How Stalkerware Gets Installed on Phones Without You Knowing

Fact-checked by the SnapMessages editorial team

Stalkerware on phones is commercial surveillance software installed covertly to track a target’s location, messages, calls, and even microphone activity without their knowledge. According to Kaspersky Lab’s 2024 stalkerware report, detections remained elevated globally, with intimate partner abuse accounting for the majority of documented cases.

The threat is growing because modern stalkerware is cheap, widely available, and designed specifically to evade detection — making it one of the most underreported forms of digital abuse today.

How Does Stalkerware Get Installed on a Phone?

Stalkerware is almost always installed through one of three methods: direct physical access to an unlocked device, a malicious download link sent via text or email, or a disguised app bundled with legitimate software. Physical access is by far the most common vector in domestic abuse cases, because the abuser often already knows the device passcode.

On Android, installing stalkerware typically requires enabling “Unknown Sources” or “Install Unknown Apps” in the device settings — a process that takes less than two minutes on an unlocked phone. On iPhones, it usually requires the device to be jailbroken first, though some monitoring tools exploit iCloud credentials without ever touching the phone.

Phishing and Malicious Links

Stalkerware is also spread through smishing — fraudulent SMS messages containing download links disguised as software updates, package tracking notifications, or photo-sharing invites. If you are unfamiliar with this vector, our guide on what smishing is and how to protect yourself explains exactly how these attacks work.

Once a user taps the link and grants permissions, the app installs silently and hides its icon. The entire process can complete before the victim realizes what has happened.

What Can Stalkerware on Phones Actually Monitor?

Once installed, stalkerware can access nearly every data layer on a smartphone — far beyond simple location tracking. Modern stalkerware products marketed as “parental controls” or “employee monitoring tools” routinely include capabilities that go well beyond any legitimate oversight purpose.

According to the Federal Trade Commission’s 2023 enforcement guidance on stalkerware, the FTC has taken action against apps that secretly harvested GPS coordinates, text messages, photos, browsing history, and ambient audio. Some tools log every keystroke typed on the device.

Common Stalkerware Capabilities

• Real-time GPS location tracking
• Call logs and live call interception
• SMS and messaging app content (including encrypted apps)
• Camera and microphone activation
• Keylogging and password capture
• Social media and email access
• Browser history and bookmarks

Apps like FlexiSPY, mSpy, and Hoverwatch are sold openly online and can exfiltrate data to a remote dashboard accessible by the installer. This makes stalkerware on phones a persistent threat even after a phone is factory reset if cloud backups are compromised.

What Are the Warning Signs Stalkerware Is on Your Phone?

Stalkerware is built to be invisible, but certain behavioral signals betray its presence. Battery drain, unusual data usage spikes, and unexpected heat from the processor are the three most common early indicators that a background process is actively transmitting data.

You should also be concerned if your device’s settings have changed without your input — particularly if “Unknown Sources” is enabled on Android, or if you notice an unfamiliar device listed under your Apple ID’s trusted devices. Our broader guide on how to tell if your phone has been hacked covers additional red flags that apply directly to stalkerware infections.

Behavioral Red Flags to Watch

• Phone battery depletes 30–50% faster than normal with no new apps installed
• Mobile data usage exceeds typical patterns, especially at night
• Screen lights up spontaneously without notifications
• Abuser references private conversations or locations they should not know
• Phone is warm even when not in active use
• Unusual background noise during calls

The Coalition Against Stalkerware, a nonprofit alliance including Kaspersky, ESET, and domestic violence organizations, recommends that victims use a separate, trusted device to research detection steps — never the potentially compromised phone itself.

How Do You Remove Stalkerware From a Phone?

Removing stalkerware safely requires a careful, deliberate approach — acting too quickly can alert an abusive partner and escalate danger. Security experts universally advise creating a safety plan before removal, not after. If you suspect your messages are under surveillance, our guide on how to tell if your messages are being monitored provides additional context for assessing your exposure first.

