CONNECT WITH US

Stalkerware (or “spyware”) is commercially available software that someone installs on your phone without your consent to secretly monitor you. Products like mspy, FlexiSPY, Spylix, Spyx, and YeeSpy are sold online, often disguised as “parental control” or “employee monitoring” tools.

They are designed to give an abuser a complete, secret window into your life by:

• Reading all your text messages (SMS, iMessage, WhatsApp, Signal)
• Tracking your real-time GPS location
• Viewing your photos, videos, and call logs
• Accessing your social media and dating app messages
• Logging everything you type (including passwords)
• Remotely turning on your microphone or camera

The “Digital Gaslighting” Trap

You know something is wrong. You feel watched. Your abuser knows things they shouldn’t. But when you take your phone to a repair shop or even your carrier, the technician runs a standard virus scan and tells you the phone is “clean.”

This experience is incredibly isolating and can make you feel like you’re imagining things. You are not.

This is “digital gaslighting,” and it happens for two main reasons:

1. It’s Not a “Virus”: A technician’s tool is looking for traditional malware—a program that tries to steal your money or data for a stranger. Stalkerware is different. It’s a “legitimate” commercial product that a “user” (the abuser) paid for and intentionally installed. It’s not a virus; it’s a weapon.
2. It’s Designed to Be Invisible: This software doesn’t just “hide the icon.” It embeds itself into the phone’s processes and disguises itself with a generic, boring name like “System Service,” “Update,” “Analytics,” or “DeviceHealth.” It’s designed to look like a normal part of the phone’s operating system, so a standard scan skips right over it.

The takeaway: Trust your instincts. A “clean” scan does not mean you are safe. It just means the tool isn’t looking for the right thing.

The first sign is usually not technical—it’s behavioral. Your partner, ex-partner, or family member knows private details about your conversations, your location, or your plans that they have no other way of knowing.

However, the software running 24/7 can leave technical clues in some cases such as the below. However modern software will leave no trace including the below. It does not mean your device hasn’t been compromised if it does not have these issues:

• Sudden Battery Drain: Your phone is dying much faster than usual. The stalkerware is constantly recording, packaging, and uploading data, which is power-intensive.

• Constant Overheating: The phone feels warm or hot to the touch, even when it’s idle and the screen is off.

• Unexplained Data Spikes: You get high data usage warnings from your mobile provider. The app is using your data plan to upload your photos, videos, and audio recordings.

• Strange 2FA Codes: You receive a Two-Factor Authentication (2FA) pop-up or text message with a code (e.g., from Apple or Google) that you did not request. This is a major red flag that someone is actively trying to log into your accounts.

• Weird Reboots or Delays: The phone takes a long time to shut down, reboots on its own, or is suddenly very laggy. The spyware might be interfering with the phone’s normal operation.

• Suspicious Text Messages: You receive a text message with just a random string of letters and numbers (e.g., *#set_mic_on123). This can be a “remote command” sent by the abuser to the app.

This is not a high-tech “hack” from a movie. It is almost always an act of betrayal. There are three primary ways an abuser can compromise your phone.

Method 1: The “Unlocked Phone” Attack (Physical Access)

This is the most common method for all Android phones and for jailbroken iPhones. The abuser needs 5-10 minutes alone with your unlocked phone.

• Affected Software: mspy (Android version), FlexiSPY, Spylix (Android), Spyx, YeeSpy.
• How They Do It:

1. Get Your Unlocked Phone: They wait until you are in the shower, asleep, or have left your phone unattended.
2. Bypass App Stores: They use the phone’s web browser (like Chrome or Safari) to go directly to the stalkerware website (e.g., flexispy.com). They cannot be found in the official Google Play or Apple App Stores.
3. Change Security: On an Android phone, they go into your settings and enable “Install from unknown sources” or “Install unknown apps.” This allows them to “sideload” the app.
4. Install & Grant Permissions: They download the app file (an .apk on Android), install it, and then grant it every dangerous permission it asks for: Device Administrator, Accessibility, microphone, camera, location, etc.
5. Hide the Evidence: The app’s final step is to hide its own icon. The abuser then clears the browser history and deletes the download file. The phone looks identical to how they found it, but it is now compromised.

• Risk Assessment: If your abuser has had your unlocked Android phone out of your sight for even a few minutes, you must assume this has happened.

Method 2: The “Stolen Password” Attack (iCloud Access)

This is the primary method used to monitor iPhones without installing any software on the phone itself. It is a “no-jailbreak” solution.

• Affected Software: mspy (iOS version), Spylix (iOS), Spyx, YeeSpy.
• How They Do It:

1. Steal Your Credentials: The abuser only needs one thing: your Apple ID email and password. They may have gotten this by looking over your shoulder, by forcing you to tell them, or by guessing a weak password.
2. Log In as You: The abuser buys the stalkerware (e.g., mspy) and logs into their dashboard. They enter your Apple ID credentials.
3. Bypass 2FA (The Critical Step): If you have Two-Factor Authentication (2FA) enabled, your iPhone will light up with a pop-up saying “Apple ID Sign In Requested” with a map and a 6-digit code. The abuser, who is near you, will say, “Hey, my phone is acting weird, can you read me that code?” or “I just got an Apple alert, approve it.” If you give them that code, you have given them the key.
4. Download Your Backup: The stalkerware service now logs into your iCloud account as you from its own servers. It silently downloads your iCloud backups, which contain your iMessages, photos, call logs, location history, and more.

