Spyware/Malware Checklist#

What is Malware?#

Malware is malicious software that aims to disrupt, damage, or gain access to your phone.

What is Spyware?#

Spyware is a type of malware installed on your device without your permission that allows the installer to monitor your activity and collect sensitive information like your passwords or location.

What is stalkerware?#

Mobile stalkerware (sometimes called spouseware in the context of domestic violence) is a category of surveillance software that is installed on a person’s device without their informed consent or knowledge. Its primary purpose is to monitor and exfiltrate sensitive personal data such as:

  • Location and movement history
  • Text messages and call logs
  • Photos and media
  • Browser activity and search history
  • App usage and notifications

Monitoring software can have legitimate, legal uses. For example:

  • Employers may monitor activity on company-owned devices with clear disclosure
  • Parents may monitor a child’s device for safety or parental control purposes.

However, stalkerware differs in that it is explicitly designed to be hidden and to collect data without the device owner’s awareness or consent. For this reason, stalkerware often exists in a legal and ethical gray area, even when marketed as “monitoring” or “parental control” software.

Some stalkerware products were originally developed for corporate or parental use cases, but are frequently repurposed for covert surveillance.

Common Stalkerware Behaviours#

To avoid detection, stalkerware commonly:

  • Runs silently in the background with no visible app icon
  • Disguises itself as a system service or generic app
  • Requests high-risk permissions, such as:
    • Accessibility Services
    • Device Administrator privileges
    • Notification access
  • Persists across reboots
  • Attempts to prevent uninstallation. May notify the person who installed it about uninstallation attempts.

Steps to Check for suspicious/unknown apps#

  1. Open the Settings app and tap General
  2. Tap iPhone Storage
  3. Check for any app you don’t recognize

Steps to Check for excessive app permissions - apps that have access to your camera, microphone, contacts, or location#

  1. Open the Settings app and scrolling to the bottom
  2. Tap Apps
  3. Tap any app you don’t recognize
  4. Check for Camera, Microphone, Location to see if they are turned on without your permissions

Steps to Remove Spyware#

  1. Disconnect from the internet by opening Settings and switching on Airplane Mode, or turning off Wi-Fi and Cellular Data

  2. Delete suspicious/unknown apps:

    1. Open the Settings app and tap General
    2. Tap iPhone Storage
    3. Check for any app you don’t recognize
    4. Tap Delete App
    5. Tap Delete again to confirm

  3. Revoke excessive app permissions

    1. Open the Settings app and scrolling to the bottom
    2. Tap Apps
    3. Tap any app you don’t recognize
    4. Check for Camera, Microphone, Location to see if they are turned on without your permissions
    5. Turn off the ones you don’t want

  4. Perform a full device reset (Last resort only! It will wipe everything off your phone)

    1. Open the Settings app and tap General
    2. Tap Transfer or Reset iPhone
    3. Tap Erase All Content and Settings
    4. Follow the on-screen prompts to complete the process

What is Lockdown Mode?#

It’s an optionally enabled set of protections that are designed for individuals who are working within sensitive areas or are handling sensitive data. It limits and/or alters the attack surfaces of your phone that could be targeted by spyware or malware (such as messaging, web browsing, and FaceTime). The below instructions to enable the feature are for iOS 16+.

Official iPhone Warnings#

About Lockdown Mode

  • Messages: Most message attachment types are blocked, other than certain images, video, and audio. Some features, such as links and link previews, are unavailable.

  • Web browsing: Certain complex web technologies are blocked, which might cause some websites to load more slowly or not operate correctly. In addition, web fonts might not be displayed, and images might be replaced with a missing image icon.

  • FaceTime: Incoming FaceTime calls are blocked unless you have previously called that person or contact within the past 30 days. Features such as SharePlay and Live Photos are unavailable.

  • Apple services: Incoming invitations for Apple services, such as invitations to manage a home in the Home app, are blocked unless you have previously invited that person. Focus and any related status will not work as expected. Game Center is also disabled.

  • Photos: When you share photos, location information is excluded. Shared albums are removed from the Photos app, and new Shared Album invitations are blocked. You can still view these shared albums on other devices that don’t have Lockdown Mode enabled.

  • Device connections: To connect your iPhone or iPad to an accessory or another computer, the device needs to be unlocked. To connect your Mac laptop with Apple silicon to an accessory, your Mac needs to be unlocked and you need to provide explicit approval.

  • Wireless connectivity: Your device won’t automatically join non-secure Wi-Fi networks and will disconnect from a non-secure Wi-Fi network when you turn on Lockdown Mode. 2G and 3G cellular support is turned off for iPhone and iPad.

  • Configuration profiles: Configuration profiles can’t be installed, and the device can’t be enrolled in Mobile Device Management or device supervision while in Lockdown Mode.

Steps to Check If your iPhone is iOS 16+#

  1. Open the Settings app
  2. Tap General
  3. Tap About
  4. Check that the number in the row iOS Version is 16 or greater

Steps to Enable Lockdown Mode (iOS 16+)#

  1. Open Settings
  2. Tap Privacy and Security
  3. Scroll down to Lockdown Mode (bottom), tap Lockdown Mode
  4. Tap turn on Lockdown Mode
  5. Tap Turn On and Restart, and then enter your password

Common Spyware Apps#

This is not an exhaustive list. These examples are compiled from public reports and blogs.

AppiOS or Android?Link
iKeyMonitoriOS, Androidhttps://sites.google.com/ikeymonitor.com/ikeymonitor/home
FamiGuardiOS, Androidhttps://www.famiguard.com/
HoverwatchAndroidhttps://www.hoverwatch.com/
SpyeraiOS, Androidhttp://spyera.com/
FlexiSPYiOS, Androidhttps://www.flexispy.com/
eyeZyiOS, Androidhttps://www.eyezy.com/
uMobixiOS, Androidhttps://umobix.com/
ClevguardiOS, Androidhttps://www.clevguard.com/
mSpyiOS, Androidhttps://www.mspy.com/
XNSPYiOS, Androidhttps://xnspy.com/
KidsGuard ProiOS, Androidhttps://www.clevguard.org/
MinspyiOS, Androidhttps://minspy.com/
TrackMyFoneiOS, Androidhttps://www.trackmyfone.com/
QustodioiOS, Androidhttps://www.qustodio.com/en/
EyezyiOS, Androidhttps://www.qustodio.com/en/

References#

https://www.microsoft.com/en-us/security/business/security-101/what-is-malware https://www.microsoft.com/en-us/security/business/security-101/what-is-malware https://us.norton.com/blog/malware/spyware-on-iphone https://support.apple.com/en-us/105120

Backward Technical Solutions Appendix Forward

If you are in immediate physical danger, call 911!