Your Android phone could have stalkerware, here’s how to remove it
A security vulnerability in one of the biggest consumer-grade spyware operations today is putting at risk the private phone data of about 400,000 people, a number that’s growing daily. The operation, identified by TechCrunch, is run by a small crew of developers in Vietnam but has yet to fix the security issue.
In this case it isn’t just one problematic spyware app. It’s an entire fleet of apps — Copy9, MxSpy, TheTruthSpy, iSpyoo, SecondClone, TheSpyApp, ExactSpy, FoneTracker and GuestSpy — that share the same security vulnerability.
But without a fix in place, TechCrunch cannot reveal specific details about the vulnerability because of the risk it poses to the hundreds of thousands of people whose phones have been unknowingly compromised.
With no expectation that the vulnerability will be fixed any time soon, this guide can help you remove these specific spyware apps from your Android phone — if you believe it’s safe to do so.
Consumer-grade spyware apps are often sold under the guise of child tracking software but are also known as “stalkerware” for their ability to track and monitor partners or spouses without their consent. These apps are downloaded from outside of Google Play’s app store, planted on a phone without a person’s permission, and are designed to disappear from the home screen to avoid detection. You may notice your phone acting unusually, or running warmer or slower than usual, even when you are not actively using it.
Because this fleet of stalkerware apps relies on abusing in-built Android features that are more commonly used by employers to remotely manage their employee’s work phones, checking to see if your Android device is compromised can be done quickly and easily.
Before you proceed, have a safety plan in place. The Coalition Against Stalkerware offers advice and guidance for victims and survivors of stalkerware. Spyware is designed to be covert, but keep in mind that removing the spyware from your phone will likely alert the person who planted it, which could create an unsafe situation.
Note that this guide only removes the spyware app, it does not delete the data that was already collected and uploaded to its servers. Also, some versions of Android may have slightly different menu options. Follow these steps at your own risk.
Google Play Protect is one of the best safeguards to protect against malicious Android apps, both third-party and in the app store. But when switched off, those protections stop, and stalkerware or malware can be installed on the device outside of Google Play. That’s why this stalkerware network asks the person who plants the spyware to disable Google Play Protect before it works.
Check your Google Play Protect settings through the Google Play app and make sure it’s enabled, and that a scan has been recently completed.
Most people won’t have a device admin app on their personal phone, so be aware if you see an app you don’t recognize, named something like “System Service,” “Device Health,” or “Device Admin.”