How to find and remove stalkerware apps

Tips & tricksVideo
7 mins
Written by 

Marcus Tsui

Last updated on 

Last updated

Few malicious software types are as invasive as stalkerware. If someone has installed it on your phone, they are able to monitor not just your location but also what you are typing into your device. Find out how these apps work and what to do if you’re being stalked with one.

Jump to…
What is stalkerware?
Types of stalkerware apps and their common functionalities
How to detect and remove stalkerware apps on your mobile devices
Ways to protect yourself against stalkerware

What is stalkerware?

Stalkerware is a form of commercially available spyware that lets you monitor people, especially those you have a personal relationship with, such as employees, spouses, or intimate partners. 

Stalkerware use is increasing: In 2021, cybersecurity service Malwarebytes revealed that stalkerware detections hit an all-time high for smartphones with 54,677 alerts reported. Stalkerware apps tend to affect phones since people take their smartphones everywhere they go. The amount of data collected from a smartphone is usually far more valuable than data from a PC or laptop.

The main difference between stalkerware and spyware is that stalkerware is generally used by individuals while spyware is used by government and law enforcement agencies.

Stalkerware isn’t just unethical, it’s also just plain creepy. In this post, we explain the different types of stalkerware, how they work, and how to protect yourself from such apps.

3 types of stalkerware apps and their common functionalities

Cybersecurity experts have not provided exact names for different types of stalkerware apps. However, they can be sorted by the types of information collected.

Apps that monitor communications

This class of stalkerware is designed to record phone calls and log keystrokes of every message and email you send. 

Apps that track location

An app may keep track of GPS coordinates or guess your location based on the Wi-Fi networks you connect to. Location data can reveal a lot of information about a person and their habits.

Apps that steal files and intimate data

These apps watch your devices for any changes and transmit them to a server the stalker can access. This is a significant privacy invasion but is also particularly dangerous if a victim has sensitive photographs, video, and other types of recordings that could be used against them. 

Two of the most common stalkerware apps, Cerberus and Reptillicus, operate in stealth mode. They allow users to read messages from third-party messengers like WhatsApp and Telegram, text messages, and view photos and videos in media galleries. Some stalkerware apps allow users to track calendar events, take screenshots, access contact lists, and even take front camera photos.

How is stalkerware installed?

For someone to install stalkerware on your phone, they most likely need to do so physically on your device. This is why you should never leave your phone unattended and unlocked or lend your phone to anyone to use, especially if that person might have reason to stalk you. Note that because iPhone apps must be downloaded from the App Store, it is more difficult for someone to download malicious software onto an iPhone.

Someone could take your phone and install a stalkerware app from the App Store and Play Store, although they are given innocuous descriptions like “family tracker”. Stalkerware may also be sideloaded onto a phone, by connecting it with a cable to the attacker’s computer. Both of these methods require the attacker to have direct physical access to your phone.

The stalker might also install the software on your phone through a link. They could also attempt to trick you into installing it on your own device through a link.

Common stalkerware apps to know of

Here’s a list of some of the more common stalkerware apps:

  • Cerberus
  • Reptillicus
  • Track My Phones
  • AndroidLost
  • MobileTracker Free
  • Hoverwatch
  • wSpy

How to identify and remove stalkerware on iOS

Scan for unfamiliar apps

One of the best ways to determine if there is stalkerware on your phone is to check for unfamiliar apps manually. If you don’t remember installing an app, it might be worth clicking on it and checking the app yourself. If you’re still unsure if an app is stalkerware, you could search for its name online for more information. 

Check for unknown configuration profiles 

Head to Settings > General > VPN & Device Management to check for these configuration profiles. If you spot a profile, you can click on it and find out what it does and delete it, if necessary. 

Search for signs of a jailbreak

While it’s difficult for anyone to install stalkerware on iPhones because of app limitations set by Apple, it’s still possible if a hacker can jailbreak a phone and install stalkerware. One sign that your phone has been jailbroken is if you’ve got an alternative app store installed, such as Cydia, instead of Apple’s official App Store. 

