What is stalkerware? (and how to detect it)

What is stalkerware? Stalkerware is a dangerous form of spyware used for covert phone monitoring. It allows someone to secretly track your texts, location, photos, and even use your camera or microphone. Stalkerware runs as a hidden app, often avoiding spyware detection. You’ll need to watch for signs like battery drain or unusual phone behavior.

In this guide, we will explain how to check for hidden apps and increased data usage. We’ll show you how to check Android device administrator permissions for stalkerware, and how to use a trusted antivirus for stalkerware detection.

We’ll discuss why removing stalkerware could alert your abuser. And why we recommend preserving evidence before you remove stalkerware, so that you can press charges or get legal support.

Continue reading for device security, account protection, and online safety tips, including why strong passwords and two-factor authentication are crucial in preventing stalkerware.

How does stalkerware work?

Stalkerware is an application secretly installed on a smartphone, tablet, or computer. It monitors your activities and can track your location through your phone’s GPS.

Digital stalking represents one of the most serious forms of privacy invasion. It’s often used in cases of domestic abuse via technology, and is extremely hard to detect. If you suspect your device is compromised, this guide can help. We’ll explain how to detect stalkerware on Android devices and what to do if your partner installed stalkerware on your device.

Android stalkerware is more prevalent, particularly on rooted Android devices, such as phones and tablets. If someone has had physical access to your phone, stay alert. Another growing concern is stalkerware pre-installed on a gifted phone or tablet; a tactic often used by abusive partners to monitor loved ones.

iPhone stalkerware is almost impossible to install unless you have a jailbroken iPhone. That said, attackers have been known to spy on iPhones using iCloud backup monitoring – a sneaky method that spyware detection tools often miss.

Warning: Uninstalling stalkerware without a safety plan could alert your abuser. Always seek expert advice if you are concerned that you could be at risk of physical harm.

What are the most common types of stalkerware?

Stalkerware apps come in many forms, but they all serve the same purpose: to secretly monitor your device activity. Some stalkerware apps even send alerts when you arrive at or leave specific locations. Most of these apps are designed to stay hidden, avoid detection as spyware, and pass themselves off as harmless system tools or utilities.

Here are some of the most common types of stalkerware:

• GPS trackers: Monitor your real-time location and travel history.
• Keyloggers: This is a dangerous form of spyware that records everything you type, including passwords, messages, searches, and financial information such as credit or debit card numbers.
• Call and SMS loggers: Capture call logs, text messages, and sometimes even recordings.
• Photo and video access tools: These allow the abuser to browse or download your photos and videos remotely.
• Ambient recording apps: These can be used to turn on your microphone or camera without your knowledge.
• Clipboard sniffers: This is a type of spyware that logs anything you’ve copied to your clipboard. It creates an easy way for hackers to gain access to sensitive information such as passwords.
• iCloud and Google account snoopers: Hackers use these to access synced data, including emails, photos, and backups.

Stalkerware and spyware applications are usually sourced from dodgy app repositories or the dark web. They are normally installed manually when the abuser gains physical access to your phone. However, they could also be delivered through phishing emails, social media messages, or even SMS messages that contain dodgy links or attachments.

Nefarious apps you should uninstall if you find them:

• mSpy
• FlexiSPY
• Cocospy
• Spyzie
• KidsGuard Pro
• Hoverwatch
• eyeZy
• XNSpy
• iKeyMonitor
• uMobix
• TheTruthSpy
• Spyera

Can legitimate apps be used to track me?

Yes. Even legitimate apps that are marketed as “parental control” or “employee monitoring” tools can potentially be repurposed for digital stalking. These apps sometimes include features like GPS tracking, call logs, text message monitoring, browser history access, and even microphone or camera activation.

Here are examples of apps that seem innocent, but could be misused:

If you spot any of these apps on your phone and can’t find a valid reason for the app to be there, investigate further. But be cautious, removing stalkerware could alert the person who installed it, which may be dangerous in cases of domestic violence. Under these circumstances, you may want to seek legal advice.

Native tracking features

You may also be surprised to find out that native apps can be used for digital stalking. Some of the most common forms of digital stalking rely on features already built into your phone, which means an abuser could potentially track you without installing shady third-party apps.

Both Apple and Android mobile devices have native location tracking. These tools are designed to provide peace of mind and ease of use, such as helping you find a lost phone, keeping tabs on your kids, or coordinating with a partner while traveling.

However, this creates an easy way for abusive partners to turn your smartphone or tablet into a constant tracking device, without your knowledge and with just a few taps.

Native apps used for tracking:

• Apple’s “Find My” can be used to share your live location with another Apple user. If your partner has physical access to your phone, they could enable location sharing from your iPhone without your knowledge.
• Google’s “Find My Device” or Family Link can be set up to track your Android’s location. This is why it can be dangerous to share access to a physical device; an abuser might quickly gain access to your Google account or set up a monitoring profile without your knowledge.

The worrying thing about native apps is that they create an element of plausible deniability. An abuser can claim they didn’t know the tracking was active, or claim that it must have been set up by accident. This makes it crucial to be aware of native tracking features and to check that they haven’t been enabled.

