U.S. markets close in 4 hours 20 minutes

  • S&P 500

    4,321.55
    -27.32 (-0.63%)
     

  • Dow 30

    33,777.84
    -301.34 (-0.88%)
     

  • Nasdaq

    13,419.55
    -128.51 (-0.95%)
     

  • Russell 2000

    1,998.84
    -10.49 (-0.52%)
     

  • Crude Oil

    92.93
    +1.86 (+2.04%)
     

  • Gold

    1,903.50
    +3.70 (+0.19%)
     

  • Silver

    24.26
    +0.27 (+1.12%)
     

  • EUR/USD

    1.1348
    +0.0036 (+0.32%)
     

  • 10-Yr Bond

    1.9370
    +0.0050 (+0.26%)
     

  • GBP/USD

    1.3594
    -0.0007 (-0.05%)
     

  • USD/JPY

    114.9700
    +0.2710 (+0.24%)
     

  • BTC-USD

    37,611.00
    -1,277.29 (-3.28%)
     

  • CMC Crypto 200

    857.88
    +23.58 (+2.83%)
     

  • FTSE 100

    7,496.35
    +12.02 (+0.16%)
     

  • Nikkei 225

    26,449.61
    -461.26 (-1.71%)
     

Your Android phone could have stalkerware, here's how to remove it

Zack Whittaker
·4 min read

A security vulnerability in one of the biggest consumer-grade spyware operations today is putting at risk the private phone data of about 400,000 people, a number that's growing daily. The operation, identified by TechCrunch, is run by a small crew of developers in Vietnam but has yet to fix the security issue.

In this case it isn't just one problematic spyware app. It's an entire fleet of apps — Copy9, MxSpy, TheTruthSpy, iSpyoo, SecondClone, TheSpyApp, ExactSpy, FoneTracker, and GuestSpy — that share the same security vulnerability.

But without a fix in place, TechCrunch cannot reveal specific details about the vulnerability because of the risk it poses to the hundreds of thousands of people whose phones have been unknowingly compromised.

With no expectation that the vulnerability will be fixed any time soon, this guide can help you remove these specific spyware apps from your Android phone — if you believe it's safe to do so.

Consumer-grade spyware apps are often sold under the guise of child tracking software but are also known as "stalkerware" for their ability to track and monitor partners or spouses without their consent. These apps are downloaded from outside of Google Play's app store, planted on a phone without a person's permission, and are designed to disappear from the home screen to avoid detection. You may notice your phone acting unusually, or running warmer or slower than usual, even when you are not actively using it.

Because this fleet of stalkerware apps relies on abusing in-built Android features that are more commonly used by employers to remotely manage their employee's work phones, checking to see if your Android device is compromised can be done quickly and easily.

Before you proceed, have a safety plan in place. The Coalition Against Stalkerware offers advice and guidance for victims and survivors of stalkerware. Spyware is designed to be covert, but keep in mind that removing the spyware from your phone will likely alert the person who planted it, which could create an unsafe situation.

Note that this guide only removes the spyware app, it does not delete the data that was already collected and uploaded to its servers. Also, some versions of Android may have slightly different menu options. Follow these steps, at your own risk.

Check your Google Play Protect settings

Screenshots showing Google Play Protect, which should be enabled.
Screenshots showing Google Play Protect, which should be enabled.

Make sure Google Play Protect, a security feature in Android phones, is enabled. Image Credits: TechCrunch

Google Play Protect is one of the best safeguards to protect against malicious Android apps, both third-party and in the app store. But when switched off, those protections stop, and stalkerware or malware can be installed on the device outside of Google Play. That's why this stalkerware network asks the person who plants the spyware to disable Google Play Protect before it works.

Check your Google Play Protect settings through the Google Play app and make sure it's enabled, and that a scan has been recently completed.

Check if accessibility services have been tampered with

Stalkerware relies on deep access to your device and its data, and it often abuses the accessibility feature in Android which, by design, has to have wide access to the operating system and its data in order for the screen reader and other accessibility features to work. If you do not recognize a downloaded service in the Accessibility options, you may want to remove it. Many of the stalkerware apps are disguised as plain apps called "Accessibility" or "Device Health."

A screenshot of Android&#39;s accessibility settings.
A screenshot of Android's accessibility settings.

Android spyware often abuses in-built accessibility features. Image Credits: TechCrunch

Check if a device admin app has been installed

Device admin options have similar but even broader access to Android as the accessibility features. These device admin options are designed to be used by companies to remotely manage their employees' phones, disable features, and wipe data to prevent data loss. But they also allow stalkerware apps to record the screen and snoop on the device owner.

