A significant threat to Android users is the presence of consumer-grade spyware apps that discreetly monitor private messages, photos, phone calls, and real-time location.

This guide is designed to help you detect and remove common surveillance apps from your Android device, including notable examples such as TheTruthSpy, Cocospy and Spyic, among others.

These spyware apps are often marketed as child monitoring or family-tracking software but are also referred to as “stalkerware” and “spouseware” due to their ability to track and monitor partners or spouses without consent. They are typically downloaded from outside the Google Play store, installed on a device without permission, and can hide from the home screen to avoid detection.

Stalkerware apps exploit built-in Android features, such as those used by companies to manage work phones remotely or Android’s accessibility mode, to gain unauthorized access to a device.

If your phone is acting strangely, running hotter or slower than usual, or consuming large amounts of network data even when not in use, it may be compromised.

Fortunately, checking for potential compromise can be done quickly and easily.

Before You Begin

It’s essential to have a safety plan in place and access to trusted support. Removing spyware from your phone may alert the person who installed it, potentially creating an unsafe situation. The Coalition Against Stalkerware offers valuable advice and guidance for victims and survivors of stalkerware.

Please note that this guide only assists in identifying and removing spyware apps and does not delete data that has already been collected and uploaded to servers. Additionally, different Android versions may have slightly varying menu options, and following these steps is at your own risk.

Enable Google Play Protect

Google Play Protect is a crucial security feature in Android phones, scanning apps from the Google Play store and other sources for signs of malicious activity. However, its protections are ineffective when switched off. It’s crucial to verify that Play Protect is enabled to ensure it’s actively scanning for malicious apps.

You can check if Play Protect is enabled through the Play Store app settings and initiate a scan for harmful apps if one hasn’t been performed recently.

Check Accessibility Services

Stalkerware apps rely on deep access to your device to gather data and often exploit Android’s accessibility mode, which requires broad access to the operating system and user data for features like screen readers to function.

If you don’t use accessibility apps or features, you should not see any apps listed in this section of Android’s settings.

If you encounter an unfamiliar service in the Accessibility options, consider switching it off in the settings and removing the app. Some stalkerware apps disguise themselves as ordinary apps with names like “Accessibility,” “Device Health,” or “System Service.”

Check Notification Access

Similar to accessibility features, Android allows third-party apps to access and read incoming notifications, such as enabling smart speakers to read alerts aloud or displaying notifications on a car’s dashboard. Granting notification access to a stalkerware app enables persistent surveillance of notifications, including message contents and other alerts.

You can check which apps have access to your notifications by reviewing your Android notification access settings under Special app access. You may recognize some apps, like Android Auto. You can switch off notification access for any unrecognized apps.

Check for Device Admin Apps

Stalkerware apps also exploit Android’s device admin options, which offer broader access to devices and user data, similar to accessibility features.

Device admin options are typically used by companies to manage employees’ work phones remotely, such as wiping a phone in case of theft to prevent data loss. However, these features also allow stalkerware apps to monitor the Android display and device data.

You can find device admin app settings in the Settings under Security.

Most individuals won’t have a device admin app on their personal phone, so be cautious if you see an unfamiliar app, possibly named something vague like “System Service,” “Device Health,” or “Device Admin.”

Identify Apps to Uninstall

You might not find a home screen icon for these stalkerware apps, but they will still be listed in your Android device’s app list.

You can view all installed apps in Android’s settings. Look for apps and icons you don’t recognize. These apps may also have broad access to your calendar, call logs, camera, contacts, and location data.

Force stopping and uninstalling a stalkerware app will likely notify the person who planted the stalkerware that the app is no longer functional.

Secure Your Device

If stalkerware was installed on your phone, it’s likely that your phone was unlocked, unprotected, or that your screen lock was guessed or learned. Implementing a stronger lock screen password can help protect your phone from intruders. You should also secure email and other online accounts using two-factor authentication whenever possible.

If you or someone you know needs assistance, the National Domestic Violence Hotline (1-800-799-7233) provides 24/7 free, confidential support to victims of domestic abuse and violence. In emergency situations, call 911. The Coalition Against Stalkerware offers resources if you suspect your phone has been compromised by spyware.