SecureMac, Inc.

How to check for stalkerware on an iPhone

October 13, 2021

Learn how to check for stalkerware on an iPhone, and how stalkerware on iOS works. Plus: where to learn more about stalkerware on macOS.

How to check for stalkerware on an iPhone

Stalkerware is frequently thought of as an Android problem, but it can affect iOS users as well. Read on to learn more about the phenomenon of stalkerware, and how to check for stalkerware on an iPhone.

What is stalkerware?

Stalkerware is an umbrella term that describes a range of privacy threats. A good general definition comes from the Coalition Against Stalkerware, an industry group working to end stalkerware:

“Stalkerware refers to tools — software programs, apps and devices — that enable someone to secretly spy on another person’s private life via their mobile device”.

Is stalkerware the same as spyware?

Stalkerware and spyware are related, but they’re not identical. It’s probably most useful to think of stalkerware as a subtype of spyware.

For example, Pegasus spyware, a powerful mobile surveillance tool used by nation states and law enforcement agencies, wouldn’t be classified as stalkerware — even though it’s used to monitor people without their consent. What distinguishes stalkerware from something like Pegasus is that it is most often used in the context of abusive relationships: as a way of surveilling an intimate partner or of controlling them.

Similarly, student and employee monitoring software, when deployed on managed devices, is not stalkerware per se. This kind of mobile monitoring software is definitely invasive (and arguably unethical). But it doesn’t try to hide its presence from the user, and is typically installed with some semblance of consent. 

If stalkerware seems creepy, wrong, and downright abusive, that’s because it is. But unfortunately, it’s not always illegal in and of itself. 

Manufacturers of stalkerware apps frequently market themselves as “parental monitoring” tools. This gives them plausible deniability, and keeps their apps in Google Play and the App Store. But of course, stalkerware developers are well aware that their apps are used by abusers to spy on their partners. This is pretty obvious if you look at their online advertising and SEO strategy

Fortunately, both government regulators and Big Tech are starting to take action. The U.S. Federal Trade Commission (FTC) recently issued its first ever ban of a stalkerware app. And just this week, Google pulled a number of stalkerware ads for violating the company’s ban on promoting surveillance apps.

Stalkerware on iOS 

For Apple users, the good news is that iOS makes it harder for stalkerware to run on an iPhone. 

However, there is still stalkerware that can affect iPhones. There are also non-technical workarounds that abusers can use to monitor iOS users.

According to research done by Citizen Lab, iOS stalkerware often requires that the stalker obtain “the iCloud login and password of the targeted person”. (This is not unlikely in the context of an abusive relationship.) With the target’s iCloud credentials, an abuser can use a stalkerware app “to automatically extract data from iCloud”. This can include “contacts, calendar information, photos, notes, geolocation, and potentially even files stored in iCloud drive”. Note too that some stalkerware apps offer “light” versions of their products for iOS. These don’t have the full surveillance capabilities of other forms of stalkerware, but they can still be used to track a user’s location. 

Some stalkerware apps require a jailbroken iOS device to work. Jailbreaking a victim’s iPhone presents more of a technical challenge for an abuser, but it is certainly possible. As such, it needs to be considered when discussing how to check for stalkerware on an iPhone.

Finally, some abusers may make use of Mobile Device Management (MDM) configuration profiles in order to monitor iOS users. Companies and schools routinely use MDM configuration profiles to manage the devices that they issue. However, bad actors also use them for spying, since they can reveal location and other data when installed on a device.

How to check for stalkerware on an iPhone

In what follows, we’ll share some ways to check for stalkerware on an iPhone. If you’re being monitored by an intimate partner, and you abruptly shut off their spying capabilities, they will most likely realize that they’ve been caught, and that they no longer have control over your device. In the context of an abusive relationship, this can be dangerous. If you are in this situation and need support, the Coalition Against Stalkerware has a resource page where you can find help. 

  1. Scan for unfamiliar apps

    The easiest way to check for stalkerware on an iPhone is to look for apps that you don’t recognize. You can see a full list of installed apps on your device by going to Settings and scrolling down. You can tap on an individual app to see a list of its permissions. If you don’t know why an app is there, or if you don’t remember installing it, that can be a sign that something isn’t right. Follow Apple’s steps for app deletion as needed.

  2. Check for unknown configuration profiles

    To check for MDM configuration profiles on your iPhone, go to Settings > General > Profiles & Device Management. If you don’t see anything there, that means that there is no mobile configuration profile installed on your device. If there is an unknown configuration profile on your iPhone, you can tap it to see the option to delete it.

  3. Look for Wi-Fi Sync

    There is some iOS stalkerware that abuses an iPhone feature called iTunes Wi-Fi Sync. When this feature is enabled, an iOS device can be set to back up to a computer on the same Wi-Fi network — in this case, a computer running a desktop stalkerware app. A stalker can view the iPhone backups directly if they control the computer themselves. Alternatively, since the app will also upload copies of the backup to the stalkerware company’s servers, an abuser can view them remotely over the web. To check for this kind of stalkerware, go to Settings > General and look for iTunes Wi-Fi Sync. If you don’t see anything, your iPhone isn’t set up to sync to another device over a Wi-Fi network.

  4. Search for signs of jailbreak

    To check if your iPhone has been jailbroken, look for the apps Cydia or Sileo. These are the most common apps used to install unapproved software (i.e. software that can’t be found in the App Store) on jailbroken iPhones. Not all unapproved apps are “bad”, and the jailbreak community itself is more interested in research and customization than in spying on people. But bad actors can use a jailbroken iOS device to install a stalkerware app, circumventing the App Store’s protections. To “un-jailbreak” an iPhone, you’ll need to update iOS to the latest version or perform a full factory reset of your device.

  5. Perform a privacy audit

    Apple has a number of data sharing tools baked into its platforms: Family Sharing, Find My, Shared Albums, and more. The company understands that abusers may attempt to weaponize standard features to spy on people. For this reason, they’ve published some privacy checklists designed to help users see who has access to their devices, and what data is being shared. If you’d like to perform a privacy audit on your iPhone, we discussed Apple’s guidance in detail on Checklist 221: A Trio of Privacy Checklists from Apple.

  6. Lock down iCloud

    Lastly, if you think that your iCloud login credentials may have been compromised, you need to reset your password. For added protection, you can turn on 2FA for your Apple ID as well (see Apple’s how-to guide for details).

What about macOS?

People usually think of stalkerware as a mobile threat, but there are surveillance apps for desktop systems as well — including macOS. These don’t always go by the name of stalkerware, but their effect is essentially the same.

For Apple users, it’s helpful to remember that Macs are not nearly as “locked down” as iPhones. At times, that can be a good thing. It’s what allows macOS users to install all sorts of third-party apps, and customize their systems to a degree that isn’t possible on iOS. But it can also bring privacy threats, since an abuser with physical access to a Mac can easily install monitoring software.

Fortunately, there is a robust Mac security community that has spent years building tools that can find and remove malware threats on macOS. These developers were flagging macOS stalkerware apps as malicious long before the term “stalkerware” was even coined!

If you want to check your Mac for stalkerware apps and other privacy threats, you can use a reputable and regularly updated malware detection tool like our own MacScan 3. To learn more about a common family of surveillance apps that affects Mac users, watch this video about keyloggers on macOS.

Join our mailing list for the latest security news and deals