Skip to main content
  1. Home
  2. Phones
  3. Mobile
  4. News

These Android apps are spying on you — and there’s no easy way to stop them

Add as a preferred source on Google

Android’s security woes need no introduction, but another threat that hasn’t received its fair share of awareness relates to spyware and stalkerware apps. These apps can secretly be installed on a victim’s phone to monitor their activity and can be exploited to harass victims of domestic abuse and engage in online stalking. All someone needs is physical access to the victim’s phone to install these apps, which is not too difficult in cases of domestic abuse.

Call it an app-fueled version of AirTag stalking, but on steroids, because these spyware apps can steal everything including messages, call logs, emails, photos, and videos. Some can even activate the microphone and the camera, and secretly transfer these recordings to a remote server where the abuser can access it. Since Google Play’s policies don’t allow stalking apps, these apps are sold via third-party websites and need to be sideloaded.

Illustration of a person peeking through a phone
Generated using Dall-E 2 / OpenAI

As dangerous as it all sounds, the situation is even more grim due to the lack of of defense mechanisms on Android phones, especially for folks that aren’t particularly tech-savvy. A collaborative research effort led by Alex Liu from the University of California, San Diego, studied 14 stalkerware apps that are readily available from third-party online websites — and found them loaded with some extremely worrying capabilities.

Recommended Videos

An unprecedented scope of damage

In terms of their basic capabilities, these apps were able to access calendar entries, call logs, clipboard entries, contacts, information pulled from other applications installed on the victim’s phone, location details, network information, phone details, messages, and media files.

A majority of these apps were also able to secretly access the camera feed and the microphone for multimedia capture, taking screenshots via a remote command and even accessing protected data. But that’s not where the horror tale ends.

Screenshot of app library on an Android phone
The Wi-Fi icon at the top of the app library is bogus. That’s how some spyware apps hide in plain sight. UC San Diego

Eleven of the studied apps tried to obscure the process of uninstalling them, while every single one of the spyware apps came coded with a “die-hard” functionality that allowed it to automatically start after a reboot or after memory clearance by the Android system. Such apps are known to disable the “Force Stop” and “Uninstall” buttons in some cases.

One would think that a quick look at the app launcher would alert the victim about any suspicious apps installed on their phones. But that privilege is not really available to victims of these spyware apps, which can cost anywhere between $30 to $100 with a subscription model.

Hiding, manipulating, and playing the system

Illustration of a woman looking through a phone
Generated using Dall-E 2 / Digital Trends

Liu, lead author of the research paper, told Digital Trends in an interview that most of these apps try to hide or use “innocent” names and iconography to avoid suspicion. For example, 11 out of the 14 spyware apps tried to hide in plain sight under the guise of apps with names like “Wi-Fi,” “Internet Service,” and “SyncServices,” complete with believable system icons to help avoid any suspicion.

Since these are core services for a phone, a lot of users won’t want to engage with them out of fear that it would break the corresponding systems on their phone. But there’s more to the threat factor here. “We’ve also seen advanced cases where these apps are able to hide on the app screen or the app launcher,” Liu said.

Some of these apps actively tried to hide the application icon after being installed so that the victim would never guess that surveillance software was active on their phone. Moreover, most of these apps, despite running in the background and abusing Android’s permissions system, don’t appear on the recent apps screen.

“If you don’t see it, how do you know.”

Digital Trends asked Liu if these spyware apps that are secretly running in the background, collecting sensitive personal information, can pop up in the so-called cleaner apps that advise users to uninstall apps they haven’t used in a while. Liu, who is going to present the findings at a conference in Zurich this summer, says the team didn’t explore that possibility.

However, chances are slim that these storage cleaner apps would flag the spyware apps as redundant because these apps are always running in the background and won’t be flagged as inactive. But the sheer ingenuity that some of these apps employ is the stuff of privacy nightmares.

Sneaky, risky, and extremely leak-prone

Illustration of a person sprying on other person using a phone
Generated using Dall-E 2 / OpenAI

When you launch the camera in any app, you see a preview of what’s in front of the camera. Some of these apps shrink the preview size to 1×1 pixel or even make the preview transparent, which makes it impossible to detect if a stalking app is recording a video or sending the live view to a remote server.

Some of these don’t even show a preview, directly capturing the video and transmitting it secretly. One of these apps, called Spy24, uses a secret browser system to stream full-resolution camera footage. Phone call and voice recording is also a fairly common trait among these applications.

The studied stalkerware apps were also found to abuse the accessibility settings on Android. For example, users with visual or hearing impairment have the phone read out the on-screen contents. This loophole allows these apps to read content from other apps running on the screen, extract data from notifications, and even avoid the read receipt trigger.

The spyware apps further abuse the accessibility system for keystroke logging, which is a common way to steal sensitive information such as log-in credentials for wallets and banking systems. Some of the apps that were studied relied on an SMS system, which involves the bad actor sending an SMS to activate certain functionalities.