Perform a privacy audit

Some Apple data-sharing features like Family Sharing, Find Me, and Shared Albums risk being taken advantage of by malicious individuals. To protect its consumers, Apple has published a privacy checklist that consumers can follow to perform privacy audits. 

Lock down iCloud

If you suspect your phone has been tampered with, resetting your iCloud password to protect any sensitive data you might have is best. Additionally, you’ll want to enable two-factor authentication (2FA) for your Apple ID, too.

How to identify and remove stalkerware on Android

Run Google Play Protect

Google’s Play Protect is a service that runs safety checks on apps downloaded from the Google Play Store before they’re downloaded onto your phone. The service also checks your device for potentially harmful apps. 

Check the accessibility services on your phone

Stalkerware apps rely on access to your camera, microphone, and certain folders to do their jobs well. You can check if your phone has stalkerware apps by heading to the Accessibility settings on your device to see which apps can access certain functions. 

See if a device administrator  has been installed

Device administration access is assigned to some pre-installed applications on Android devices, and this sort of access allows apps to write, erase, and transfer data from the device if it’s stolen or gone missing. Stalkerware apps require access to these administration settings to be able to write and transfer data from one device to another. 

Manually run checks on apps

A great way to ensure you know all your downloaded apps is to check through them individually. Most stalkerware apps don’t appear on the homescreen of smartphones, but they might still appear on the device’s wider app list.

What do I do if there’s stalkerware on my phone?

Here’s what you can do if you suspect stalkerware on your phone:

Prioritize your safety

Consider your safety first. Stalkerware can be a sign of an abusive relationship or one that’s intrusive. If you’re concerned about your physical safety, reach out to a domestic violence hotline or organization for help and guidance.

Identify and remove the stalkerware

First, scan your phone for malware by downloading a reputable mobile security app or antivirus software. Some popular options include Malwarebytes and Bitdefender Mobile Security.

Next, review the permissions granted to your apps in your phone’s settings. Look for apps with excessive permissions, such as access to your location, microphone, camera, or call logs, that you don’t recognize or haven’t authorized. Uninstall any suspicious apps.

Change your passwords

Finally, change your passwords. Reset your passwords for all your online accounts, especially those you accessed on your phone. Use strong, unique passwords for each account, and consider enabling two-factor authentication for added security

How to protect yourself against stalkerware 

There are several simple ways to protect yourself against stalkerware:

  • Change all your passwords and enable multi-factor authentication on your trusted devices.
  • Avoid rooting or jailbreaking your device. Rooting or jailbreaking a device removes operating system restrictions to allow third-party app installations, bypassing built-in security measures. Stalkerware features often require this bypass. On iPhones, stalkerware installation usually requires jailbreaking. Rooted or jailbroken phones are more vulnerable to viruses, malware, and stalkerware.
  • Don’t leave your smartphone or other devices unattended. 
  • Make it a point to periodically check through apps on your phone and remove unnecessary apps.
  • Ensure that your operating system and apps are up to date so any known vulnerabilities are patched.
  • As a last resort, back up your data and perform a factory reset on your device to start afresh. Remember that you should only install essential apps with a fresh install/factory reset of your device’s operating system.

FAQ: About stalkerware apps

Are stalkerware apps legal?
How do stalkerware apps work?
Who would use stalkerware apps?
Phone protected by ExpressVPN.
Privacy should be a choice. Choose ExpressVPN.
Get ExpressVPN

30-day money-back guarantee

A phone with a padlock.
We take your privacy seriously. Try ExpressVPN risk-free.
Get ExpressVPN
What is a VPN?
Marcus Tsui
Hi, you've reached Marcus. Dial '1' for privacy, '2' for point and click adventure games, and '3' for paranormal stories. For all other enquiries, please stay on the line and he'll be with you shortly.