detect spyware iPhone

Spyware, as the name suggests, is a type of malware that spies on you. It does this by hiding on your device (such as your iPhone) and making itself difficult to detect. Its aim is to collect data, be it your browsing history, login details, or bank information. This is typically done through a keylogger, although some spyware uses your iPhone’s camera. The data that spyware gathers may end up in the hands of an advertiser, data firm, or a hacker looking to commit identity theft.

Needless to say, spyware can pose a number of problems. This can be something relatively mild (but nonetheless annoying) such as pop-up ads to more serious issues like stalking. It can also have an impact on your device’s performance. The fact that spyware is hard to detect means it can successfully stay on a device for an extended period of time. In this post, we’ll explain everything from how it works to how you can detect it and remove it from your iPhone.

What are the different types of spyware?

All spyware has the same intention of monitoring for information, be it credit card details or login credentials. The multiple types of spyware vary based on how they’re deployed as well as how they record this information:


Adware is software that displays unwanted ads on your device. Not all adware is spyware. Legitimate apps and websites use adware to display ads. However, spyware can be hidden within adware, allowing adware to log your data and sell the information to third parties. Indeed, adware may even serve malicious ads that can bring about even more security issues. Of course, adware can also be a frustrating experience and prevent you from freely using your device.


trojan is a type of malware that’s disguised as legitimate software. Once you’ve been tricked into downloading and installing it, it can then start stealing confidential information from your device. An example of a trojan is a pop-up message that appears on your iPhone warning of a virus. You’ll be prompted to remove the virus but spyware will be secretly installed onto the device without your knowledge.


Keyloggers are applications designed to record keystrokes. This is anything you type, be it emails, passwords, or online banking details. Some keyloggers can be programmed to monitor for a specific keystroke such as “@”. We use this sign to type out an email which is often followed by a password when signing into an account. The software then sends all of this information to another server where cybercriminals can take advantage of it.

Tracking cookies and web beacons

Cookies are small text files that contain data about you. Normal cookies can provide a level of convenience in that they can remember your data (this makes filling out forms much faster, for example). But tracking cookies persist even after you leave the website where you got them, allowing you to be tracked. You can also be served with ads that are more relevant based on your browsing habits. Tracking cookies can be blocked or disabled through various means, such as an ad blocker.


An infostealer is a type of trojan which may be deployed via a malicious attachment or malvertising. Infostealers gather data such as login credentials, credit card data, emails, and cryptocurrency wallets. Data can be acquired through tactics such as keylogging and web injection scripts. This information is then sent to a server controlled by the attacker and ultimately sold, often on the dark web.

System monitors

System monitors run in the background on your device. They can capture almost everything a user does including websites visited and emails sent and received. As such, system monitors are capable of capturing some very sensitive information. This is typically achieved through screenshots and keylogging. Data is then transmitted to a remote server controlled by the attacker.


rootkit is software used by cybercriminals in order to remotely access and gain control of a device. With a rootkit, malicious software such as spyware can be installed. This allows cybercriminals to spy on your activity as well as steal your data. Rootkits are designed to stay hidden and can therefore be particularly difficult to detect.


Stalkerware is malware that is often packaged in apps. There’s no shortage of things it can do such as track GPS locations, record phone calls, and retrieve emails, private messages, and photos. Stalkerware is often used to spy on partners, and has even become a weapon for domestic abusers. It’s able to hide itself on a device or even disguise itself as an innocuous app such as a calculator or calendar.

Browser hijackers

Browser hijackers sometimes come bundled with free software. A browser hijacker modifies a user’s internet browser settings, changing a user’s homepage and search engine. Some other consequences of browser hijackers is that they can spam your browser with ads, redirect you to malicious sites, and steal your data.

How does spyware work?

When spyware works as intended, you won’t know you have it on your device. There are three main steps in the spyware process:

  • Infection: First, spyware is unknowingly installed on your device. Spyware can be found on malicious websites, email attachments, and software downloads. Clicking on a particular link or opening an attachment can be enough to install spyware.
  • Monitor and capture: Now that the spyware is installed, it can run in the background without your knowledge. It will now monitor and capture data through tactics such as keylogging and screen captures. Some spyware may even activate your iPhone’s camera and microphone.
  • Send data: Collected data is sent to a remote server controlled by the attacker. This may be for the attacker’s own use (such as identity theft) or it may be that the data is then sold to a third party such as a data broker.

What are the consequences of spyware?

Spyware poses significant risks to individuals as well as organizations. Such risks can have serious consequences when it comes to security and privacy. Here are some of the key risks associated with spyware:

  • Blackmail: With enough personal information gathered, a cybercriminal could blackmail a victim into complying with their demands (typically financial). This is particularly the case if the spyware records sensitive data such as private messages or photos.
  • Identity theft: If spyware captures information such as Social Security numbers and credit card details, it can be used to carry out identity theft. This can result not only in immediate financial losses, but also long-lasting credit score damage.
  • Stalking/harassment: Spyware provides the ability to monitor messages, online activities, and even location. This can of course provide a threat actor with enough ammo to stalk and harass their victim.
  • Poor performance: One of the telltale signs of spyware is that it can cause slow device performance due to the amount of resources it consumes. Not only can this significantly drain your battery, it can even cause your device to crash or become unresponsive.
  • Financial loss: Should spyware capture financial information, it can lead to unauthorized charges and transactions. Other possibilities include fraudulent loan or credit card applications. When it comes to financial loss caused by spyware, legal fees and recovery costs can also be a factor.
  • Credential theft: Spyware can steal all kinds of user data and this includes the theft of credentials. Credential theft is the stealing of usernames and passwords. This allows an attacker to gain access to an account, system, or network, and potentially gather even further sensitive information.