Screenshots showing the Android&#39;s device admin app panel.
Screenshots showing the Android's device admin app panel.

An unrecognized item in your device admin app settings is a common indicator of phone compromise. Image Credits: TechCrunch

Most people won't have a device admin app on their personal phone, so be aware if you see an app you don't recognize, named something like "System Service," "Device Health," or "Device Admin."

Check apps to uninstall

You may not see a home screen icon for any of these stalkerware apps, but they may still appear in your Android device's app list. Go to your Android settings, then view your apps. Look for an innocuously named app like "Device Health" or "System Service," with generic-looking icons. These apps will have broad access to your calendar, call logs, camera, contacts and location.

Three screenshots of spyware apps, named &quot;Device Health&quot; and &quot;System Service.&quot;
Three screenshots of spyware apps, named "Device Health" and "System Service."

Spyware apps often have generic-looking icons. Image Credits: TechCrunch

If you see an app here that you don't recognize or haven't installed, you can hit Uninstall. Note that this will likely alert the person who planted the stalkerware that the app is no longer installed.

Secure your phone

If stalkerware was planted on your phone, there is a good chance that your phone was unlocked, unprotected, or that your screen lock was guessed or learned. A stronger lock screen password can be helpful to protect your phone from would-be stalkers. You should also protect email and other online accounts using two-factor authentication wherever possible.

If you or someone you know needs help, the National Domestic Violence Hotline (1-800-799-7233) provides 24/7 free, confidential support to victims of domestic abuse and violence. If you are in an emergency situation, call 911. The Coalition Against Stalkerware also has resources if you think your phone has been compromised by spyware. You can contact this reporter on Signal and WhatsApp at +1 646-755-8849 or zack.whittaker@techcrunch.com by email.

Recommended Stories

  • Walmart hosting a 'Black Friday-like' shopping event on Thursday for Walmart+ members

    Walmart Inc. has announced plans to host a shopping event on Thursday exclusively for Walmart+ members. Starting at noon ET, Walmart+ shoppers will get up to 40% off on a range of products, including gaming consoles like the XBox X and PlayStation 5. "The shopping event builds on the retailer's members-only experience during Black Friday, when Walmart+ members could shop all the great deals before anyone else," the company said in the announcement. Walmart+ costs $98 annually, or $12.95 per mont

  • SoFi to buy Technisys, Volkswagen considering IPO for Porsche, AT&T shuts down 3G network

    Yahoo Finance's Julie Hyman breaks down today's trending business headlines, involving SoFi, Technisys, Volkswagen, Porsche, and AT&T.

  • Truth Social Surges Past Wordle On Apple App Store, DWAC Stock Leaps

    Former President Donald Trump's 'Truth Social' is the top download on Apple's App Store.

  • Could Burger King or McDonald's Ditch Human Labor for Robots?

    Automation has loomed over all sorts of American jobs for decades. Amazon uses robots in its warehouses as does Fedex. In both cases, however, the robot workers haven't really replaced humans. In fact, while robots and automation have been used by all sorts of businesses, they have not led to widespread job loss.

  • Trump-linked SPAC's shares surge as Truth Social app tops Apple downloads

    (Reuters) -Shares of Digital World Acquisition Corp, the blank-check company behind former U.S. President Donald Trump's new social media venture, Truth Social, rose about 14% on Tuesday as the app topped downloads on Apple's App Store after its launch late on Sunday. Truth Social was downloaded 170,000 times since its launch, according to research firm Apptopia. The app's launch could mark Trump's return to social media after he was banned from Twitter Inc, Facebook and Google following an attack on the U.S. Capitol by his supporters last year.

  • 3G shutdown - latest: AT&T closes 3G network amid confusion over phone and security systems

    AT&T has become the first mobile phone company to shut down its 3G network in the US - amid fears numerous devices will stop working once American mobile phone networks shift their focus to 4G and 5G signals. Among the devices that will potentially be affected by the shutdown are crash alert and roadside assistance systems, burglar alarms, fire alarms, and home security systems. Amid concerns over various devices being disrupted by AT&T’s shutdown, the US home alarm industry and AARP, a major charity advocating for Americans over 50 years old, have both asked the Federal Communications Commission (FCC) to delay AT&T’s network shutdown until December.

