Active Incident? 24/7 Response →
SleuthX

Read this first

Are you on a device or network the person can see?

  • If they might be able to see this device, use one they can’t access — a friend’s phone, a library or public computer, or a domestic-violence shelter’s safe device. If you continue here, your visit may be visible on a synced iCloud, Google account, or shared family plan.
  • If you think spyware or stalkerware is on this device, removing it can alert the person monitoring you and can destroy evidence. Make a safety plan — ideally with a domestic-violence advocate — before you remove anything, and use a device they can’t access in the meantime.
  • The Quick Exit button(top right) replaces this page with weather.com immediately — but it does noterase this visit from your history, and private/incognito mode doesn’t fully hide it either. To be safe, use a device the person can’t access.
  • If you’re in immediate danger, call 911. If you have a few quiet minutes, keep reading.

National Domestic Violence Hotline: 1-800-799-7233 · text START to 88788 · thehotline.org — 24/7, free, confidential.

988 Suicide & Crisis Lifeline: call or text 988 · 988lifeline.org — free, confidential crisis and emotional support, 24/7.

NNEDV Safety Net: techsafety.org — technology-safety help for survivors.

Stalkerware Removal Guide

How to Remove Stalkerware

Step-by-step removal for iPhone and Android — and the two things to do first that every removal guide skips: plan for the fact that removal is visible to whoever installed it, and preserve the evidence of who did it.

Written by Quinnlan Varcoe, digital forensics examiner. Updated July 2026.

Before you touch anything: removing stalkerware usually alerts the person who installed it— many apps notify their controller, and the sudden silence tells them anyway — and deleting it destroys the evidence of who did it.

If you haven’t yet decided whether removing it now is the safe move, work through found spyware on your phone: what to do first — and if the person who did this is a partner or ex, consider calling the National Domestic Violence Hotline (800-799-7233) from a safer device before changing anything.

Most stalkerware-removal guides jump straight to “scan and delete.” This one doesn’t, because the deleting is the easy part — the part that matters is the order. The steps below sequence removal so you keep your safety options and your proof. They cover both platforms, including the iPhone case most guides get wrong.

Preserve the evidence before you remove anything

Uninstalling a monitoring app erases exactly the things that prove what happened: the install date and source, the app’s configuration (including the account it reports to), and its record of what was collected. If there is any chance you will want a protective order, a police report, or a civil case, preserve first:

Two pages on this site go deeper: how to report digital evidence to law enforcement and the hub’s evidence-preservation guidance. The rule of thumb: you can always remove later; you can’t preserve later.

iPhone: it may not be an “implant” at all

The peer-reviewed finding that should reshape how you think about iPhone spyware: most “my iPhone is being monitored” cases involve no spyware app on the phone. They are account-level access — someone who knows your Apple ID password reading your iCloud backups, messages, photos, and location from their own device. The removal for that is completely different: no amount of app-deleting or scanning helps, because there is nothing on the phone to find.

True on-device iPhone implants exist but are rarer and usually require a jailbreak or a mobile-device-management enrollment. Signs worth noting (never proof by themselves): an unfamiliar profile as above, or a device that was jailbroken without your knowledge.

Android: settings-level removal, step by step

Android stalkerware is usually a real app hiding under an innocuous name (“System Service,” “Device Health”). It survives by holding powerful permissions. Work through these four settings surfaces, in order, photographing anything suspicious before you remove it:

  1. Device admin apps(Settings → Security → Device admin apps, wording varies by vendor). Monitoring apps register here to resist uninstall. Anything you don’t recognize: deactivate its admin role first — you can’t uninstall it while it holds admin.
  2. Accessibility services(Settings → Accessibility). This is the most abused permission on Android — an accessibility service can read the screen and log keystrokes. Unfamiliar entries with full access are a red flag.
  3. Permission managers for camera, microphone, and location (Settings → Privacy → Permission manager). Sort by permission, not by app: look at everything holding camera, mic, or all-the-time location and confirm you know why.
  4. Unknown or sideloaded packages(Settings → Apps → See all apps, including system apps). Look for apps you didn’t install, with generic names and no icon, especially anything installed around a date the phone was out of your hands. The install source (“Installed from”) matters: sideloaded monitoring apps don’t come from the Play Store.

Once an app has lost its device-admin role, uninstall it normally. Then restart the phone and re-check all four surfaces — some packages reinstall companions. And a caution that cuts the other way: a clean pass through these settings is not a guarantee the phone is clean.These are signs of compromise, not a verdict — no scan or checklist can promise safety.

Factory reset: what it fixes and what it can’t

“Just factory-reset it” is the most common advice online, and it is honest to say it usually does remove on-device stalkerware. It is equally honest to say when it fails:

After removal: assume they still have a way in until proven otherwise

Removing the app severs one channel. If the person who installed it knows your passwords — and if they had your unlocked phone, they should be assumed to — they have others: your email, your cloud account, your carrier login. The follow-through is a recovery pass in the right order, starting from a clean device, covered in what to do if someone has access to your phone. For hardening beyond the incident — passwords, 2FA, device hygiene — see privacy services for individuals.

And if what you found needs to hold up later — in a protective-order hearing, a custody case, or a police report — a professional examination before removal produces court-ready documentation of what was on the phone and how it got there. That’s the piece no settings walkthrough can give you: our stalkerware detection and removal service exists for exactly that case.

Primary sources

  1. Coalition Against Stalkerware, Information for survivors — safety planning before removal. https://stopstalkerware.org/information-for-survivors/
  2. NNEDV Safety Net (techsafety.org), Spyware and stalkerware: phone surveillance. https://www.techsafety.org/spyware-and-stalkerware-phone-surveillance
  3. Apple, How Safety Check on iPhone works to keep you safe. https://support.apple.com/guide/personal-safety/how-safety-check-works-ips2aad835e1/web
  4. Chatterjee et al., IEEE Symposium on Security & Privacy 2018, The Spyware Used in Intimate Partner Violence. https://nixdell.com/papers/spyware.pdf

Meet Your Practitioner

Quinnlan Varcoe

Founder & CEO

GIAC-certified · 9 industry certifications

With operational experience across Fortune 50 security programs and the defense industrial base, Quinnlan founded SleuthX in 2022 to provide clients with the caliber of expertise typically reserved for the largest enterprises. Her work in threat intelligence and digital forensics has earned the trust of 26,000+ cybersecurity professionals who follow her analysis.

“26,000 professionals follow my work because I say what others won't — and I can back it up technically.”

Fortune 50 BackgroundDefense IndustryThreat IntelligenceDigital PrivacyIncident Response
Quinnlan Varcoe, Founder & CEO

Certified Expertise

GIAC

Transparent pricing

Trusted by partners across the practice

DAS Health
Exhibit A Cyber
Ally Security
KIRO Group
Black Mirage
Kalles Group
Gridware
CQR
Archstone Security
Cyvergence
Sentinel Cyber
Cloud Underground
Seron Security
Hexen
Koru Risk Management
DAS Health
Exhibit A Cyber
Ally Security
KIRO Group
Black Mirage
Kalles Group
Gridware
CQR
Archstone Security
Cyvergence
Sentinel Cyber
Cloud Underground
Seron Security
Hexen
Koru Risk Management