Imagine this: You meet a new romantic partner who invites you on a weekend trip to Paris. While you’re there, they suggest turning on Find My so you don’t lose each other. It seems harmless. But if you forget to turn it off afterward, they could continue tracking your location long after the trip ends. Even after you’re home, they’d still know where you are.

This is a reminder that even if nothing new is installed, you could still be a victim of digital stalking. Digital stalking does not necessarily require sophisticated hacking skills.

Pet monitoring tools that can be misused as stalkerware

GPS pet trackers and pet-monitoring apps may seem harmless, but they can easily be repurposed to track someone without their consent. These tools are small, discreet, and often work silently in the background. The same could be said for Apple AirTags, as Apple AirTag stalking is also on the rise.

If someone hides one in your bag, vehicle, or personal belongings, they could use it to monitor your real-time location without ever touching your phone.

Some examples of pet GPS tracking apps that could be misused include:

• Tractive: Offers real-time GPS tracking and activity monitoring for dogs and cats, with a web dashboard and mobile app.
• Fi: A smart collar with live GPS tracking and geofencing alerts, often accurate within a few feet.
• Whistle GO Explore: Combines GPS tracking with health and activity monitoring. Can send movement alerts via app or SMS.
• Jiobit Smart Tag: Marketed for both children and pets. Extremely small and discreet, with real-time location tracking and mobile alerts.
• Pawfit 3: Tracks GPS location and also monitors ambient noise levels, potentially allowing someone to know when you’re speaking or moving.
• PetFon: A compact GPS tracker that doesn’t require a monthly subscription. Has live tracking and sound alerts.

These apps are designed for animal safety. However, they could easily be hidden in a purse, coat pocket, or car to allow an abuser to monitor your whereabouts via the connected app.

Home monitoring tools used for stalking

Smart home gadgets like Ring cameras, baby monitors, and hidden nanny cams can also be misused for digital stalking and home surveillance.

If someone installs these devices in your home without your knowledge or continues to access them after a breakup or relocation, they could be watching or listening to you without your consent.

These tools have previously been used to spy on housemates, ex-partners, Airbnb guests, or even tenants.

Common tools that can be misused include:

• Ring cameras
• Google Nest / Alexa-enabled indoor cams
• Nanit and other baby monitor apps
• Smart plugs or lights with embedded microphones
• Hidden nanny cams disguised as clocks or chargers

These gadgets can be remotely accessed by whoever originally set them up. In rental properties, this raises concerns about previous tenants spying on new occupants, especially if the wifi network hasn’t been changed and the device is still active in the property. In some cases, this could lead to snooping – or even burglary – by letting the previous tenant know when the new occupant isn’t home.

If you suspect you’re being watched or tracked by a device in your home, disconnect it, disable its network access, and preserve any evidence before alerting the authorities.

How do you detect stalkerware?

Worried someone might be stalking you through your phone or computer? It’s vital to check for signs of spyware, stalkerware, or even a Remote Access Trojan (RAT) – one of the most dangerous surveillance tools a hacker can install on your device.

Detecting stalkerware takes a mix of vigilance, manual checks, and specialist tools. That said, even keeping your antivirus up to date can help protect against common threats like keyloggers and other common malware variants.

Below, we’ve included some common signs to monitor for. If you notice any of these things, you might be a victim of stalkerware:

• Rapid battery drain even when the phone isn’t in use.
• Unexplained spikes in data usage
• Unusual phone behavior like frequent overheating, delayed shutdowns, or random restarts.
• Changed settings that you didn’t adjust yourself.
• Sluggish performance, app crashes, or lag.

Also, think about who’s had physical access to your phone, tablet, or computer. If someone could have installed apps without your consent, be sure to check your device for any unauthorized monitoring tools, and be on high alert for any of the stalkerware symptoms listed above.

How to check for Stalkerware on Android

Android devices are known to be more vulnerable to stalkerware, and the danger intensifies if your device is rooted. You can follow the steps below to check whether your Android has been infected:

1. Review installed apps

Start by checking for any unusual apps that may have been installed without your knowledge or consent. You can do this by heading to Settings > Apps > See all apps

Check for any unknown apps and for apps that have generic names designed to fly under the radar, such as:

• System Services
• Device Health
• Update Manager
• Wi-Fi Utility
• Battery Saver Pro
• Bluetooth Control
• App Sync
• Google Settings (fake version)
• Security Log Agent
• Android Service
• System UI Helper
• Data Sync
• Network Manager
• Device Admin
• SIM Toolkit+
• Backup Service
• Com.android.system.update (or other strange package-style names)

We also recommend being suspicious of any apps with names such as “Hidden App” as they could be masking their true identity. If you didn’t install or use any app intentionally to hide other apps, it’s safest to uninstall it.

2. Check the app drawer

Your Android app drawer is the screen that shows all installed apps, including those not placed on your home screen. On most Android phones and tablets, you can access the app drawer by heading to your home screen and swiping up.