  • Dutch consumer watchdog gives Apple fifth $5.7 million fine in App Store dispute

    AMSTERDAM (Reuters) -The Dutch antitrust watchdog fined Apple 5 million euros ($5.7 million) on Monday, the fifth such penalty in successive weeks in a row over access to non-Apple payment methods for subscriptions to dating apps. The Authority for Consumers and Markets (ACM) says the iPhone maker is abusing a dominant market position by failing to allow software application makers in the Netherlands to use other payment methods for dating apps accessible via its App Store. The ACM has been levying weekly fines of 5 million euros since Apple missed a Jan. 15 deadline to make changes that the watchdog had mandated.

  • Trump’s Truth Social Comes to App Store, Doesn’t Work

    New users weren't able to use the app, but instead were immediately added to a waitlist. Trump’s Truth Social Comes to App Store, Doesn’t Work Wren Graves

  • iPhone 14 design locked in as Apple begins trial production

    In the coming weeks, Apple will host its first event of 2022 to announce the iPhone SE 3. That seems to be the consensus among those in the know, and there will likely be a new Mac or two at the event as well. Meanwhile, we’re still seven months away from the launch of the … The post iPhone 14 design locked in as Apple begins trial production appeared first on BGR.

  • Spotify's Car Thing is now available in the US, no invite required

    You no longer need an invite to purchase Spotify's Car Thing in the US.

  • Neosapience gets $21.5M to use AI-powered synthetic avatars for creators 

    Korean startup called Neosapience has developed a synthetic voice and video platform, Typecast, that lets users turn text into a video without recording and editing in a studio. Today, Neosapience announced it has raised $21.5 million in a Series B round to accelerate growth and expand new geographies, specifically into the U.S. The new funding, which brings its total funding raised to almost $26.7 million, was led by BRV Capital Management along with Stic Ventures and Quantum Ventures. Previous backers Company K Partners, Albatross Investment Capital, Daekyo Investment and TimeWorks investments also participated in the round.

  • 5 Google docs shortcuts that will make you more productive

    Far from just being a search engine, Google has spent the past decade and a half building its productivity software suite, Google Workspace, to keep users in its ecosystem. One indicator that the approach is working: More than three-quarters of global internet users now use Google Chrome as their desktop browser. A fresh, new Google Doc should be open on your screen.

  • Panasonic's 25-megapixel GH6 is the highest resolution Micro Four Thirds camera yet

    After a bit of a delay, Panasonic has finally revealed the 25.2-megapixel GH6, the highest-resolution Micro Four Thirds mirrorless camera to date.

  • Slack is down as outage hits for some users

    Slack has stopped working for some users, leaving them unable to get into their virtual workplaces. The partial outage happened just as the working day began in the US, and in the middle of the afternoon European time. On its website, Slack said it was aware of the issue and looking to find the cause.

  • Best Kindle 2022: Which Amazon e-reader should you buy?

    Waterproof and with adjustable lighting, these are the best devices to buy now

  • Donald Trump's Truth Social debuts in app store, but you might get an error message

    Donald Trump's Truth Social app launched Sunday night, but some users are getting error messages when trying to create an account.

  • Liberty Defense Signs Canada's Largest Airport to Test AI Security Detection System

    Liberty Defense Holdings Ltd. ("Liberty" or the "Company") (TSXV: SCAN) (OTCQB: LDDFF) (FRANKFURT: LD2), a leading technology provider of threat detection solutions for concealed weapons, is pleased to announce that it has signed an agreement with The Greater Toronto Airports Authority ("GTAA") to trial HEXWAVE™ at Toronto Pearson International Airport ("Toronto Pearson") during the third quarter of 2022.

  • Positive Grid's tiny guitar amp is built for bedroom jam sessions

    Positive Grid has unveiled a tiny connected guitar amp, the Spark Mini, that can help with your bedroom jam sessions.

  • Get Presidents Day savings on a refurbished Bose Solo Soundbar II for an extra 15% off at eBay

    The refurbished Bose Solo Soundbar II promises better audio quality and you can get it for a neat discount at eBay with this Presidents Day promo code.

  • Trump's Truth Social launches in App Store but still puts users on waitlist

    Donald Trump’s social media app Truth Social launched in Apple’s App Store Monday at midnight, but still wasn’t fully available for use to all accounts.State of play: Once a user was asked to create an account with the app and enter a username and personal information, such as date of birth, the app led users to another waitlist, where they still couldn’t join the actual network.Stay on top of the latest market trends and economic insights with Axios Markets. Subscribe for free Screenshot from a