Skip to content

Your Android phone could have stalkerware: here’s how to remove it

Consumer Spyware Apps that covertly and continuously monitor your private messages, photos, phone calls and real-time location are a growing problem for Android users.

This guide can help you identify and remove common surveillance apps from your Android phone, including The truth spy, kidsguard and other apps.

READ OUR EXCLUSIVE RESEARCH

Consumer spyware applications are often sold under the guise of child or family tracking software, but are known as “stalkerware” and “spouseware” for their ability to also track and monitor partners or spouses without their consent. These spyware applications are downloaded from outside from the Google Play app store, placed on a phone without a person’s permission and often disappear from the home screen to avoid detection.

Stalkerware apps rely on the abuse of built-in Android features that are often used by companies to remotely manage their employees’ work phones or use Android’s accessibility mode to spy on someone’s device.

You may notice that your phone is acting unusual, heating up more or slower than usual, or using large amounts of network data, even when you’re not actively using it.

It is possible to quickly and easily check if your Android device is compromised.

Before you start

It is important to have a safety plan and reliable support if you need it. Keep in mind that removing spyware from your phone will likely alert the person who installed it, which could create an unsafe situation. He Coalition against stalkerware offers advice and guidance for victims and survivors of stalkerware.

Please note that this guide only helps you identify and remove spyware applications, it does not remove data that has already been collected and uploaded to their servers. Additionally, some versions of Android may have slightly different menu options. As is usual with any advice, you follow these steps at your own risk.

Check your Google Play Protect settings

Three side-by-side screenshots showing Play Protect with scanning disabled, then Protect Play settings with all controls enabled, and the third screenshot showing Google Play Protect enabled and showing "No harmful applications found," presenting a "scan" to scan for potentially malicious applications.

Make sure Google Play Protect, a security feature on Android phones, is enabled. Image credits: TechCrunch

Google Play Protect is one of the best safeguards to protect against malicious Android apps examining applications downloaded from the Google App Store and external sources for signs of potentially malicious activity. Those protections stop working when Play Protect is turned off. It is important to make sure Play Protect is turned on to ensure it is working and checking for malicious apps.

You can check that Play Protect is enabled through the Play Store app settings. It can also scan for harmful apps, if a scan has not been performed yet.

Check if accessibility services have been tampered with

Stalkerware relies on deep access to your device to access data and is known to abuse Android’s accessibility mode which, by design, requires broader access to the operating system and its data for screen readers and other features to work. accessibility.

Android users who don’t use apps or accessibility features should not see any apps in their Android settings.

If you don’t recognize a downloaded service in the Accessibility options, you may want to disable it in the settings and delete the app. Some stalkerware apps are disguised as normal-looking apps and are often called “Accessibility,” “Device Status,” “System Service,” or other harmless-sounding names.

Two screenshots side by side showing an app called KidsGuard that hijacks the accessibility feature on Android to spy on unsuspecting users. The second screenshot shows three stalkerware apps, called Accessibility, KidsGuard, and System Service, all turned off so that they are no longer actively working.

Android spyware often abuses built-in accessibility features. Image credits: TechCrunch

Check your notification access

Like accessibility features, Android also allows third-party apps to access and read your incoming notifications, such as allowing smart speakers to read alerts out loud or allowing your car to display notifications on your dashboard. Granting notification access to a stalkerware app allows persistent monitoring of your notifications, including messages and other alerts.

You can check which apps have access to your notifications by checking your Android notification access settings under Special app access. You may recognize some of these apps, such as Android Auto. You can disable notification access for any app you don’t recognize.

Three side-by-side screenshots, one showing how to disable notification access in Android settings, followed by a screenshot of a stalkerware app called "System service" turned off, and the third shows a list of apps in the notification access in Settings, since they are all shown "Not allowed."

Spyware takes advantage of notification access to read users’ messages and other alerts. Image credits: TechCrunch

Check if a device management app has been installed

Other features commonly abused by stalkerware are Android device management options, which have similar but even broader access to Android devices and user data.

Companies often use device management options to remotely manage their employees’ phones, such as wiping the phone in case the device is stolen to prevent data loss. But these features also allow stalkerware apps to spy on your Android screen and device data.

Two screenshots side by side, one of which shows a dodgy look "Security settings" application with full administrative control over the Android device in question, allowing you "delete all data" and "lock the screen." The second screenshot shows the currently installed device management apps as all turned off.

An unrecognized item in your device’s management app settings is a common indicator that the phone is compromised. Image credits: TechCrunch

You can find the device management app settings in Settings under Security.

Most people don’t have a device management app on their personal phone, so be wary if you see an app you don’t recognize, with an equally obscure and vague name like “System Service,” “Device Status,” or “Device administrator”. .”

Check apps to uninstall

You may not see an icon on your home screen for any of these stalkerware apps, but they will still appear in the apps list on your Android device.

You can see all installed apps in Android settings. Look for apps and icons that you don’t recognize. These apps may also show that they have extensive access to your calendar, call logs, camera, contacts, and location data.

Three side-by-side screenshots showing three stalkerware apps disguised as regular apps, one called "device health," another call "kidsguard" and a third called "System service." All of these apps have overly broad access permissions to a user's data.

Spyware applications are designed to blend in with generic-looking names and icons. Image credits: TechCrunch

Forcing a stalkerware app to stop and uninstall will likely alert the person who placed the stalkerware that the app no ​​longer works.

Secure your device

If stalkerware was placed on your phone, there is a good chance that your phone is unlocked, unprotected, or that your screen lock has been guessed or learned. A more secure lock screen password can help protect your phone from intruders. You should also protect email and other online accounts using Two-factor authentication where possible.

If you or someone you know needs help, the National Domestic Violence Hotline (1-800-799-7233) provides free, confidential 24/7 support to victims of domestic violence and abuse. If you are in an emergency situation, call 911. The Coalition against stalkerware You have recourse if you believe your phone has been compromised by spyware.

Read more on TechCrunch:

Tags: