Mobile Spyware: Identification, Removal, and Prevention

Please note that the contents of this document should not be regarded as legal advice. The information contained within is relevant as of August 2022.

Safe phone/device

When searching for information or calling for support we recommend using a phone/device you do not suspect is monitored. This could be a public library, support worker or a trusted family member or friend’s phone or computer.

24 October 2022: The current version of Apple iOS that is known to be jailbroken is 15.3.1, which Apple released in February 2022.

You can find out the latest version of iOS here.

National Sexual Assault, Domestic and Family Violence Counselling and Information – 1800 RESPECT

If you suspect someone is monitoring you using technology, the abusive person may also be making you feel unsafe in other ways. If you would like to explore support options available, you can contact 1800RESPECT by phone (1800 737 732) or online chat (24 hours) from a safe phone or device. If you have a support worker, it may be helpful to discuss the monitoring and technology abuse with them and incorporating into your support and safety plan.

Safety Planning

Before acting, please consider how the person may react if you remove their ability to monitor you. You may wish to discuss this with a support worker and incorporate removing access into your safety plan.

I am concerned that spyware is on my phone. Is this possible?

For spyware to have been placed on your phone, it is most likely that someone would have needed physical access to the device.

It is UNLIKELY for someone to be capable of placing spyware onto your phone without having physical access to the actual device.

There have been instances of remote introduction of spyware onto a device (in the context of domestic violence), but the chances are much greater in circumstances where the abuser has had physical access to the device. It should also be noted that those who own an Android device have a greater risk of having their device remotely infected than those who own an iPhone. Therefore, it is possible but unlikely that spyware has been introduced remotely (particularly if the user did not click suspicious links or visit compromised websites).

If someone did have physical access to your phone, and they knew your passcode, it is possible that spyware may have been placed on your phone. This article, however, will help you identify whether that is likely, and what steps can be taken to help identify and potentially remedy possible threats.

What is spyware and what can it do?

This document considers “mobile spyware” (also known as stalkerware) to refer to an app or program that is deliberately placed on someone’s mobile device for the purpose of monitoring that person.

Depending on the type of spyware installed, in most cases, mobile spyware will monitor:

Call history, including phone number, date, and length of call
Text messages, including phone number and SMS content
Contacts
Internet browsing, including history and bookmarks
Location of the phone
Photos taken on the phone
Email downloaded onto the phone

If the phone has been jailbroken (iPhone) or rooted (Android), spyware software can monitor more, including:

Certain messaging apps, such as WhatsApp, Viber, Signal
Phone conversations
Using the phone’s microphone to record the phone’s surrounding

It is difficult to easily identify whether spyware has been installed. Closer inspection of the phone from a trusted analyst with the suitable expertise to subject the phone to data-traffic analysis or digital forensics could provide more confidence on whether the device has been compromised. Finding such an expert can be an issue.

Once the software is installed, the abusive person can monitor all the above activity via an online website.

If it’s not spyware, what else could it be?

There are several methods by which a person can track or monitor the activities of another person using technology other than Spyware. Monitoring information on Facebook, for example. Similarly, if a person can login to the iCloud or Google account associated with the phone, information from the phone can be accessed that may include location information. Many phones have functions such as “Find My Phone” that can be used to locate the owner of the phone. Within the context of this document, we do not consider these to be “spyware”. It is recognised, however, that these can be a problem from the perspective of tracking and stalking. For information on how to address those issues, please see information available in the WESNET Women’s Technology Safety and Privacy Toolkit. [www.techsafety.org.au/resources]

I own an iPhone. What are the risks of spyware on iPhones?

If you have an iPhone 6 or higher and have been regularly updating the iOS (operating system), the likelihood of spyware being on your phone without your knowledge is UNLIKELY. But again, please keep in mind that apps other than spyware may be revealing signs of your location or activities.

If you have an older iPhone model or have not been updating your iOS on a regular basis, the likelihood of spyware being on your phone without your knowledge is still largely unlikely. In this circumstance, the risk of spyware being on your iPhone without your knowledge is more likely if (a) someone had physical access to your device, (b) that person was aware of your device passcode, as well as your Apple ID login and password.

If you are in the circumstance whereby another person does have access to your physical device, your device passcode, as well as Apple ID login details, and you have reason to believe spyware is on your device, please contact WESNET from a safe device for further information on spyware. [email [email protected]]

I own an Android. What are the risks of spyware on phones that use the Android operating system?

(This includes phones by Samsung, Sony Xperia, Google Pixel, Huawei, LG, HTC, Nokia, etc)

The Android operating system is more vulnerable to spyware being placed on someone’s device without their knowledge compared to iPhone. Unfortunately, it is also easy for a non-expert user to conceal traces of spyware on Android devices. If you are in the circumstance whereby another person does have access to your physical device, your device passcode, and you have reason to believe spyware is on your device, please contact WESNET from a safe device for further information on spyware.

Can I take my phone to the shop where it was purchased or to a local ‘tech expert’ to check for spyware?

There are certain forms of spyware that could be easily identified by an in-store, consumer retail outlet ‘tech expert’. But there are also forms of spyware that would require a more forensic examination that is not readily available to individuals who work in computer or smartphone stores.

Depending on your situation, if the stalking/surveillance through spyware is just one part of the abuse you are experiencing you may wish to seek support from a family violence service to put a safety plan in place, or you may want to contact 1800RESPECT for advice.

I have strong reasons to believe that spyware is being used against me right now. What can I do right now to protect myself?

If you do not have the time or opportunity to seek support regarding spyware, but have reasons to believe that spyware is tracking you, there are some provisional, emergency steps you can take to protect yourself.

Consider using another phone or device for communication or other activities (such as searching for support services) that you would like to keep private. Continuing to use the phone in this way can be helpful if you do not want the abusive person to know that you suspect spyware is on the phone.
(Note: As a precaution, we recommend having conversations (on another device or in-person) that you would like to keep private, out of earshot of the device as some spyware may be able to record the surroundings of the phone).
Also keep in mind that spyware can monitor location, so you may want to be careful about where you go with the phone. If you take the phone to the police, the abuser may know that the phone is at the police station, for example, so think through of any safety issues that you might need.
Spyware will only communicate information whilst the phone is turned on and is connected to the internet. Therefore, turning off the phone will allow temporary relief from GPS tracking or any danger of the camera capturing pictures, audio, or video.
- (Note: Turning on ‘Aeroplane mode’ or ‘Flight Mode’ is also likely to temporarily prevent the spyware from tracking your phone. However, there are rare circumstances under which this mode can be faked, and the phone may still be tracking your data despite being in ‘Aeroplane Mode’ or ‘Flight Mode’. We recommend turning off Wi-Fi and Bluetooth before selecting this option.).
If it is safe to do so, performing a factory reset on your device, ensuring the operating system is up to date and changing your Apple ID/iCloud or Google login passwords might rid the device of the spyware. This will work for many types of spyware but not all. (Hence why seeking further information from WESNET is advisable). A family violence support service will be able to assist you with considering if you would like to preserve evidence, how the abusive person might react if you remove their ability to monitor you, and help you develop a safety plan.
As a measure of last resort, purchasing a brand-new phone should remove the threat of spyware. (However, if purchasing a new Android device, avoid automatically reinstalling apps from your app library and see additional settings below). Your new device should be free of spyware, but it is strongly advisable to change your iCloud/Apple ID or Google login passwords.
- (Note: On Android phones, check the security settings and disable “allow installation from unknown sources” and select “verify apps” to assist in preventing spyware from being installed).

Grateful Acknowledgement

This information has been compiled by three researchers, Dr Diarmaid Harkin, Dr Adam Molnar and Ms Erica Vowles, who spent several months testing spyware apps on Android and Apple phones, in order to determine what level of surveillance such apps enable, and the threat posed to phone users. This information is up to date as of August 2022. This document was developed in conjunction with representatives from WESNET and funded by ACCAN. The operation of the Australian Communications Consumer Action Network is made possible by funding provided by the Commonwealth of Australia under section 593 of the Telecommunications Act 1997. This funding is recovered from charges on telecommunications carriers.

Read this article for more information on Android phone privacy and security.

Read this article for more information on iPhone privacy and security.

Read this article for more information on Smartphones and location strategies

Read this handout for Computer Spyware and Safety

Download this page in a handout version (in PDF).

CLICK HERE

What is mobile spyware

Mobile spyware is software that can be installed on to a mobile phone that will allow someone else to remotely monitor activities on the phone. (Note: mobile spyware is slightly different from computer spyware. Read our Computer Spyware and Safety handout for more on computer spyware.)