But in a few cases, not even an activation SMS was needed to do the job. One of the apps (called Spapp) is capable of remotely wiping all the data on the victim’s phone using just an SMS. A hacker can send random messages with different passcode combinations to do it, even without the abuser knowing it, which further compounds the risk factor.

Illustration of people standing on a phone's screen
Generated using Dall-E 2 / Digital Trends

While these readily available spyware apps are dangerous on their own, another aspect that raises concern is their weak security when it comes to storing stolen personal information. A healthy bunch of these apps transmitted the data over unencrypted HTTP connections, which means a bad actor can eavesdrop on the Wi-Fi network and gain access to all of it.

Six of the apps stored all the stolen media in public URLs, assigning random numbers to the data packets. A hacker could play with these random digits to steal data associated with not just one, but multiple accounts deployed across different devices for spying on random victims. In some cases, the spyware apps’ servers continue to harvest data even after the subscription license is expired.

What can you do?

So, how can a regular smartphone user avoid becoming the next victim of these spyware apps? Liu says that would require proactive action because Android doesn’t have any automated system to alert you about spyware apps. “There is no definitive way of knowing if there’s something wrong with your phone,” Liu stresses.

However, you can look for certain signs. “These apps are continuously running in the background, so you would come across abnormally high battery usage,” Liu tells me. “That’s how you know something might be wrong.” Liu also highlights Android’s sensor alert system, which now shows an icon at the top when the camera or mic is being used by an app.

Liu, who is a Ph.D. student at the university’s computer science department, says that if your mobile data usage has suddenly gone up, that’s also a sign that something is wrong because these spyware apps are constantly sending large packets of data, including media files, emails logs, etc. to a remote server.

Mic and camera access toggles on an Android phone
Android 12 added these quick toggles for mic and camera control, alongside indicators at the top when an app is using them. Image used with permission by copyright holder

Another foolproof way of finding these shady apps, especially those that hide from the app launcher, is to check the list of all apps installed on your phone from within the Settings app. If you see any apps that look suspicious, it makes sense to get rid of them. “You should go through every app and see if you recognize them or not. That’s the ultimate solution because no app can hide there,” Liu adds.

Finally, you also have the Privacy Dashboard, a feature introduced with Android 12, that lets you see all the permissions granted to each app. For privacy-conscious users, it is advisable to revoke the permissions that they think a certain app shouldn’t have in the first place. The Quick Settings panel, which can be accessed by swiping down from the top edge, lets users disable mic and camera access if any app is using those permissions in the background.

“But at the end of the day, you require some technical expertise,” Liu concludes. That’s not how the situation should ideally be for hundreds of millions of Android smartphone users. Liu, and the rest of the team behind the research paper, have a list of guidelines and suggestions for Google to ensure that Android offers a higher degree of protection to users against these spyware apps.

Nadeem Sarwar
Nadeem is the Managing Editor at Digital Trends.
Android desktop mode made me miss my laptop in record time
I tried writing and publishing from Google’s phone-to-monitor setup, and the future of mobile computing immediately started sweating.
Computer, Electronics, Laptop

Android 17 desktop mode has a very simple pitch. Plug your phone into a monitor, add a keyboard and mouse, and watch the slab in your pocket pretend to be a computer. I wanted to give that pitch a fair shot, so I tried using it for an actual workday instead of a cute demo.

The goal was boring on purpose: write an article, edit it, build the page in WordPress, upload whatever needed uploading, and publish the thing without running back to my laptop like a coward.

Read more
After test-driving iOS 27, my iPhone still doesn’t feel like it has made a substantial leap
Siri learned new tricks. Safari got smarter tabs. My morning routine didn't change at all.
iOS 27 new star rating feature in Photos

Every June, after Apple wraps up its annual WWDC keynote, I install the latest iOS beta on my iPhone, watch the progress bar crawl to completion, and wait for the inevitable restart. For years, picking up my phone afterward felt almost identical to how it did before the update. 

I saw the same grid of icons, the same Control Center, and the same version of Siri until iOS 26 finally broke that pattern in 2025.

Read more
Android 17 makes a strong case for ignoring Android version numbers entirely
When the most noticeable change is a better Quick Settings button, the annual update cycle starts looking more like branding than progress.
Android 17 logo.

Android 17 finally separated the Wi-Fi and mobile data buttons, and I hate how much that improved my mood. For years, Android treated internet access like one mysterious blob, as if Wi-Fi and cellular data were emotionally codependent. In Android 17 Beta 3, Google split the old combined Internet button into separate Wi-Fi and mobile data tiles, making each connection easier to switch off with a single tap.

That’s a good change, which is also why it’s a little damning. When one of the cleanest wins in a major OS update is “the buttons make sense again,” the celebration gets awkward fast.

Read more