Once in the app drawer, review each app carefully. If you find anything suspicious, or a folder called Hidden apps, tap it to view the list of apps hidden from the drawer.

You can also tap the three-dot menu in the top right of the app drawer to open its settings and check for hidden apps. Once in the settings, look for an option like “Hide apps” or “Hidden apps” and check if anything unusual is listed there. If you haven’t hidden any apps yourself and something appears, treat it as a red flag.

Bear in mind that Stock Android doesn’t always include a native “hide apps” feature. However, third-party launchers like Nova or Poco might include this feature, even on devices running a version of Android that doesn’t have it natively.

If someone has ever offered to “clean up your phone” or “speed it up,” they might have installed a custom launcher that allows them to hide apps without your knowledge. For this reason, we recommend checking if you have a custom launcher installed.

On Samsung devices (One UI 5 & 6):

1. Tap and hold on a blank area of the home screen.
2. Tap Settings (the gear icon in the bottom right).
3. Scroll down and tap Hide apps on Home and Apps screens.
4. Now, check the Hidden apps list at the top.

Hidden apps still appear in system settings under Settings > Apps. But they won’t show in your app drawer unless unhidden.

Note: If you’re concerned about hidden stalkerware, it is vital to remember that some apps may not show up in the drawer at all, even in hidden app menus. That’s why it’s important to also check:

• Settings > Apps > See all apps
• Device admin permissions
• Recently installed apps and APKs

3. Search manually

Another option is to manually use the search tool in your apps drawer/apps screen to check for names like “System,” “Sync,” or “Service.” Some hidden apps may still appear in search results even if they’re not visible on your home screen or app drawer.

4. Install a security scanner or anti-stalkerware tool

If manual checks aren’t turning anything up, we recommend installing a tool designed to find and remove spyware, stalkerware, and dangerous surveillance packages such as Remote Access Trojans.

In addition to a reliable antivirus with real-time scanning, such as TotalAV or Norton, you may want to consider one of the services listed below:

• Certo Mobile Security (iOS & Android): Built to detect stalkerware, hidden tracking apps, and unauthorized configuration profiles.
• Incognito – Spyware Detector (Android): Detects spyware, hidden tracking apps, and high-risk permissions. Designed for user-friendly scans on rooted and unrooted devices.
• Malwarebytes Mobile Security (Android): A reputable anti-malware app that can spot hidden spyware and malicious apps, including RATs and hidden trackers.
• Avast Mobile Security (Android): Includes real-time scanning and privacy audit tools to identify hidden apps or apps abusing permissions.
• Bitdefender Mobile Security (Android): Offers strong spyware detection and real-time monitoring for suspicious behavior, including hidden services and unauthorized app activity.
• Norton Mobile Security (Android): Provides app insight and device health reports. While it’s more generalized, it can help flag apps that misuse permissions.
• iVerify (iOS): Helps detect configuration profile abuse and gives security recommendations specific to your iPhone.

How to check device admin permissions on Android

Some stalkerware apps use Android’s “Device admin” privileges to make themselves harder to remove or to gain deeper control over your system. Apps with admin privileges can block uninstallation, remotely lock your screen, monitor unlock attempts, or disable critical security settings.

Here’s how to check device admin access:

1. Go to: Settings > Security > Device admin apps
2. On newer Android devices, go to: Settings > Security > More security settings > Device admin apps

Review the list for any apps you don’t recognize.  Be especially cautious of apps named “System Update,” “Device Health,” or “Wi-Fi Services.” These are often used to disguise malicious tools. A quick online search can help confirm legitimacy.

If an unknown app has admin access, toggle it off immediately. After disabling admin access, go ahead and uninstall the app as well.

How to check recently installed apps and APKs

If someone has had access to your phone, they may have manually installed stalkerware using an APK file (Android Package Kit). These are installation files used to sideload Android apps outside of the official Play Store, and they’re a common attack vector for delivering spyware.

That’s why we strongly recommend avoiding third-party app repositories. A cloned app from an unofficial source could easily infect your phone with a Trojan.

Unlike apps downloaded from the Play Store, APK installs don’t go through Google’s security vetting process. This means they could contain malicious code or services designed for digital stalking. Some APKs may be installed as hidden apps that don’t show up in search results or the app drawer.

Even if you don’t remember installing anything new, it’s a good idea to review your install history, especially if you’ve noticed signs of stalkerware covered earlier in this guide. We also recommend reviewing recent installs if your partner or someone else has had physical access to your device.

How to check your recent app installations:

• Go to Settings > Apps > See all apps
  Tap the three-dot menu (top right) and select Sort by > Last used or Last installed
• Carefully review the most recent apps. Look for anything unfamiliar, especially with generic or system-sounding names like: Update Service, Device Manager, App Sync, Wi-Fi Helper, Security Services. 

If you find anything suspicious, we recommend uninstalling right away.

Important note: Stalkerware apps won’t always show up in your Play Store history because they were sideloaded directly from a USB or file manager app. For this reason, we also recommend checking your file downloads for any unexpected .apk files: