There are multiple ways to prevent a government agency, country, or cybercriminal from peeking into our digital lives, for example, by using virtual private networks (VPNs), end-to-end encryption, and browsers that do not track user activity.
Face it: Your personal and business data is under threat 24/7 -- and protecting those digital assets while you shop, bank, and play online remains job one. Here's the good news: More security-focused tools and strategies are available than ever. 's mostup-to-date cybersecurity guides deliver practical tips to stay safe and productive today amid the ever-evolving threat landscape tomorrow.
Read nowBut, it can be extremely difficult to detect or remove spyware once it's implanted in a device.
This guide will run through different forms of malicious software that could end up on your iOS or Android handset, what the warning signs of infection are, and how to remove such pestilence from your mobile devices -- whenever it is possible to do so.
We will also touch upon stalkerware and other ways threats closer to home may spy on you -- and what you can do about it.
Spyware comes in many forms, and before you can tackle the problem, it's useful to know the basic differences.
Nuisanceware is often bundled with legitimate apps. It interrupts your web browsing with pop-ups, changes your homepage or search engine settings, and may also gather your browsing data in order to sell it off to advertising agencies and networks.
Although considered malvertising, nuisanceware is generally not dangerous or a threat to your core security. Instead, these malware packages are focused on illicit revenue generation by infecting machines and creating forced ad views or clicks.
Also: How to protect and secure your password manager
There's also basic spyware. These generic forms of malware steal operating system and clipboard data and anything of potential value, such as cryptocurrency wallet data or account credentials. Spyware isn't always targeted and may be used in general phishing attacks.
Spyware may land on your device through phishing, malicious email attachments, social media links, or fraudulent SMS messages.
Advanced spyware, also known as stalkerware, is a step up from basic spyware. Unethical and sometimes dangerous, this malware is sometimes found on desktop systems, but it is now most commonly implanted on phones. Spyware and stalkerware may be used to monitor emails and SMS and MMS messages sent and received; to intercept live calls for the purpose of eavesdropping across standard telephone lines or Voice over IP (VoIP) applications; to covertly record environmental noise or take photos; to track victims via GPS; or to hijack social media apps such as Facebook and WhatsApp. Stalkerware may also include keylogging features.
Stalkerware is typically used to spy on someone as an individual and watch what they do, say, and where they go. Stalkerware is commonly linked to cases of domestic abuse.
Finally, there's government-grade commercial spyware. Pegasus is the most well-known recent case, sold to governments as a tool for combating terrorism and for law enforcement purposes. Pegasus ultimately was found on smartphones belonging to journalists, activists, political dissidents, and lawyers.
In November 2022, the Google Threat Analysis Group (TAG) published details on Heliconia, a new commercial spyware framework with a potential link to a private Spanish company.
There are several signs to watch for that might indicate you are being targeted by a spyware or stalkerware operator.
Finding yourself the recipient of odd or unusual social media messages or emails might be part of a spyware infection attempt. You should delete these without clicking on any links or downloading any files.
The same is true for SMS messages, which may contain links to trick you into unwittingly downloading malware.
Also: This notorious ransomware has now found a new target
To catch a victim unaware, these phishing messages will lure you into clicking a link or executing software that hosts a spyware or stalkerware payload. If the malware is being loaded remotely, user interaction is required, and so these messages might try to panic you -- for example, by demanding payment to a tax office or bank, or by posing as a failed delivery notice. Messages could potentially use spoofed addresses from a contact you trust, too.
When it comes to stalkerware, initial infection messages may be more personal and tailored to the victim.
Physical access or the accidental installation of spyware by the victim is necessary. However, it can take less than a minute to install some variants of spyware and stalkerware.
If your phone goes missing or has been out of your possession for a time, and reappears with different settings or changes that you do not recognize, this may be an indicator of tampering.
You may experience unexpected handset battery drain, overheating, and strange behavior from the device's operating system or apps. Settings such as GPS and location functions may turn on unexpectedly or you may see random reboots. If you are suddenly using far more data than normal, this could be an indication that information is being sent from your smartphone or that remote connections are active. You may also have trouble turning off your device completely.
Certain forms of spyware focused on fraudulent revenue generation may be able to secure enough permissions to impact your bank balance. If you are signed up for services or premium SMS plans and you know you didn't consent to them, this could be a sign that spyware is on your device. Keep an eye on your credit cards for any signs of suspicious payments.
Also:How to clear the cache on your Android phone or tablet (and why you should)
An important point to mention is that sometimes spyware or other forms of malicious software might end up on your device via an originally benign app. There have been cases of developers releasing a genuine, useful app in official repositories, such as a currency converter or weather app, and then -- after a large user base has been gathered -- the developers twist the app's functions.
Last year, Google removed malicious apps from the Google Play Store that had been masquerading as Bluetooth utilities and had been downloaded by over a million users. While the apps didn't appear malicious at first, within days, users were bombarded with ads and pop-ups.
Surveillance software is becoming more sophisticated and can be difficult to detect. However, not all forms of spyware and stalkerware are invisible, and it is possible to find out if you are being monitored.
One telltale sign on an Android device is a setting that allows apps to be downloaded and installed outside of the official Google Play Store.
If this setting is enabled, this may indicate tampering and jailbreaking without your consent. Not every form of spyware and stalkerware requires a jailbroken device, though.
This setting is found in most modern Android builds in Settings > Security > Allow unknown sources. (This varies depending on the device and vendor.) You can also check Apps > Menu > Special Access > Install unknown apps to see if anything appears that you do not recognize, but there is no guarantee that spyware will show up on the app list.
Some forms of spyware will also use generic names and icons to avoid detection. For example, they may appear to be a useful utility app such as a calendar, calculator, or currency converter. If a process or app comes up on the app list that you are not familiar with, a quick search online may help you find out whether it is legitimate.
iOS devices that aren't jailbroken are generally harder to install malware on than Android handsets -- unless an exploit for a zero-day or unpatched vulnerability is used against you. However, the same malware principles apply: With the right tool, exploit, or software, your device could be compromised either with physical access or remotely. You may be more susceptible to infection if you have not updated your iPhone's firmware to the latest version and you do not run frequent antivirus scans.
Both iOS and Android phones, however, will typically show symptoms of a malware infection.
By design, spyware and stalkerware are hard to detect and can be just as hard to remove. It is not impossible inmost cases, but it may take some drastic steps on your part. Sometimes the last-resort option may be to abandon your device.
When spyware is removed, especially in the case of stalkerware, some attackers will receive an alert warning them that the victim's device has been cleaned up. Should the flow of your information suddenly stop, this would be another clear sign to the attacker that the malicious software has been removed.
Do not tamper with your device if you feel your physical safety may be in danger. Instead, reach out to the police and supporting agencies.
Also: Apple issues security fixes for iPhone, iPad, Apple Watch to fight Predator spyware
Now, here are some removal options:
Google's guide to factory resetting your device can be found here, and Apple has also provided instructions on its support website.
Unfortunately, some stalkerware services may survive factory resets. So, failing all of that, consider restoring to factory levels and then throwing your device away.
If you have found suspicious software on your handset, consider the following:
Also: How tech is a weapon in modern domestic abuse -- and how to protect yourself
Government-grade spyware can be more difficult to detect. However, as noted in a guide on Pegasus published by Kaspersky, there are some actions you can take to mitigate the risk of being subject to such surveillance, based on current research and findings:
Use atrusted, paid VPN service,and install an app that warns when your device has been jailbroken. Some AV apps also will perform this check.
It is also recommended that individuals who suspect a Pegasus infection make use of a secondary device, preferably running GrapheneOS, for secure communication.
Unfortunately, no mobile device is completely protected against the scourge of spyware. However, we have provided some tips below to mitigate the risk of future infections:
Also: 5 quick tips to strengthen your Android phone security today
Google and Apple are generally quick to tackle malicious apps that manage to avoid the privacy and security protections imposed in their respective official app stores.
Several years ago, Google removed seven apps from the Play Store that were marketed as employee and child trackers. The tech giant took a dim view of their overreaching functions -- including GPS device tracking, access to SMS messages, theft of contact lists, and potentially the exposure of communication taking place in messaging applications. Google has also banned stalkerware ads. However, some apps still apparently slip through the net.
Also: How to use iPhone's Security Keys feature to protect your Apple ID
Google's Threat Analysis Group is constantly publishing research on new commercial spyware strains and their potential targets.
Apple has cracked down on parental control apps, citing privacy-invading functions as the reason for removal. The company offers its own parental device control service called Screen Time for parents who want to limit their child's device usage. Furthermore, the company does not allow sideloading -- that is, the installing of third-party apps from sources other than Apple's App Store.
In 2022, Apple revealed the details of a$10 million grant to research ways to combat state-sponsored spyware.
There are threats and inappropriate material around every corner online, and while children often want a smartphone and to be on social media at a young age, parents want to be able to monitor what they are viewing and who they are interacting with online. This, in itself, is responsible, but at the core, parental control apps are designed for surveillance.
The main issue is the capacity for abuse. Standalone parental control apps can be abused and the permissions they require can be incredibly intrusive -- not only for children but in relation to anyone's privacy.
Also: The best parental control apps to keep your kids safe online
A balance between a right to privacy and protection has to be maintained, and it's a difficult tightrope to walk. Both Apple and Google have introduced parental controls for Android devices, Chromebooks, iPhones, and iPads. These platforms focus on restricting screen time, locking and unlocking devices, and features such as permissions list management, restricting web content and app downloads, and purchase approvals.