Stalkerware is covert monitoring software that someone installs on your phone, usually a partner, ex, or family member who had physical access to the device for a few minutes. It hides itself, then quietly forwards your messages, location, calls, and photos to whoever set it up. This guide explains what stalkerware is, the signs that point to it, how to check an iPhone or Android, and how to remove it in a way that keeps you safe.
Read the safety note first. If you think someone abusive is watching you, removing the app too fast can warn them and escalate the situation. Plan before you act.
What stalkerware is and how it differs from normal apps
Stalkerware is a category of app built to spy on a specific person without their knowledge. It is different from the parental controls or device finders you opt into and can see. The defining traits are that it runs in the background, hides its own icon, and reports your activity to a remote account.
Installation almost always needs hands on the phone. Someone unlocks your device, turns off a security setting, sideloads an app or signs in to a hosted account, then hands it back looking normal. On iPhone the data can also flow through stolen iCloud credentials instead of an installed app, which matters for how you check.
This is a close cousin of identity attacks like SIM swapping, where the goal is also silent access to your private life. The difference is that stalkerware usually comes from someone you know, which is what makes it both common and dangerous.
The danger of stalkerware is not only the spying. It is that the person watching is often close enough to react if they think they have been caught.
The warning signs of stalkerware on your phone
No single sign proves anything. Look for a cluster of these together, especially if they started after someone else handled your phone.
- Battery drain. The phone dies much faster than it used to, with no new heavy app to explain it.
- The phone runs warm when you are not using it, because tracking and uploading keep working in the background.
- Data spikes. Your mobile data use jumps for no clear reason, since recordings and location logs get sent out.
- Unknown profiles or admin apps. A configuration profile, VPN, or device admin app you do not remember adding.
- The other person knows too much. They reference private messages, plans, or places you never told them about.
- Settings changed. Security toggles are off, or a feature you locked is suddenly open.
Context is the strongest signal. If these started right after a breakup, a fight, or a moment when your phone left your sight, take them seriously.
How to check an iPhone
iPhones are harder to load with hidden apps, so checks focus on profiles, account access, and sharing settings.
Look for configuration profiles and device management
Open Settings, then General, then VPN and Device Management. A personal iPhone should normally show nothing here. A profile you do not recognize can force the phone to route data or accept monitoring, so treat an unexpected one as a red flag.
Check who can see your location and account
- In
Find My, review the people listed underShare My Locationand remove anyone you did not intend. - In
Settingsat the top, tap your name, then check the device list. Sign out any device you do not own. - Change your Apple ID password and turn on two factor authentication so stolen credentials stop working.
Update iOS
Installing the latest iOS update removes many monitoring tricks that rely on older software, and it is a safe first move that looks routine.
How to check an Android phone
Android allows app installs from outside the store, so hidden apps are more common here.
Review device admin apps and accessibility
Open Settings, then Security, then Device admin apps. Stalkerware often asks for admin rights so it cannot be deleted easily. Also check Settings, then Accessibility, because spying tools abuse accessibility permissions to read your screen and log what you type.
List every installed app
Go to Settings, then Apps, and show system apps. Look for names that sound generic, like “System Service”, “Update”, or “Sync”, that you cannot match to anything real. Check Settings, then Apps, then Special app access, and review which apps can install other apps or use data in the background.
Turn on Play Protect
Open the Play Store, tap your profile, then Play Protect, and run a scan. It will not catch everything, but it flags many known monitoring apps.
How to remove stalkerware safely
Removing the app is the easy part. Doing it without putting yourself at risk is the part that needs a plan.
Plan before you act if you may be in danger
Many of these tools alert the person watching when monitoring stops. If that person could hurt you, do not pull the app first. Use a safer device, a friend’s phone or a public computer, to reach a domestic abuse helpline and make a plan. In the United States you can contact the National Domestic Violence Hotline. The Coalition Against Stalkerware lists support organizations in other countries. Talk to them before you change anything.
Steps once you have a plan
- Document first. Take photos or screenshots of the suspicious apps, profiles, and settings, stored somewhere the other person cannot reach.
- Change passwords from a clean device. Update your Apple ID or Google account, email, and bank logins, then turn on two factor authentication.
- Remove the admin right, then the app. On Android, revoke device admin and accessibility access for the app first, then uninstall it.
- Delete unknown profiles on iPhone and sign out unfamiliar devices from your account.
- Update the operating system to close the door the tool used.
- The full reset. A factory reset, followed by setting the phone up as new rather than from a recent backup, is the most reliable way to clear hidden monitoring.
One honest warning. Do not use any of this to spy on another person. Installing monitoring software on someone else’s device without consent is illegal in many places and is exactly the harm this article exists to stop.
Keep the door shut afterward
After you are clean, lock the phone with a passcode only you know, turn off installs from unknown sources on Android, and review your accounts every few months. Privacy is a habit, not a one time fix. For more plain explainers on protecting your accounts and devices, see the blog.
Threats like this work by hiding and by exploiting trust, the same way the subtle logic bugs an autonomous security researcher is built to find hide inside an app. If you want to know what we are building toward, read more about our work.
Frequently asked questions
What is stalkerware?
Stalkerware is covert monitoring software that someone installs on another person’s phone, usually with physical access, to track location, messages, calls, and activity without consent. It hides itself and reports back quietly, which is what separates it from open parental or workplace tools.
What are the signs of stalkerware on a phone?
Watch for faster battery drain, a phone that runs warm while idle, unexpected data spikes, and settings that change on their own. On Android, check for an unknown device admin app or a profile you did not add. On iPhone, review configuration profiles and any account you do not recognize.
Can stalkerware be installed remotely?
On a normal, updated phone, most stalkerware needs brief physical access and your passcode to install. Fully remote installs are rare and usually require the device to be already compromised, so guarding your passcode and keeping the phone updated removes most of the risk.
How do I remove stalkerware safely?
If you are in an unsafe situation, read the safety note first, because removing the app can alert the person watching. When it is safe, update the operating system, run a reputable security scan, remove unknown admin apps or profiles, and as a last resort back up your data and reset the device.
Where can I get help if I think I am being monitored?
Contact a domestic abuse helpline before you change anything, since they can help you plan a safe next step. They understand that removing stalkerware can escalate a situation, so reaching out first protects you better than acting alone.
Put an autonomous researcher on your own systems
UnboundCompute is an autonomous security researcher that reasons about how an application fits together and proves the access control and injection bugs it finds. We are opening a small number of founding design partner seats: private early access pointed at a staging target you choose, a say in what it looks for, and founding pricing. If your team ships software worth pressure testing, apply to the design partner program.