• Risk Assessment: If your abuser knows your Apple ID password or has ever “helped you” with a 2FA code, you must assume your cloud data is compromised.

Method 3: The “Malicious Link” Attack (Phishing & Deception)

This method relies on tricking you into installing the spyware yourself. The abuser doesn’t need to be a hacker, they just need to be a convincing liar.

• Affected Software: General malware, but also a delivery method for some stalkerware.
• How They Do It:

1. The Lure (Phishing): The abuser sends you a text message (known as “smishing”) or an email. It’s designed to create panic, curiosity, or trust.
2. Panic: “There’s a problem with your delivery, click here: [malicious_link]”
3. Curiosity: “OMG, is this you in this photo? [malicious_link]”
4. Trust: “Our bank requires you to install this new security update: [malicious_link]”
5. The “Gift”: A common and cruel tactic is for the abuser to give you a “gift” of a new phone, tablet, or even a USB drive, which already has the spyware pre-installed.
6. The Trick: When you click the link, it takes you to a fake website that looks legitimate. It will ask you to download and install an app (an .apk on Android). It may be disguised as “Adobe Flash,” a “Video Player,” a “System Update,” or even a “Calculator.”
7. You Grant Permission: The app will ask for all the same dangerous permissions as in Method 1 (access to mic, camera, location). Because you believe it’s a legitimate app, you are likely to click “Allow.” The app then hides its icon and begins spying.

• Risk Assessment: If you have ever clicked a suspicious link or installed an app from a text/email sent by your abuser (or a “gift” phone from them), you must assume the device is compromised.

Stop. Breathe. You are not alone. Do not act in panic. Your safety is the number one priority. This plan is broken into phases. Do not skip to the final phase (removal) until you are safe and have a plan.

Phase 1: Establish Your Safe “Lifeline” (The Decoy Strategy)

This is your most important move. It involves getting a new, safe device (a “lifeline phone”) that the abuser knows nothing about, while continuing to use your current, monitored device (the “decoy phone”) to maintain normalcy.

1. Acquiring Your Safe Phone The goal is to buy a device that cannot be traced back to you.

• Pay with Cash: Do not use a debit/credit card from a shared account or any account the abuser can see. Use cash you have saved or that a trusted friend has given you.
• Buy Anonymously: Purchase a simple, pre-paid, no-contract phone (a “burner phone”) and a pre-paid data/minutes card with cash from a store you do not normally visit, preferably in a different town.
• Get a “Clean” Hand-Me-Down: A trusted friend or family member’s old, factory-reset phone is also a good option, only if you are 100% certain the abuser does not know about this person’s new-found help.

2. Setting Up Your Safe Phone This device must never be contaminated by your old accounts.

• Set It Up Away From Home: Do not set up the phone at your home, work, or anywhere you frequent. Do not connect it to your home or work Wi-Fi. Use the mobile data you purchased or a public Wi-Fi (like at a library or coffee shop far from home).
• Create a New, Anonymous Account: The phone will require a Google (Android) or Apple ID (iPhone) to function.
  • DO NOT use your existing account.
  • Create a brand new email address (e.g., at ProtonMail or a new Gmail) on a safe computer (like at a library).
  • Use this new email to create the new Google/Apple ID.
  • Use a password you have never used before. Do not use pet names, birthdays, or anything the abuser could guess.
• Do Not Import Anything: Do not restore from a backup. Do not import your old contacts. Manually add only the essential numbers you need for safety planning (your advocate, a shelter, a lawyer, a trusted friend). Give them “code names” in your contacts if you’re worried.

3. Using Your Safe Phone (Your “Lifeline”) This phone is for safety only.

• NEVER Bring It Home: This is the most critical rule. The abuser must never see, find, or know about this phone.
  • Leave it in your locked desk at work.
  • Leave it with the trusted friend.
  • Hide it in a secure locker (like at a gym).
• Keep It Off: Only turn it on when you are in a safe place and need to use it. When you are finished, power it completely off.
• Strictly for Safety: Use this phone only for:
  • Calling domestic violence hotlines.
  • Contacting lawyers, shelters, or support services.
  • Searching for safety plans, new apartments, or jobs.
  • Communicating with your trusted support system.
  • DO NOT EVER USE IT TO CONTACT SOMEONE ELSE WHO MAY ALSO BE COMPROMISED – revealing your secret device.

4. Using Your Monitored Phone (Your “Decoy”) This phone is now a tool you will use to protect yourself by making the abuser believe everything is normal.

