Skip to content

How to find hidden spy apps on Android?

  • by
  • 8 min read

Have you recently noticed that your mobile device battery drains quicker than usual, your data usage is noticeably higher, your location sign appears randomly, or you receive suspicious notifications on your device? Yes? Then, your device might have hidden spy apps or spyware.

A malicious software (malware), spyware is designed to monitor, collect and send your data to an attacker or a third party without your informed consent.

If your Android device is compromised with spyware, your personal information like messages, calls, pins, passwords, browsing history and keystrokes can be tracked and sent to the creator of the software or sold to a third party.

The Online Safety Study by AOL and the National Cyber Security Alliance showed that about 80% of the respondents’ systems were affected by spyware. To prevent your device from being infected, you should know how spyware can be delivered to your device, ways to detect its presence, and how to remove it from your device and prevent future spyware infections.

Also read: How to identify phishing scams?


Common methods of Spyware delivery

Software Bundles

Using a host application, attackers may hide spyware as add-ons or plug-ins that you would need to install or grant permission to use the host application. The spyware can usually remain on your device even after deleting the original app. The scary part is that you are the one who granted permission to install and run the spyware when you agreed to the terms and conditions when installing the host application.


Bugs

Apps and websites could have security vulnerabilities or bugs that cybercriminals can exploit to gain unauthorised access to your device. They can then directly install spyware on your device through the security vulnerabilities in the otherwise trusted app.


Phishing

Attackers could use a phishing email or an SMS to trick you into downloading a file or clicking on a link that leads to a website that can deliver malicious software to your device.


Trojans

Much like the mythological wooden Trojan Horse that appeared to be a harmless gift from the Greeks but contained hidden Greek warriors resulting in the downfall of Troy, Trojans are malware disguised as something harmless that you wouldn’t think twice before installing.

Also read: What is a Whaling Cyberattack? How is it different from Phishing?


How to spot signs of spyware on your device?

Since most spyware or hidden spy apps perform tasks without the user’s knowledge and run in the background to track user activity and send it to the software’s author, an infected device can exhibit suspicious behaviour. Some of these unusual behaviours can be identified as follows:

Excessive battery drainage

Applications with spyware scripts could use more of your battery since they may run in the background while you perform other tasks on your phone. If you notice that your battery drains out quickly after ruling out your usage or how old the device and its OS are, it could be attributed to spyware.


Spike in data usage

Check your data usage and compare it over the past few days to spot any inexplicable spikes in usage. If you notice an increase that does not correlate to your regular activities, it could be caused by a hidden spy app or spyware.


Unnecessary use of device location

Hidden apps may use your location to track your activities to send to the attacker or a third party. If you notice that the location symbol, commonly the teardrop or map marker, shows up in your notification bar even when none of the applications currently in use have permission to access the feature, it could be a sign that your device has hidden spyware.


Strange noises during calls or otherwise

If you notice disturbances and strange noises while on call, it could be that your phone calls are being tapped through a hidden spy app.

At times, your device could make strange noises when not in use. This could be due to the background activities performed by these apps.


Automatic switch-offs and reboots

Background activities carried out by the hidden spy apps could cause your device to perform unprompted tasks like switching off or rebooting without your intervention.


Suspicious notifications

Notifications could appear out of nowhere but could be coming from a hidden spy app that could have been downloaded without your knowledge.


How to find hidden Spy apps on Android?

If you notice any of the above-mentioned performance issues with your device, you can do a few things to check for hidden spy apps or spyware and remove them if you encounter anything suspicious.

It is important to back up all your essential files. It accounts onto a trusted cloud service or an external device before performing any of the troubleshooting mentioned in the segment below to avoid permanently deleting any integral data either consciously or accidentally.

Reboot your device into safe mode

To rule out system issues that could be causing your phone to exhibit odd behaviour, reboot your device into safe mode. It is a diagnostic feature Android provides to run your phone solely on the basic apps it came with, disallowing third-party apps to run.

If your device is running smoothly in safe mode, the performance issues could be caused by third-party apps, including spyware.

  • Hold the power button until options appear. Press and hold the Power off option until the Reboot to safe mode pop-up appears. Tap OK.
Screenshots showing how to reboot into Safe mode on Android.
  • Alternatively, switch off your device. Press the power button to switch it on again until the Android symbol or your device manufacturer’s logo appears. Long-press the volume down button until it reboots, which should keep your phone safe.
  • To exit safe mode, you can usually restart your device.

Scan your device

There are several ways to do this, but the quickest is scanning via Google Play Protect.

  • Go to your Play Store, tap the profile icon, and select Play Protect from the drop-down.
Screenshots showing how to find hidden spy apps on Android by scanning via Google Play Protect.

Open Play Protect, then tap Scan to scan your device for potentially harmful apps and automatically remove permissions for unused apps over the past few months.

However, since spyware is often running in the background and may be disguised as a legitimate app, the scan could overlook it. You can scan your device by downloading a trusted anti-malware app as well.


Look for apps you don’t recognise

Since spyware is installed without your knowledge, it could go unnoticed among your apps.

Make it a habit to routinely go through all your apps to check and uninstall unknown ones. You can run a quick internet check for an app you are uncertain about to look for reports suggesting malicious associations with said app.


Check app permissions

If installed via bundled software, you could have granted spyware undue permission to track your location, manage phone calls and messages, rack your browsing activities, and camera access.

Once you have performed a thorough check to uninstall any applications you don’t remember downloading, check app permissions for all your apps and only grant high-level permissions to trusted and verified apps.

If a non-essential or suspicious app requires permission to access sensitive functions like location, microphone and camera, limit its permissions or uninstall the app.

Also read: How to check and restrict app permissions on your Android device?


Check file manager for suspicious files

Much like exe files are notorious for being malicious on Windows devices, look out for APK files on your Android device. The file extension stands for Android package kit and is used to install and distribute Android apps.

What is an APK file and why are they used? | Candid.Technology

Other extensions that may be malicious are .bat, .cmd, .com, .lnk, .pif, .scr, .vb, .vbe, .vbs, .wsh

Once you’ve deleted suspicious apps, you should look through your device for any apk file that may have been downloaded as part of those apps.

You can input a suspicious apk file into VirusTotal, an online scanner for viruses and malware owned by a Google subsidiary, Chronicle Security. You can also download the VirusTotal Mobile app onto your Android device to scan your existing apps for malware.

Screenshots showing how to find spy apps on android via VirusTotal Mobile.

To avoid being a victim of spyware, be aware of applications you download, attachments you open and websites you visit.


Quick safety tips to avoid having hidden spy apps on your Android

  • Disable auto-downloads for both apps and websites so malicious software cannot download onto your device without your permission.
  • Read the terms and agreements for all apps and services you download and install to find suspicious add-ons and avoid granting unwanted permissions and access.
  • Limit your app permissions and allow access to sensitive features on your device to essential and trusted apps only.
  • Routinely scan your device with your trusted anti-virus or anti-malware app for malicious software and files.

Also read: What to do if you click on a phishing link?

Vanashree Chowdhury

Vanashree Chowdhury

Being a tech enthusiast, Vanashree enjoys writing about technology and cybersecurity. She is a designer and marketer by profession and is deeply passionate about working on campaigns for social issues. You can contact her here: vanashreec@protonmail.com

>