The safest removal method for most users is a factory reset combined with restoring from a backup created before the suspected installation date. However, this only works if you can identify when the stalkerware was installed — and if your cloud backup itself has not been compromised.

Step-by-Step Removal Approach

1. Use a separate, clean device to research your situation
2. Run a reputable mobile security scanner (Malwarebytes, ESET Mobile Security) to confirm the threat
3. Contact the National Domestic Violence Hotline if physical safety is a concern
4. Perform a full factory reset only when it is physically safe to do so
5. Restore only from a pre-infection backup or set up the device as new
6. Change all account passwords from a separate, clean device

After removal, you should also secure your personal data by auditing which accounts the stalker may have accessed and enabling strong authentication on all of them. Enabling two-factor authentication on every account is a critical post-removal step that most guides overlook.

How Do You Prevent Stalkerware on Phones in the First Place?

Prevention centers on controlling physical access to your device and maintaining disciplined app hygiene. A strong, unique passcode that no other person knows is the single most effective barrier against covert stalkerware installation.

Beyond passcodes, regularly auditing your installed apps for anything unfamiliar — particularly apps with broad permissions like microphone, camera, and location access — can catch stalkerware early. On Android, check Settings > Apps > See All Apps and look for anything you do not recognize. On iOS, review Settings > Privacy & Security to see which apps have access to sensitive sensors.

Proactive Security Habits

• Use a biometric lock (fingerprint or Face ID) combined with a strong PIN — never share it
• Keep your operating system and apps updated to patch known vulnerabilities
• Never click links in unsolicited texts — verify senders before opening
• Review app permissions quarterly and revoke unnecessary access
• Do not allow others to “borrow” your unlocked phone, even briefly

Using encrypted messaging apps with disappearing messages adds another layer of protection. If you want to explore private communication options, see our comparison of Signal vs Telegram for privacy — two of the most stalkerware-resistant platforms available today. You might also consider setting up a secret chat on your phone for sensitive conversations.

Frequently Asked Questions

Can stalkerware be installed on an iPhone without jailbreaking it?

Yes — some stalkerware tools exploit iCloud credentials to access backups, contacts, photos, and location data without ever touching the device. An attacker only needs the target’s Apple ID and password to access synced data remotely. This is why using a strong, unique Apple ID password and enabling two-factor authentication is critical.

How long does it take to install stalkerware on a phone?

Physical installation of stalkerware on an Android device typically takes between 2 and 5 minutes with an unlocked phone. Some tools are specifically designed to install and hide themselves before a screen timeout occurs. This is why physical control of your unlocked device is the most important preventive measure.

Will a factory reset remove stalkerware completely?

A factory reset removes all installed software, including stalkerware, when the device is set up as a new phone afterward. Restoring from a compromised backup can reinstall the threat, so identify the approximate infection date first. Always change all account passwords from a separate, clean device after the reset.

Is stalkerware illegal?

Installing stalkerware on another person’s device without their consent is illegal in most U.S. states and many countries under computer fraud and electronic surveillance laws. The FTC has taken enforcement action against stalkerware vendors for enabling covert surveillance. Legal consequences for the installer can include criminal charges and civil liability.

What is the difference between stalkerware and parental monitoring apps?

Legitimate parental monitoring tools require device owner consent, operate transparently, and are disclosed to the monitored user — typically a minor. Stalkerware is defined by its covert operation: it hides its icon, disguises its processes, and is designed so the target never knows it exists. The Coalition Against Stalkerware identifies covert intent as the defining legal and ethical distinction.

Can anti-virus software detect stalkerware on phones?

Yes — mobile security tools from Malwarebytes, ESET, Norton, and Kaspersky detect most known stalkerware variants. Detection rates vary because stalkerware vendors frequently update their code to evade signatures. Running a full scan with an updated security app is the fastest first step to confirm or rule out an infection.