring settings or profiles back with it. A wipe is the right final step in many cases, but it should be the last step in a sequence, not the first move made in panic.

Why evidence preservation matters before you wipe anything

This is the part most articles skip, and it is the part that matters most for people in abusive relationships. Installing spyware on another adult's phone without consent is a crime in virtually every developed jurisdiction, and evidence that it happened can be decisive in restraining order hearings, custody disputes, and criminal prosecutions. Courts have repeatedly accepted forensic findings of stalkerware as evidence of a pattern of coercive control. But that only works if the evidence still exists.

The moment you delete the app, reset the phone, or even change passwords in a way that tips off the person monitoring you, you may lose the ability to prove what was done to you. Proper handling means forensically imaging the device first, documenting what was installed, when, by which account, and what data it sent where, in a written report prepared so that it can be presented to police, a lawyer, or a court. This is digital forensics, and it is the foundation our service is built on. If you want to understand the discipline more deeply, read our explainer on what digital forensics is and when you need it, or see our dedicated digital forensics investigation service for cases that go beyond a single phone.

Our rule of thumb for clients: if there is any chance you will want legal protection from the person who did this, preserve first, remove second. We can do both in the right order.

How our phone spyware detection and removal service works

Everything we do is consent-based and performed on a device you own or are legally authorized to have examined. Here is the process from first contact to a secured phone.

1. Confidential intake. You tell us what you are experiencing, on a channel that is safe for you, and together we assess whether the device may be monitored, whether you are in danger, and whether evidence matters in your case. The conversation is private and judgment-free.
2. Ownership and authorization check. We confirm the device is yours or that you are legally authorized over it, such as a parent with a minor child's phone or a company examining its own corporate device. This is non-negotiable, and it protects you as much as us.
3. Forensic examination. We analyze the device for known stalkerware and spyware families, sideloaded apps, abused accessibility and device admin permissions, suspicious configuration and MDM profiles, jailbreak or root traces, unusual network connections, and the account-level signals that on-device scans miss: unfamiliar devices on your Apple or Google account, forwarding rules, sharing settings, and recovery details that have been altered.
4. Written findings report. You receive a clear report stating what was found or that the device is clean, how any monitoring was being carried out, and since when. If evidence matters in your case, the examination is documented to a standard suitable for police and legal proceedings.
5. Safe removal. We remove the spyware, profiles, and rogue permissions, or guide a clean reset and rebuild where that is the safer route, sequenced so that evidence is preserved first and the person monitoring you learns as little as possible from the change.
6. Account lockdown. Device cleanup without account cleanup is half a job. We rotate passwords from a known-clean device, evict unknown sessions and devices, set up phishing-resistant two-factor authentication, and repair recovery settings. If an account has already been taken over, our account recovery service takes it from there.
7. Safety planning and onward referral. For clients dealing with domestic abuse, removal can change an abuser's behavior, sometimes dangerously. We time the cleanup around your safety, and we can refer you to domestic violence advocates who specialize in technology-facilitated abuse. If you want police involved, we coordinate, hand over evidence properly, and explain the findings to investigators in plain language.

Hidden physical trackers: AirTags, GPS units, and tracker stalking

Not all tracking lives inside your phone. Bluetooth trackers such as Apple AirTags, Samsung SmartTags, and Tile devices are cheap, tiny, and routinely misused to follow people. A tracker dropped into a bag, sewn into a coat lining, or magnetically attached inside a car's wheel well reports your location continuously. Modern iPhones and Androids warn you when an unknown AirTag or compatible tracker is moving with you, and both platforms include a manual scan, but the alerts are imperfect and hardwired GPS units on vehicles trigger no alert at all. If you receive a tracker warning, keep encountering the same person everywhere, or suspect your car, tell us. Physical tracker sweeps of vehicles and belongings are part of this service, and a found tracker is powerful evidence: police can tie its serial number to the owner's account.

Is it legal? What the law says about phone monitoring

The law here is clearer than most people expect.

• Installing spyware on another adult's phone without their consent is illegal in the United States, the United Kingdom, the European Union, and most other jurisdictions, typically under computer misuse, wiretapping, or stalking statutes. It does not matter that the person is your spouse, that you pay the phone bill, or that you suspect infidelity. Courts have convicted people for exactly this.
• Employers may monitor company-owned devices, generally with disclosure, and the rules vary by country and state. Covertly monitoring your personal phone is another matter entirely. If you carry a work phone, assume it is managed and keep your personal life off it: an MDM profile is normal on a corporate device and a red flag on your own.
• Parents may lawfully supervise a minor child's device in most places, openly and proportionately. The same software pointed at an adult is a different legal universe.
• Our own boundary is absolute. We examine devices the client owns or is legally authorized over, full stop. We do not sell, install, or configure monitoring tools, we do not help anyone spy on a partner, employee, or any other adult, and we decline every request to do so, however it is framed. A company whose name is Spy and Monitor exists to protect the people on the receiving end of spying and monitoring. That is the entire point.

Prevention: hardening your phone after cleanup

Once your device and accounts are clean, a few habits make reinfection genuinely difficult.

• Use a strong passcode that the people around you do not know, change it if anyone may have seen it, and prefer a six-digit or alphanumeric code over a four-digit one.
• Turn on two-factor authentication for your Apple or Google account and your email, using an authenticator app or hardware key rather than SMS where possible. This single change blocks the iCloud-style monitoring route almost completely, and it is the simple change we urge in our guide to why your phone is a goldmine for attackers.
• Never share your Apple ID or Google password with anyone, including a partner. Use family sharing features for the things you genuinely want to share.
• On Android, leave installation from unknown sources disabled and periodically review accessibility and device admin lists.
• On iPhone, periodically open Safety Check and your Apple ID device list; it takes two minutes.
• Keep the operating system updated, and treat any request to hand over your unlocked phone or accept a profile with suspicion.

What it costs

A standard single-phone examination, including the account-level review, findings report, removal, and lockdown, is a fixed, affordable fee that we quote before any work begins. Cases that require court-ready forensic preservation, multiple devices, or a vehicle and belongings sweep for physical trackers are quoted individually after the intake conversation, always as a fixed price, never an open-ended meter. If we find nothing, you still receive the full written report and hardening, because a documented clean bill of health has real value. And if your situation can be resolved with the free built-in tools described above, we will say so honestly during intake.

Why choose Spy and Monitor

Plenty of apps promise a one-tap spyware scan, and plenty of websites promise the opposite service, spying on others, which is illegal and almost always a scam. We occupy the position that actually helps: experienced examiners who check the device and the accounts around it, who treat frightened clients with patience and discretion, who preserve evidence to a standard police and courts can use, and who finish by making the phone hard to compromise again. You get a definitive, documented answer and a plan, whether that answer is "you were being monitored, here is the proof, and it is gone" or "your phone is clean, and here is what explains what you noticed". Either way, you stop guessing. Contact us confidentially, from a safe device if you have any doubt about your own, and we will take it from there.

One last warning: if you suspect spyware, do not contact a hacker from an ad to "counter-hack" the person spying on you. Hackers for hire ads prey on exactly this fear, and retaliation is a crime even against your stalker. Our certified ethical hackers for hire work on your side of the line: finding the spyware on your own device, removing it safely, and preserving the evidence that holds the installer accountable.