detect spyware Android

Spyware is a type of malicious software (or malware) that monitors your device without your knowledge or consent. This is often achieved by logging keystrokes and taking screenshots. Spyware can even take over a device’s camera or microphone. Needless to say, this is a scary thought. Spyware aims to collect sensitive personal information such as credit card details and passwords, often to sell on the dark web.

If you have spyware on your Android device, you may experience annoying pop-up ads as well as poor device performance. More serious consequences include blackmail and identity theft. What makes spyware particularly effective is that it’s typically hard to detect. However, there are ways and means to do so. What’s more, there are things you can do not only to detect spyware on Android, but to remove it and reduce the risk of it ever affecting your Android device again.

What are the different types of spyware?

All spyware generally has the same intention of discreetly monitoring a device and collecting data. What that data is then used for can vary, as can the types of spyware:


First, it’s important to note that not all adware is spyware. Furthermore, adware isn’t always dangerous. However, spyware can be hidden in adware (software that automatically displays unwanted – and often irritating – pop-up adverts on your device). This spyware may be within the adware itself or simply on the websites it advertises.


Keyloggers, or keystroke loggers, record the keystrokes you make. This data is then saved into an encrypted log file. Needless to say, the data that keyloggers collect could include passwords, bank credentials, and personal messages. All of the data that’s gathered is then sent to a remote server where the attacker can potentially take advantage of it.


trojan is a type of malware that poses as legitimate software. Trojans can carry a wide range of threats and one of them is spyware. A trojan can trick you into downloading spyware onto your device. For example, you may receive a pop-up message that says your device has been infected by a virus. You’re encouraged to remove the virus with the click of a button. Instead, spyware is installed onto your device in the background.

Tracking cookies and web beacons

A cookie is a small text file that a website saves to your browser. These files contain data about you. While benefits of cookies include convenience (pre-filled address information on order forms, for example) and ads that are more relevant to you, they come at the cost of your privacy. Tracking cookies are generally not considered to be spyware because they’re not used secretly. Furthermore, you can disable them.


An infostealer is a type of malware that, as the name suggests, steals information from your device (often through browser hooking or keylogging). Most commonly, it steals login credentials for online banking services, social media sites, and email accounts. Infostealers can be found in malicious attachments as well as malvertising.

System monitors

System monitors run in the background and can track all activity without the victim’s knowledge or consent. Just some of the things a system monitor can do includes taking screenshots, recording keystrokes, and documenting websites visited. System monitors may even make modifications to files and settings so that they’re more difficult to detect and remove.


rootkit is a set of malicious software that provides a hacker with unauthorized access and control over your device. They can hide themselves on a device, making them particularly hard to detect. Due to the level of control a rootkit can provide, it can allow an attacker to hide other types of malware on your device and even steal personal data for identity theft or fraud.


Software that’s used for stalking (cyberstalking) is known as stalkerware. This is very easy to find and set up and is commonly used for partner surveillance and, sadly, even as a form of domestic abuse. Once installed on a device, it can run in the background undetected. It can then track location, record and log calls, read messages, and so on.

Browser hijackers

Browser hijacking modifies a victim’s browser without their consent. This typically results in the victim being redirected to a website to generate ad revenue for the attacker. However, some browser hijackers can come with spyware such as keyloggers. Browser hijackers can come with free software but can also be found in malicious attachments and links.

How does spyware work?

We’ve established some of the different types of spyware that pose a threat to your Android device, but how does spyware work? Generally, there are three steps involved:

  1. Infection: The first step is that spyware is installed on your device without knowledge. This is typically preceded by an action such as visiting a malicious website, clicking on a pop-up ad, or opening a suspicious email attachment.
  2. Monitor and capture: Once installed, the spyware monitors your activity through the logging of keystrokes or with screenshots. Spyware can even take control of your device’s camera and microphone. It does all this while attempting to stay hidden.
  3. Send data: The aim of spyware is to collect data and ultimately exfiltrate it from the device. The stolen information is typically sent to a server controlled by the attacker. The attackers may use it for themselves or sell it on the dark web.

Essentially, spyware tracks the activity on your device including the websites you visit and the purchases you make. Particularly valuable information includes login credentials and credit card details.

What are the consequences of spyware?

Spyware poses a number of risks and the consequences can be severe. Indeed, having spyware on your device, Android or otherwise, can result in further security incidents down the line. Here are some of the consequences of having spyware on your device (and not detecting and removing it promptly):

  • Blackmail: Spyware can capture some very sensitive personal information. Aside from login credentials and bank account details, this can include photos, personal messages, and websites visited. Needless to say, this information can be very valuable and could be used to extort the victim into paying up to ensure it’s not shared (and even then, there’s no guarantee).
  • Identity theft: If spyware is able to capture and send your personal or financial data to an attacker, this can be used to impersonate you in a crime known as identity theft. This can damage your credit score as well as cost you significant time and money.
  • Stalking/harassment: The information gathered with the use of spyware can be enough ammo for a threat actor to stalk and harass a victim. Indeed, one type of spyware is stalkerware. An example of this is when people spy on their spouses.
  • Poor performance: Spyware can take its toll on your device, particularly if it’s poorly designed and lacking optimization. This takes up more memory, processing power, and bandwidth resulting in it being slower to start up and run. It may even cause crashes or the device to overheat which can incur damage and inevitable costs.
  • Financial loss: One of the most common consequences of spyware (other than the time spent to detect and remove it and clear up the mess afterwards) is financial loss. Spyware can lead to your bank account details being stolen and used to make financial transactions. There are also potential legal and recovery costs to consider.
  • Credential theft: Spyware allows an attacker to steal a wide range of data including photos and personal messages. It can even include your login credentials. Credential theft is a serious problem, particularly if it goes undetected. This could allow an attacker to access your online banking, email, or social media accounts, for example.

