Can I tell if my Android is being monitored without an app?

Often, yes — most consumer Android stalkerware leaves visible traces if you know where to look: an app with Accessibility access you did not grant, a device-administrator app that resists uninstalling, an unfamiliar app with broad permissions, or Play Protect switched off. None of these is proof on its own, but together they are a strong signal. If you find any of them and you may be in danger, make a safety plan before you change anything.

Will a factory reset remove Android spyware?

A factory reset removes most installed monitoring apps, but it also destroys evidence and — critically — can alert the person who installed it that you found it. It also will not help if the monitoring runs through your Google account rather than an installed app. If the monitoring is tied to abuse, talk to a domestic-violence advocate and preserve the device before you reset anything.

Is Android monitoring different from iPhone spyware?

Yes. iPhone monitoring usually relies on a configuration profile or someone with your Apple Account credentials mirroring your data through iCloud. Android monitoring is more often a sideloaded app that abuses the Accessibility service and device-administrator permissions to read your screen, log keystrokes, and hide its own icon. The detection steps are different, which is why an Android-specific check matters.

Signs Your Android Is Being Monitored | Safety-First Guide

Are you on a device or network the person can see?

If they might be able to see this device, use one they can’t access — a friend’s phone, a library or public computer, or a domestic-violence shelter’s safe device. If you continue here, your visit may be visible on a synced iCloud, Google account, or shared family plan.

If you think spyware or stalkerware is on this device, removing it can alert the person monitoring you and can destroy evidence. Make a safety plan — ideally with a domestic-violence advocate — before you remove anything, and use a device they can’t access in the meantime.

The Quick Exit button(top right) replaces this page with weather.com immediately — but it does noterase this visit from your history, and private/incognito mode doesn’t fully hide it either. To be safe, use a device the person can’t access.

If you’re in immediate danger, call 911. If you have a few quiet minutes, keep reading.

National Domestic Violence Hotline: 1-800-799-7233 · text START to 88788 · thehotline.org — 24/7, free, confidential.

988 Suicide & Crisis Lifeline: call or text 988 · 988lifeline.org — free, confidential crisis and emotional support, 24/7.

NNEDV Safety Net: techsafety.org — technology-safety help for survivors.

All articles·9 min read·June 29, 2026

Start here if you might be in danger

If you think someone is monitoring your phone and that person could hurt you, the safest first step is not to start deleting apps. Removing monitoring software can alert the person watching and can destroy the evidence you might need later. Read is someone monitoring my phone for the broader self-check, and consider talking to a domestic-violence advocate before you change anything on the device.

Why Android monitoring looks different from iPhone

On an iPhone, covert monitoring usually means a configuration profile or someone signed into your Apple Account mirroring your messages through iCloud. Android is a different surface. Most Android stalkerware is a sideloaded app — installed from outside the Play Store — that abuses two powerful permissions: the Accessibility service(built for users with disabilities, but able to read everything on screen and log what you type) and device-administrator rights (which let an app resist being uninstalled). Commercial monitoring apps lean on exactly these mechanisms, which is why Android device-admin abuse is a documented attack technique in the MITRE ATT&CK catalog.

The Android-specific signs to check

None of these is proof by itself. Several together are a strong signal worth taking seriously.

An app with Accessibility access you did not enable.Open Settings → Accessibility and look at which apps have access. A monitoring app often hides here under a bland name like “System Service” or “Device Health.”
A device-administrator app you do not recognize. Settings → Security → Device admin apps. An app that holds device-admin rights cannot be uninstalled normally — a common stalkerware tactic.
“Install unknown apps” is turned on. If an app you did not set up has permission to install from unknown sources, someone may have sideloaded software.
A hidden or generically named app. Check the full app list in Settings → Apps (not just the home screen). Stalkerware often hides its launcher icon.
Play Protect is switched off. Google Play Protect scans apps — including sideloaded ones — for harmful behavior. If it is disabled, ask why.
Your Google account shows unfamiliar devices or recent sign-ins, or you receive 2-step-verification prompts you did not request.
The basics: fast battery drain, the phone running warm when idle, or unexplained data use can accompany monitoring — but they have many innocent causes, so treat them as supporting signals only.

What a phone antivirus can and cannot tell you

A reputable mobile security app and Play Protect will catch a lot of off-the-shelf stalkerware, and they are worth running. But some commercial monitoring tools are marketed as legitimate “parental” or “employee” software and may not be flagged. A scan that comes back clean is reassuring, not conclusive. Confirming a specific, capable tool — and doing it without alerting the operator — is where a forensic examination of the device goes beyond what a consumer app can do.

Make a safety plan before you act

If the monitoring is connected to an abusive person, the order of operations matters more than speed. Removing the software can escalate danger and erase proof. The Coalition Against Stalkerware advises survivors to make a safety plan first, ideally with a domestic-violence advocate, and to use a device the other person cannot access in the meantime. The FTC's consumer guidance on stalkerware describes the same caution.

When a forensic exam earns its place

If you are heading toward a protective order or a custody dispute, a documented forensic examination can identify what was installed, when, and what it could access — preserved so the findings are court-ready and prepared to support admissibility under Federal Rules of Evidence 901 and 902. The court decides what is admissible; a clean chain of custody is what lets it. If that is where you are headed, domestic-violence digital forensics explains what that involves.

Sources

Kaspersky / Securelist, The State of Stalkerware in 2023–2024, 2024. https://securelist.com/state-of-stalkerware-2023/112135/
Google, Use Google Play Protect to help keep your apps safe and your data private. https://support.google.com/android/answer/2812853?hl=en
MITRE ATT&CK (Mobile), Abuse Elevation Control Mechanism: Device Administrator Permissions (T1626.001). https://attack.mitre.org/techniques/T1626/001/
U.S. Federal Trade Commission, Stalkerware: What To Know. https://consumer.ftc.gov/articles/stalkerware-what-know
Coalition Against Stalkerware, Information for survivors. https://stopstalkerware.org/information-for-survivors/

Related services

Quinnlan Varcoe

Founder & CEO

GIAC-certified · 15 industry certifications

With operational experience across Fortune 50 security programs and the defense industrial base, Quinnlan founded SleuthX in 2022 to provide clients with the caliber of expertise typically reserved for the largest enterprises. Her work in threat intelligence and digital forensics has earned the trust of 26,000+ cybersecurity professionals who follow her analysis.

“26,000 professionals follow my work because I say what others won't — and I can back it up technically.”

Fortune 50 BackgroundDefense IndustryThreat IntelligenceDigital PrivacyIncident Response