Signs Your Phone is Being Monitored

Detecting stalkerware, spyware, and monitoring apps

🛡️ Safety first: If you're in an abusive relationship, be extremely careful. Checking for stalkerware could trigger alerts to the person monitoring you. Consider using a different device (library computer, trusted friend's phone) to research this. National Domestic Violence Hotline: 1-800-799-7233 or text START to 88788. They have tech safety specialists.

Phone monitoring is different from account access. Someone can read your emails by logging into your Google account from their own device. But stalkerware—monitoring software installed directly on your phone—gives them access to everything: texts, calls, photos, location, even your microphone and camera.

This guide covers both the technical signs of monitoring software and the behavioral patterns that often accompany it.

The Two Types of Phone Monitoring

Account-Based Monitoring	Device-Based Monitoring (Stalkerware)
They log into your iCloud, Google, etc.	Software installed directly on your phone
See synced data: emails, photos, location	See everything: texts, calls, apps, camera, mic
Detectable via account security checks	Often hidden from app list; harder to detect
Fix: Change password, enable 2FA	Fix: Factory reset (often the only sure way)

This article focuses on device-based monitoring. For account access, see How to Check if Someone Accessed Your Google Account.

Physical Signs Your Phone May Be Compromised

Stalkerware runs in the background constantly, which causes noticeable effects:

🔋 Battery Drains Unusually Fast

Monitoring software sends data constantly. If your battery suddenly started dying much faster—and you haven't changed your usage—this is a common sign. Check Settings → Battery to see what's consuming power.

📶 High Data Usage

Stalkerware uploads texts, photos, call recordings to remote servers. Check Settings → Cellular/Mobile Data. Look for apps using significant data that you don't recognize or don't use often.

🌡️ Phone Runs Hot

Constant background processing generates heat. If your phone is warm when you haven't been using it, something may be running.

📱 Slow Performance

Monitoring software consumes CPU and memory. If your phone became sluggish around the time you suspect monitoring started, it could be related.

🔄 Unexpected Restarts

Some stalkerware causes stability issues. Random restarts—especially at consistent times—can indicate background software updates.

🔊 Strange Sounds During Calls

Clicking, static, or echo during phone calls can indicate call recording, though this is less common with modern stalkerware.

⚠️ Important: These symptoms can have innocent explanations (old battery, buggy app, poor signal). They're red flags worth investigating, not proof of monitoring.

How to Check for Stalkerware

On iPhone

iPhones are harder to compromise because of Apple's security model. Stalkerware usually requires either:

Jailbreaking — Look for Cydia, Sileo, or Zebra apps
iCloud access — They use your Apple ID, not software on the phone
MDM profiles — Enterprise management tools misused for spying

Check for MDM profiles: Settings → General → VPN & Device Management. If you see a profile you didn't install (especially if you don't work for a company that manages your phone), this is suspicious.

Check for jailbreak: Search your phone for "Cydia" or "Sileo" apps. Also try visiting cydia:// in Safari—if it tries to open an app, your phone may be jailbroken.

On Android

Android is more vulnerable because it allows app installation from outside the Play Store. Check:

Unknown sources: Settings → Security → Install unknown apps. See which apps have permission to install other apps.
Device admin apps: Settings → Security → Device admin apps. Stalkerware often requests admin privileges to prevent removal.
App list: Settings → Apps → See all apps (including system apps). Look for vague names like "System Service," "Update Service," or anything you don't recognize.
Play Protect: Open Play Store → Profile → Play Protect → Scan. Google's scanner can detect known stalkerware.

Known Stalkerware Names

Common stalkerware apps (may appear under different names):

mSpy, FlexiSpy, Cocospy, Spyic
Hoverwatch, eyeZy, uMobix, XNSPY
TheTruthSpy, KidsGuard, Cerberus (legitimate but misused)

These apps often hide their icons or disguise themselves as system utilities.

Behavioral Signs (Often More Telling)

Technical detection is hard. Often, the person's behavior reveals monitoring:

They know things they shouldn't. They reference conversations, plans, or information they weren't part of.
They show up unexpectedly. They appear at locations they shouldn't know about.
They react to private messages. They respond to texts or emails you sent to others.
They had access to your phone. Even briefly—stalkerware can be installed in minutes.
They gave you the phone. Pre-installed monitoring is common in abusive relationships.
They're controlling about the phone. They get angry if you take it somewhere, change the passcode, or leave their sight with it.

What Stalkerware Can Actually See

Understanding capabilities helps you assess your risk:

Data Type	Typically Accessible?
Text messages (SMS/iMessage)	✅ Yes
WhatsApp, Signal, Telegram messages	✅ Yes (usually)
Phone call logs and recordings	✅ Yes
Photos and videos	✅ Yes
GPS location (real-time)	✅ Yes
Browsing history	✅ Yes
Email (if app is on phone)	✅ Yes
Social media activity	✅ Yes
Microphone recording	⚠️ Sometimes (premium features)
Camera access	⚠️ Sometimes (premium features)
Keystrokes (passwords)	⚠️ Some apps

What To Do If You Find Stalkerware

🚨 Critical decision: Removing stalkerware alerts the person monitoring you. If you're in danger, plan your next steps carefully before removing anything. Consider contacting a domestic violence advocate first.

If You're Safe to Remove It

Document first. Screenshot the app, its permissions, and any evidence it exists.
Factory reset. This is the only reliable way to ensure removal. Back up photos/contacts first (to a NEW account they don't have access to).
Set up fresh. Use new passwords for everything. Enable 2FA. Don't restore from old backups (they may be compromised).
Consider a new phone number. If they have access to your carrier account, they can still intercept calls/texts.

If You're Not Safe

Removing stalkerware can escalate abuse. Consider:

Get a second phone. A cheap prepaid phone they don't know about for sensitive communications.
Use public computers. For research and planning they can't see.
Contact advocates. National Domestic Violence Hotline: 1-800-799-7233. They have tech safety experts.
Make a safety plan before taking action that might alert your abuser.

The Account Monitoring Connection

Even if your phone is clean, they might monitor you through your accounts. Stalkerware is one vector; account access is another—and often easier.

Check your accounts for unauthorized access:

Check Google/Gmail account access
Check Facebook/Instagram account access
Check iCloud: Settings → [Your Name] → Devices (on iPhone)

ForensAI analyzes your account data exports (Google, Apple, Facebook, Instagram, Microsoft, Dropbox, Snapchat, TikTok & X) to detect suspicious access patterns—logins from unknown devices, impossible travel, activity while you were asleep, and 20+ other risk patterns. It runs 100% on your device, so the analysis itself can't be monitored.

Download ForensAI Free — Check Your Accounts

Free scans show top findings. Full Forensics ($179) unlocks complete analysis + PDF reports for legal documentation.

Resources

National Domestic Violence Hotline: 1-800-799-7233 or thehotline.org
Coalition Against Stalkerware: stopstalkerware.org — Detection tools and resources
Safety Net Project: techsafety.org — Tech safety for survivors

ForensAI is an educational tool. If you're in immediate danger, contact law enforcement or a domestic violence hotline. For legal matters, consult an attorney.