How to detect spyware on Android

Spyware is designed to be discreet, making it particularly difficult to detect. However, there are a few telltale signs that could suggest the presence of spyware on your Android device:

Signs you might have spyware on your Android device:

  • Overheating: Is your Android device hot to the touch? Spyware – particularly spyware that’s poorly designed – can consume a huge amount of data causing your device to slow down or stop working entirely.
  • Drained battery: One result of all the data spyware consumes is a drained battery. While some spyware is triggered by certain activity, some Spyware can run in the background constantly, putting serious strain on your device’s resources.
  • Pop-up ads: As we’ve mentioned earlier in this post, spyware can be bundled in with some adware. So if you start seeing pop-up ads on your Android phone, there’s the risk that spyware is also on the device.
  • Heavy data usage: If you notice your device is consuming significantly more data than usual, this spike can be attributed to the presence of spyware. It consumes a lot of data as it monitors your device, collecting key information.
  • New apps: The presence of new apps on your phone is worthy of your suspicion, particularly if you don’t remember installing them yourself. Apps containing spyware may request certain permissions such as to use your camera or microphone.
  • Forced redirects: Having your browsing experience interrupted by forced redirects to unwanted web pages is another sign of spyware, specifically browser hijackers.
  • Changed settings: Spyware (browser hijackers) can result in your browser or search engine being changed from the default. This can lead to redirections to other sites.

It’s important to keep in mind that while the above are signs of spyware, that doesn’t necessarily mean that spyware is present on your device. There are multiple reasons why an Android device may be overheating, for example. This may be due to too many apps consuming data. Streaming is another common cause for overheating as well as a drained battery and heavy data usage.

How to remove spyware on Android

Some antivirus software includes a spyware removal tool which you can use to remove spyware on your Android device. Bitdefender Antivirus is an example of an antivirus program with a free version that can rid your device of spyware. RegRun Reanimator and SUPERAntiSpyware are two more options you may wish to consider.

Making use of a quality antivirus program is the quickest and easiest way to remove spyware on Android. However, there are a few other methods that may do the trick (and, unlike some antivirus software, they’re free).

Update your software

Security issues on Android devices are often a result of outdated software and apps. Malicious actors look to take advantage of vulnerabilities, and this may result in spyware making its way onto your Android phone. Keeping your Android device updated to the latest version ensures your device isn’t vulnerable to these known bugs and exploits.

Here’s how to update to the latest version of Android:

  1. First, you may want to make sure your device is connected to Wi-Fi if you don’t want to consume excessive data.
  2. Open the Settings app.
  3. Scroll down to About Phone and select it.
  4. Tap Check now for update.
  5. If an update is available, an update button will appear.
  6. Click to install. That’s it!

Here’s how to update apps on Android:

  1. Open the Google Play Store app.
  2. Tap on the profile icon in the top right.
  3. Select Manage apps & device.
  4. Tap Update on the app you want to update.

While you can manually update apps, you can also have them update automatically by going to the Google Play Store App, clicking on your profile, followed by Settings > Network Preferences > Auto-update apps. Keeping apps updated improves your Android device’s security.

Remove suspicious apps

Of course, you should take the time to remove any suspicious apps on your phone as it may be that they’re malicious in nature. You can investigate specific apps by using the search tool in the Google Play Store. Look at the app’s permissions as well as its description, reviews, and number of downloads. This should provide you with the information you need to determine whether you need to delete it.

Here’s how to remove an app on Android:

  1. Open the Google Play Store app.
  2. Tap on the profile icon in the top right corner.
  3. Select Manage apps & devices > Manage.
  4. Choose the app you’d like to delete.
  5. Select Uninstall.

Perform a factory reset

Using a quality antivirus program should get rid of spyware while keeping apps updated should help keep it away from your device. However, if you still suspect your Android has spyware on it, performing a factory reset will almost certainly fix the issue. It’s important to know a factory reset erases all of the data from your device. Backing up your data to your Google account is recommended. All apps and their data will be deleted however.

Here’s how to perform a factory reset on Android: (note that the steps can vary depending on the specific device you have)

  1. Open the Settings app.
  2. Type “reset” in the search bar.
  3. Click on Reset device.
  4. You may be prompted to enter your password.
  5. Confirm by selecting Reset all.

Spyware on Android: FAQs

Can spyware be installed on Android remotely?

Yes, spyware can be installed on an Android device remotely. There are various ways this can occur, although it commonly stems from a malicious attachment, app, or website. You can reduce the risk of spyware being remotely installed on your device by being strict with the apps you download and permissions you grant, as well as the websites you visit and links you click. Spyware can also be physically installed on an Android device, so securing it with a passcode, Touch ID, or Face ID can help.

Is spyware legal?

Whether spyware is legal may depend on the country you’re in. Generally speaking though, spyware is illegal if it’s installed on a device without the knowledge or consent of the device owner. Despite this, the legality of spying apps depends on how and why they’re used.

Many employers use such apps to monitor employees, be it in the office or while working remotely. This sort of software can monitor keystrokes to gauge productivity as well as take screenshots. However, this is done with knowledge and consent. Another example of a legal use of spyware is if a parent uses it to monitor their child’s device.

Note: we are not lawyers and nothing in this post should be taken as legal advice. 

Can spyware hack my Android camera?

Unfortunately, some spyware is capable of accessing your Android camera to spy on you. This could allow an attacker to remotely take photos or even record videos. If you’re using your Android device and notice a green indicator in the top right corner of your screen, it means an app is using your camera. It’s therefore recommended that you check your app permissions, particularly of any apps that have most recently been installed on the device. You may need to adjust the permissions or delete the apps entirely.