Imagine that someone has a key to your mailbox. Every day, they get there before you do. They read your mail, photograph anything useful, then reseal everything and put it back exactly as it was. You might never know anything’s amiss.

This is what spyware apps do to devices. It’s much easier and more lucrative for a cybercriminal to plant spyware on your device than it is to duplicate a mailbox key.

Spyware is software that collects data — such as messages, passwords, location, and activity — from your device, without your knowledge, and sends it to whoever planted it. Spyware threatens a wide spectrum of people, and it’s a growing threat. According to data from Kaspersky(fereastră nouă), spyware attacks on Android users increased 29% in the first half of 2025 compared to the same period in 2024.

The good news is that you don’t need to be a security expert to spot spyware. You just need to know what to look for, and which spy apps to look out for. 

For a full exploration of what spyware is and how it works, see our guide to spyware. The three types in this article are among the most dangerous.

Fake security tools

Spyware apps are usually disguised as — or bundled with — something legitimate. Their most effective disguise: anti-spyware.

People search for security tools when they’re worried their devices are infected. Anxious and in a hurry to find a fix for their problem, they’re far likelier to install something without scrutinizing it first — particularly if that something seems to offer protection.

In April 2022, Check Point Research(fereastră nouă) found six apps on the Google Play Store marketed as antivirus tools were spyware carrying the SharkBot banking trojan, which stole credentials and auto-replied to WhatsApp and Facebook Messenger notifications to spread links to more fake antivirus apps.

The six fake antivirus tools were collectively downloaded over 15,000 times before Google removed them. When SharkBot returned(fereastră nouă) disguised as two new fake antivirus apps, they were downloaded over 60,000 times.

What to do about it

If you think your device has been compromised by malware or spyware, don’t make the mistake of downloading the first spyware scanner you find. 

  • Android users: Follow these detailed steps to removing malware from your Android (including to download a free, trusted, and community-verified spyware scanner like Malwarebytes)
  • iOS users: iOS limits third-party app scanning, so update iOS, review installed profiles via SettingsGeneralVPN & Device Management, check for unfamiliar apps, and then contact Apple Support

Despite Apple’s tight security controls, iPhones can still get viruses — although this is highly unlikely. Find out more about each operating system in our detailed guide to Android vs iOS security.

Commercial stalkerware 

Like fake security tools, commercial stalkerware apps pretend to be protective. They’re often marketed as parental controls or employee monitoring tools. But whatever their developers claim, these tools are frequently used to spy on people.

Many, in fact, are obviously designed to be used this way, and are banned from app stores. Banned stalkerware apps must be downloaded directly from the provider (which is why brief physical access to the target device is required for installation). Once installed on a target’s device, these apps run silently and invisibly, collecting messages, photos, call logs, and real-time location. 

Last year, three stalkerware apps were exposed by a security researcher’s investigation, as reported by TechCrunch(fereastră nouă). Cocospy, Spyic, and Spyzie were all marketed as parental control tools — a thin pretense. Legitimate monitoring tools are transparent to the person being monitored. These apps were designed to stay hidden from them.

The investigation also demonstrated a big risk presented by commercial stalkerware (both to its victims and to those who deploy it): poor coding, which leaves data exposed to breaches. 

Cocospy, Spyic, and Spyzie, which shared a source code, also shared a vulnerability that was serious enough to expose the personal data of every device they were installed on, including the email addresses of 3.2 million customers.

What to do about it

If you suspect someone has installed monitoring software on your device without your knowledge, you’re not alone: stalkerware is a recognized form of abuse. 

The Coalition Against Stalkerware(fereastră nouă) offers guidance on detecting and safely removing stalkerware without alerting the person who installed it. In the UK, Refuge(fereastră nouă) provides specialist tech safety support.

Mercenary spyware

Zero-click mercenary spyware exploits were designed to be used by states to covertly monitor individuals. These spy apps exploit vulnerabilities in operating systems to infiltrate targeted devices; they’re called ‘zero click’ because the target doesn’t need to do anything (such as click on a link) to be infected.

As with commercial stalkerware, government-grade spyware is often officially sold as legitimate tech. In practice, however, this legitimate tech has repeatedly been used in illegal ways.  

Take the zero-click spy app Graphite: its developers, Paragon Solutions, market Graphite as a lawful intercept tool, sold only to vetted government and law enforcement customers in democratic countries, for legitimate criminal investigations.

In practice, however, Graphite has been used by governments illegitimately. In June 2025, Citizen Lab confirmed that Graphite was used to compromise the iPhones of journalists in Europe(fereastră nouă) via a zero-click exploit.

And Graphite is just the latest prominent example. A 2021 investigation(fereastră nouă) found that NSO Group’s zero-click spyware Pegasus had been installed on the devices of journalists, lawyers, and human rights defenders across several countries.

What to do about it

Zero-click spyware is extremely difficult to detect, often leaving none of the giveaway signs that your phone has a virus (unusual battery drain, device overheating, unexpected data usage) that other spyware apps do. 

Consumer tools like antivirus scanners can’t detect zero-click spyware, and specialist forensic tools that can require expertise to run and interpret correctly.

If your profession puts you at elevated risk (for example, if you’re a journalist, activist, or human rights defender), the recommended path is to request analysis through Access Now’s Digital Security Helpline(fereastră nouă) or Amnesty International’s Security Lab(fereastră nouă).

How to avoid downloading and installing spyware

To minimize the chances of spyware making it onto your device, follow these tips:

Use trusted sources: Download only from official app stores or verified developer websites — while remembering that even the safest sources are never completely safe.

Do your due diligence: Before installing anything, check the developer has a clear web presence. Watch out for negative reviews and read what they have to say, but also look out for an absence of negative reviews, which can indicate the use of bots.

Update your OS: Spyware targets operating system vulnerabilities, and updating your OS patches many of these.

Watch out for inappropriate permission requests: Apps that ask for access that doesn’t quite fit — a weather app that asks to access your microphone, or a fitness tracker that asks for your contacts — should be treated with immediate suspicion.

Make spyware harder to use against you

Spyware is effective because it’s structurally invisible: designed to run in the background, disguise itself with generic names, and request permissions that appear routine. 

The most reliable protection is equally structural: encrypting your connection so spyware can’t transmit what it collects, and encrypting your credentials so that even a successful compromise doesn’t cascade. 

That’s what our secure VPN(fereastră nouă) and password manager are built to do.