Depending on the type of spyware installed, in most cases, the spyware will monitor:

Call history, including phone number, date, and length of call
Text messages, including phone number and SMS content
Contacts
Internet browsing, including history and bookmarks
Location of the phone
Photos taken on the phone
Email downloaded onto the phone

If the phone has been jailbroken (iPhone) or rooted (Android), spyware software can monitor more, including:

Certain messaging apps, such as WhatsApp, Viber, Skype
Phone conversations
Using the phone’s microphone to record the phone’s surrounding

Once the software is installed, the abusive person can monitor all the above activity via an online website.

How do I identify if mobile spyware has been installed?

It is difficult to identify whether spyware has been installed, since most spyware products operate in “stealth” mode, so it cannot be detected on the phone. The best way to identify whether spyware has been installed is for a forensic examination of the phone to be completed, often by police.

If it is not possible to get the police to do a forensic examination, some clues that spyware might have been installed include the following.

Physical access to the phone

All commercially-available spyware products require someone to download the software and run the installation on the phone being targeted. This can be the abusive person or someone who is installing the product on behalf of the abusive person. It is generally difficult for the user to accidentally install the software since this is an active process. The installation process generally requires 15-20 minutes to install.

Abusive person’s knowledge

Another clue that perhaps spyware might be installed is if the abusive person knows more than they should and that knowledge encompasses the types of spyware monitoring activities we listed above. Because spyware monitors a wide range of activity, the assumption is that abusive person will know all of that information. If the abusive person knows less information than spyware provides or more information than spyware provides, they might be gaining that knowledge from another source.

Strange activity on the phone

In some cases, because spyware is running on the phone, you may notice increased battery usage or data usage. If the phone has been jailbroken or rooted, the phone is less secure, which could result in faulty type behaviour on the phone, such as the phone shutting down or dropped calls.

How do I remove mobile spyware?

If you suspect that spyware is on the phone, and your goal is remove the spyware, you can reset the phone to factory setting. This should remove the spyware from the phone. The person who installed spyware will have to have access to the phone again to reinstall it. The best option, if you think your phone is compromised is to get a new phone or use a safer phone for conversations and activities that you don’t want your abuser to know about.

For further security, it is best that backups or SD cards from the previous version of the phone not be installed on to the new phone.

How do I preserve evidence of mobile spyware?

It is illegal to install spyware on devices for the purpose of spying or stalking another person. If you choose to remove the spyware, it will also remove the evidence. If your goal is to preserve the phone for evidence, it is important to work with local police, who may have a specific process on analysing mobile phones for evidence purposes. Until you speak to the police, it is best to put the phone in airplane mode and keep the phone’s battery charged.

Think about your safety

If you suspect that spyware has been installed, be aware that certain activities on the phone are being monitored, and you may not want the abusive person to know that you suspect spyware is on the phone. Talking about the spyware in text message, phone calls, in email, or near the phone might alert the abuser that you know. Also keep in mind that spyware monitors location, so you may want to be careful about where you go with the phone. If you take the phone to the police, the abuser may know that the phone is at the police station, for example, so think through of any safety issues that you might need.

If it’s not spyware, what else could it be?

There are many other products that are similar to spyware, such as parental monitoring programs. Unlike spyware, most parental monitoring programs are visible on the phone, meaning that you can see that some type of monitoring service is running on the phone. Go through your phone to see if an app was installed without your knowledge. There are some parental monitoring programs that are hidden and can’t be seen by scrolling through the phone’s apps. In this case, resetting the phone to factory setting should also remove the parental monitoring program.

Also think about whether the abusive person may have access to your accounts, such as the iCloud or Google account, email, the telco account (and your phone bills), or other social media app that might be tracking your location. Having access to those accounts could also give the abusive person similar knowledge to spyware.

How do I prevent spyware from being installed?

Since installing spyware requires physical access to the phone, the most important thing is to put a passcode on your phone to prevent someone from being able to get into your phone.
On Android phones, disable “allow installation from unknown sources” under Settings / Security.
On Android phones, select “verify apps,” which scans apps for malware. Depending on the type of phone you have, this is under Settings/Security or Google Settings/Security.
On iPhones, make sure that it is running the latest operating system.
As a general security practice, go through apps on your phone and delete apps that you no longer use. Although spyware is hidden and won’t show up as an app, removing apps that you don’t use is generally a good habit.