Our digital selves are now an established part of our identity. The emails we send, the conversations we have over social media — both private and public — as well as the photos we share, the videos we watch, the apps we download, and the websites we visit all contribute to our digital personas.
There are ways to prevent a government agency, country, or cybercriminal from peeking into our digital lives, for example, by using virtual private networks (VPNs), end-to-end encryption, and browsers that do not track user activity.
However, governments and law enforcement agencies are now taking advantage of sophisticated spyware developed and offered commercially by companies, including NSO groups. It can be extremely difficult to detect or remove when implanted on a device.
This guide will run through different forms of malicious software on your iOS or Android handset, what the warning signs of infection are, and how to remove such pestilence from your mobile devices if it is possible to do so.
How to find and remove advanced spyware from your iOS, Android phone
What is spyware?
Nuisanceware is often bundled with legitimate apps. It interrupts your web browsing with pop-ups, changes your homepage settings by force, and may also gather your browsing data in order to sell it off to advertising agencies and networks. Although considered malvertising, nuisanceware is generally not dangerous or a threat to your core security.
You then have basic spyware. These generic forms of malware steal operating system and clipboard data and anything of potential value, such as cryptocurrency wallet data or account credentials. Spyware isn’t always targeted and may be used in general phishing attacks.
Advanced spyware, also known as stalkerware, is a step-up. Often unethical and sometimes dangerous, this malware is sometimes found on desktop systems, but it is now most commonly implanted on phone. Spyware and stalkerware may be used to monitor emails, SMS, and MMS sent and received; to intercept live calls for the purpose of eavesdropping across standard telephone lines or Voice over IP (VoIP) applications; to covertly record environmental noise or take photos; to track victims via GPS, or to hijack social media apps including Facebook and WhatsApp.
Stalkerware is often downloaded to spy on someone as an individual, such as in cases of domestic abuse.
You then have government-grade commercial spyware. Pegasus is the most well-known recent case, sold as a tool to governments for combating ‘terrorism’ and for law enforcement purposes — but ultimately was found on smartphones belonging to journalists, activists, political dissidents, and lawyers.
The warning signs of attacks
If you find yourself the recipient of odd or unusual social media messages or emails, this may be a warning sign of a spyware infection attempt. You should delete them without clicking on any links or downloading any files. The same goes for SMS content, too, which may contain links to lure you into unwittingly downloading malware.
To catch a victim unaware, these phishing messages will lure you into clicking a link or executing software that hosts a spyware or stalkerware payload. If the malware is being loaded remotely, user interaction is required, and so these messages might try to panic you — such as by demanding payment or pretending to be a failed delivery notice. Messages could potentially use spoofed addresses from a contact you trust, too.
When it comes to stalkerware, initial infection messages may be more personal and tailored to the victim.
Physical access or the accidental installation of spyware by the victim is necessary. However, it can take less than a minute to install some variants of spyware and stalkerware.
If your mobile goes missing and reappears with different settings or changes that you do not recognize — or it has been confiscated for a time — this may be an indicator of tampering.
How do I know when I’m being monitored?
Surveillance software is becoming more sophisticated and can be difficult to detect. However, not all forms of spyware and stalkerware are invisible, and it is possible to find out if you are being monitored.
A giveaway on an Android device is a setting that allows apps to be downloaded and installed outside of the official Google Play Store.
If enabled, this may indicate tampering and jailbreaking without consent. Not every form of spyware and stalkerware requires a jailbroken device, though.
This setting is found in most modern Android builds in Settings > Security > Allow unknown sources. (This varies depending on device and vendor.) You can also check Apps > Menu > Special Access > Install unknown apps to see if anything appears that you do not recognize, but there is no guarantee that spyware will show up on the list.
Some forms of spyware will also use generic names and icons to avoid detection. If a process or app comes up on the list you are not familiar with; a quick search online may help you find out whether or not it is legitimate.
iOS devices that aren’t jailbroken are generally harder to install with malware unless a zero-day exploit is used. However, the presence of an app called Cydia, which is a package manager that enables users to install software packages on a jailbroken device, may indicate tampering (unless you knowingly downloaded the software yourself).
You may experience unexpected handset battery drain, overheating, and strange behavior from the device’s operating system or apps.
Surveillance without consent is unethical. In domestic situations, it causes a severe imbalance in power. If your sixth sense says something is wrong, listen to it. A physical object is not worth sacrificing your privacy and personal security.
Should your device become compromised, take back control of your right to privacy — whether or not this means replacing your handset entirely — but only if your physical safety isn’t being threatened. In those cases, you should contact the authorities and investigators rather than tamper with your handset.