How to detect spyware on iPhone

There’s nothing good about having spyware on your iPhone (or on any other device you own). Fortunately, there are signs to look out for to identify and ultimately remove it entirely.

Signs you might have spyware on your iPhone:

  • Overheating: Spyware can consume a lot of data and this makes your iPhone work harder. This can cause it to overheat as a result.
  • Drained battery: Your battery is vulnerable to spyware because spyware constantly runs in the background.
  • Pop-up ads: Adware sometimes comes bundled with spyware which is why if you start seeing pop-up ads on your iPhone, Spyware might also be present.
  • Heavy data usage: Spyware uses your device’s data as it monitors and collects your information. Heavy data usage is a sign of this.
  • New apps: If you find a new app on your iPhone that you didn’t install, it might be the work of a third party, be it parents or a suspicious partner!
  • Forced redirects: A browser hijacker can redirect you to an unwanted website. This site may infect your device with spyware.
  • Changed settings: Your default search engine or web browser being changed without your knowledge or permission can also be a sign of spyware such as a browser hijacker.

Remember, all of the above can be caused by factors other than spyware. However, if you’re experiencing some of the above then it’s worth looking into further.

How to remove spyware on iPhone

One of the best ways to remove spyware on an iPhone is to use antivirus software that includes a spyware removal tool. For example, Avast One has a free anti-spyware and scanner removal tool. A paid alternative would be TotalAV Antivirus which again offers protection from spyware on iOS.

While you can use antivirus software to detect and remove spyware on iPhone, that’s not the only way to go about it.


Norton Antivirus is offering a fully-featured risk-free 60-day trial if you sign up at this page. This means you can use the Antivirus rated #1 by Comparitech with no restrictions for 2 months.

There are no hidden termsjust contact support within 60 days if you decide Norton Antivirus isn't right for you and you'll get a full refund. Start your Norton trial here.

Update your software

Failing to keep software and apps updated is a common cause of security issues on iPhone. Hackers are constantly looking to exploit vulnerabilities which are ultimately fixed by Apple through security updates (patches). However, if you don’t update to the newest version of iOS or the latest version of an app, then your device can still be at risk.

Here’s how to update to the latest iOS on iPhone:

  1. Start by clicking on the Settings app icon.
  2. Scroll down and select General > Software Update.
  3. If there’s a new software update, you’ll now see its details.
  4. Tap on Download and Install and then agree to the Terms and Conditions.
  5. Enter your password to start the download and install process.

Keeping apps updated can also prevent security issues such as spyware from taking over your iPhone.

Here’s how to update apps on iPhone:

  1. Open the Apple App Store.
  2. Tap your profile icon.
  3. Scroll down to see which apps have available updates.
  4. Click Update All or individually select Update next to a specific app.

Remove suspicious apps

If you’ve found an app that you didn’t download, it may have been installed without your permission by someone you once trusted. If there’s a chance the app is spying on you, you’ll obviously want to remove it from your iPhone.

Here’s how to remove an app on iPhone:

  1. Find the suspicious app on the home screen.
  2. Touch and hold the app icon.
  3. Tap Remove App followed by Delete App.

Perform a factory reset

If you’ve tried the above and still believe you have spyware, your best bet is performing a factory reset of your iPhone. It’s important to know that this will erase all data from your device so you must back up your data via iCloud or iTunes. However, it’s little good restoring data that still includes spyware. If you have a backup from before the spyware was installed, this should ensure it isn’t reinstalled on your device.

Here’s how to perform a factory reset on iPhone:

  1. Click Settings and scroll down to General.
  2. Scroll down to the bottom and select Reset.
  3. Select Erase All Content and Settings.
  4. Tap to confirm.

Spyware on iPhone: FAQs

Can spyware be installed on an iPhone remotely?

Spyware allows a malicious actor to remotely monitor your iPhone activity and collect data. It can be installed on your iPhone remotely or locally. Spyware doesn’t require someone to gain physical access to your device (although it can also be installed this way as well).

Spyware can be installed onto an iPhone remotely via a malicious app, for example. You can reduce the risk of this through the use of antivirus software and by exercising caution over the apps you have on your device. Physical access can be prevented by securing your device with a strong passcode, Touch ID, or Face ID.

Is spyware legal?

This is a difficult question to answer because laws vary by country. Spyware is usually legal but it’s often illegal to install it on a device without the device owner’s knowledge or consent. There are some exceptions such as if parents are monitoring their child’s device. Remote work tools that monitor keystrokes and take screenshots are surprisingly common.

Note that we are now lawyers and that nothing in this post should be taken as legal advice. 


Can spyware hack my iPhone’s camera?

Yes, some spyware can hack your iPhone’s camera. If you see a little green dot at the top of your iPhone’s screen, it means the camera is active. While some apps may require access to the camera (such as a QR code scanning app), most shouldn’t. You should check which apps have permission to access your camera and adjust accordingly by revoking access or deleting the apps you no longer use or need.