Consumer-grade spyware apps, often labeled as “stalkerware” or “spouseware,” continue to pose significant risks for Android users by covertly monitoring private messages, photos, phone calls, and real-time location. According to TechCrunch, this guide outlines steps to identify and remove such surveillance apps, including TheTruthSpy, Cocospy, and Spyic.
Identifying and removing stalkerware
These spyware applications are frequently marketed as child monitoring or family-tracking tools but can also track partners or spouses without consent. They are typically downloaded from outside of the Google Play Store and can vanish from the home screen to evade detection.
Stalkerware exploits built-in Android features that are generally used for corporate phone management or leverages Android’s accessibility mode to gain unauthorized access to user data. Users may notice unusual behavior on their devices, such as increased temperature, slower performance, or excessive data usage, even when not actively using the phone.
XCSSET malware is back and it’s more dangerous than ever
Prior to proceeding, it is crucial to have a safety plan and trusted support, as removing spyware may alert the individual who installed it, potentially leading to unsafe situations. The Coalition Against Stalkerware offers resources and advice for victims and survivors. This guide focuses solely on identifying and removing spyware apps, and does not eliminate any data that has already been collected and sent to external servers.
Steps to secure your device
To begin, confirm that Google Play Protect is enabled. Google Play Protect safeguards against harmful Android apps by scanning those from Google’s app store and other sources for malicious activity. If Play Protect is disabled, these protections will not function. Users can verify Play Protect’s status in the Play Store app settings and also perform a scan for harmful apps.
Next, review any changes to accessibility services. Stalkerware often abuses Android’s accessibility mode, which provides broader access for features like screen readers. If users do not utilize accessibility features, their settings should be empty. Any unknown services listed should be turned off and removed. Stalkerware may masquerade as innocuous apps named “Accessibility,” “Device Health,” or similar titles.
Assess which apps have access to notifications. Android allows certain third-party apps to access notifications, which stalkerware can exploit for continuous monitoring. Users can review notification access by going to the Special app access settings. Any unfamiliar app should have its notification access revoked.
Check for installed device admin apps. These features grant extensive access to Android devices and can be abused by stalkerware for snooping purposes. Typically, device admin functions are used by companies to manage employee phones. Users should navigate to Settings under Security to find device admin apps and be cautious of any unidentified applications with obscure names.
Users should also review apps to uninstall. While stalkerware apps might not appear on the home screen, they will generally be listed in the device’s app settings. Users should look for any unrecognized apps that may have broad permissions to access calendar, call logs, camera, contacts, and location data. Note that force stopping or uninstalling these apps may signal to the person who installed them that they are no longer operational.
Finally, secure the device to prevent future breaches. If stalkerware was installed, this may indicate the device was previously unprotected or that the screen lock was compromised. Implementing a stronger screen lock and using two-factor authentication for online accounts can help enhance security.
Featured image credit: Denny Müller/Unsplash