• Act Normal: Continue to use this phone exactly as you always have.
  • Text your family and friends about “normal” (non-sensitive) things.
  • Check the weather.
  • Scroll social media.
• NEVER Use It for Safety: Do not use this phone to search for help. Do not text anyone about the abuse, your plans, or your new safe phone. Assume the abuser is reading every single keystroke.
• The Advanced Decoy (Use with Caution): Once you are ready and have a plan, you can use this phone to create a false trail.
  • If you are planning to go to a shelter (using your safe phone), you could text a friend (on your decoy phone), “I’m so exhausted, I’m going to my mom’s for the weekend to sleep.”
  • This “feeds” the abuser false information, which can give you a head start.

Phase 2: Investigate (When You Are Safe)

Once you have your “lifeline” phone, you can use it to research how to check your monitored device. Do not perform these checks if the abuser is nearby or can check the phone right after you. Only do this when you are out of reach of the abuser entirely and will not see them again. 

On an iPhone:

1. Check Your Apple ID Device List: This is the most important check for the “Stolen Password” attack.
   • Go to: Settings > [Your Name] (at the very top).
   • Scroll down. You will see a list of all devices signed into your Apple ID.
   • If you see any “Mac,” “PC,” or “iPhone” you do not recognize, that is likely the stalkerware service. (Do not remove it yet, just take note).
2. Run Apple Safety Check: If your iPhone is on iOS 16 or newer, this tool is built for this exact situation.
   • Go to: Settings > Privacy & Security > Safety Check.
   • Use “Manage Sharing & Access” to see (not yet change) who and what apps have access to your data.
3. Look for Jailbreak Apps: Look on your home screens for an app called “Cydia” or “Sileo.” If you see either, your phone is jailbroken and compromised.

On an Android Phone:

1. Check Device Admin Apps: This is where the most dangerous spyware hides.
   • Go to: Settings > Security & privacy > Other security settings > Device admin apps.
   • Look at the list. Only “Find My Device” and “Google Play Protect” should be there.
   • If you see anything else with a generic name (“Update,” “System Service,” “DeviceHealth”) that you cannot deactivate, this is a major red flag.
2. Check Accessibility Settings: This is the other main hiding place.
   • Go to: Settings > Accessibility.
   • Look under “Downloaded apps” or “Installed services.”
   • Stalkerware needs this permission to read your screen and messages. If you see any app here that shouldn’t have this total control, it is deeply suspicious.
3. Check “Install Unknown Apps”:
   • Go to: Settings > Apps > Special app access > Install unknown apps.
   • See which apps have this permission. No app (especially not Chrome, or your browser) should have this “Allowed” unless you are 100% sure you did it.

Phase 3: Secure & Remove (When You Have a Full Safety Plan)

DO NOT start this phase until you are in a safe location, have a safe device, and are ready for the abuser to lose access. When they are cut off, their behavior may escalate.

Option A: The “Cloud Attack” (iCloud / iPhone) Fix If your investigation suggests the “Stolen Password” attack (Method 2), this is the fix.

1. On your safe device (a friend’s phone or computer), go to appleid.apple.com.
2. Sign in and immediately change your Apple ID password. Make it long, complex, and something the abuser could never guess.
3. When asked, choose to “Sign out of all other devices.”
4. This one step will lock out the abuser, the stalkerware service, and any other device you don’t have in your hand.
5. Double-check your 2FA settings and ensure the trusted phone number is your new, safe number.

Option B: The “Physical” & “Malicious Link” Fix (The Factory Reset) If you have an Android phone, a jailbroken iPhone, or suspect any app was installed on your device (Methods 1 or 3), this is the only 100% effective removal method.

1. Back Up What You Can’t Lose: Manually save your photos, videos, and important contacts to a cloud service (like Google Photos or a new, safe iCloud account) from a clean computer. DO NOT create a full “device backup.”
2. Perform the Reset:
   • iPhone: Settings > General > Transfer or Reset iPhone > Erase All Content and Settings.
   • Android: Settings > System > Reset options > Erase all data (factory reset).
3. Set Up as New: This is the most important step. When your phone restarts, it will ask if you want to “Restore from a backup.” DO NOT DO THIS. Restoring from your old backup will simply re-install the stalkerware. You must “Set up as new device.”

This method will help you return to a device that should be clean, however it is not 100%. The best solution would be to start from complete scratch on all accounts, devices and other items or electronics the abuser had access to.

1. Secure Your Device: Use a new 6-digit PIN (not your birthday or 123456) or, better yet, a strong alphanumeric passphrase. Use Face ID or a fingerprint. Never let your partner see you enter your passcode.

2. Secure Your Accounts: Your email is the key to your entire digital life. Your Apple ID / Google Account is the key to your phone. Change these passwords first from a safe device.

3. Enable 2FA Everywhere: Turn on Two-Factor Authentication for your Apple/Google account, your email, your bank, and your social media. Make sure the 2FA codes are sent to your new, safe phone number.

4. Trust Yourself: You know your situation better than anyone. This guide provides technical knowledge, but you are the expert on your own safety. Use this information as part of a larger safety plan created with a trained advocate.