AlTalks logo AlTalks logo
AlTalks
Back to Articles

How to Tell If Your Phone Is Being Monitored Secretly And What to Do About It

15 min read
How to Tell If Your Phone Is Being Monitored Secretly And What to Do About It

Something feels off. Your battery is draining faster than it used to. Your phone gets warm when you're not using it. You notice an app you don't remember installing. Or maybe you just have a gut feeling that someone knows things they shouldn't, things you only said out loud or typed on your phone.

That feeling deserves to be taken seriously.

Secret phone monitoring is more common than most people want to believe. According to Bitdefender's research on phone tracking , up to 40% of divorces involve some form of phone monitoring, and spousal spying cases rose from about 1 in 5 divorce cases in 2022 to roughly 2 in 5 in 2023. And that's just the domestic angle. Stalkerware apps, commercial spyware tools, and remote access malware are a growing industry with real victims.

According to the Gen Q3 2024 Threat Report via Norton , spyware attacks increased by 166% in the last few months of 2024. This isn't a niche concern for celebrities or executives. It affects regular people in relationships, workplaces, and online spaces where someone wants information they don't have the right to have.

The good news is that most monitoring tools leave traces. You just have to know what to look for.

Who Might Be Monitoring Your Phone And How

Before jumping to the signs, it helps to understand the realistic threat landscape. Because the answer to "who could be doing this" shapes which signs matter most and what you should do about it.

The most common scenario isn't a government agency or sophisticated hacker. As Norton's phone surveillance guide points out, it could also be someone you know. A controlling partner, a suspicious parent, a jealous ex, or someone with brief physical access to your phone. This is the stalkerware category, commercially sold apps that hide themselves on your device and silently transmit your location, messages, calls, and more to someone else's dashboard.

Then there's the malware route. A phishing link in a text or email, a sketchy app downloaded from outside the official store, a fake Wi-Fi network at a coffee shop. These deliver spyware that operates without any direct human involvement, just code running quietly in the background and sending your data somewhere you'd never knowingly approve.

And then there's something people rarely think about. As Bitdefender explains in their tracking guide , monitoring may not involve hidden apps at all. Phones can be tracked via shared accounts, location services, or devices that remain logged into your Google or Apple account. Someone who knows your Google or iCloud password doesn't need to install anything to know exactly where you've been.

Knowing which category your situation might fall into tells you where to start looking.

The Physical Signs Your Phone Shows When Something Is Wrong

These are the signals that show up in your day-to-day experience, the ones most people notice but don't connect to monitoring.

Battery draining faster than usual. This is the most consistently reported sign across every credible security source. According to Keeper Security's spyware guide , spyware runs in the background consuming system resources, which causes the battery to drain quickly. If your phone used to last all day and now needs charging by midday, and nothing else has changed, that's a signal worth investigating. Don't immediately assume it's just the battery aging.

Overheating when the phone should be idle. VPNOverview's monitoring guide notes that an overheating phone, especially in standby mode, could mean malicious apps are running in the background, transmitting files to an external server or recording your conversations. A phone left face-down on a table doing nothing should be near room temperature. If it's warm to the touch when you pick it up, something is running that you didn't start.

Slow performance and longer load times. As Surfshark's spyware explainer notes, spy apps use more processing power than their fair share, and your speed often takes a hit even on a newer device. The catch is that this develops gradually. It can take weeks or even months for noticeable changes to emerge, which is exactly why people often attribute it to the phone just "getting old."

The phone takes unusually long to shut down. Norton's phone tap guide explains that if your phone experiences delays when shutting down, hidden spyware could be finishing a data transmission before the shutdown completes. A normal shutdown takes a few seconds. A monitoring app fighting to send data before power-off takes noticeably longer.

Random reboots. According to VPNOverview , unauthorized reboots can indicate that someone has remote access to your phone at administrator level. Random reboots have other explanations too, like a failing battery or a buggy update. But combined with other signs on this list, they're worth taking seriously.

The Data and Network Signs That Expose Background Activity

Your phone doesn't just behave differently when it's being monitored. It also uses resources differently, and those changes show up in places most people never check.

Unexplained spikes in mobile data usage. Malwarebytes' phone tapping guide notes that spyware or tracking software sends data to third parties continuously, and an unexpected spike in mobile data usage might indicate a device is secretly transmitting information. To check on Android, go to Settings, then Network and Internet, then Data Usage. Sort by usage and look for apps consuming data that you haven't actively been using. On iPhone, go to Settings, then Cellular, and look at which apps have been using data in the current period. An app you've never opened shouldn't have a significant total.

And as VPNOverview explains , a hacker's main goal is to harvest your data, whether to sell it on a black market or use it for blackmail. That harvest requires your data to leave your device, which means it shows up in your usage logs.

Camera or microphone activating without your knowledge. Keeper Security confirms that spyware can secretly use your phone's camera and microphone to record audio or take photos without your knowledge. On modern iPhones and many Android devices, Norton's surveillance guide points out that an orange or green dot at the top of your screen means an app is actively using your microphone or camera. If you're not using either, and you've closed any relevant apps, watch those dots carefully. They're one of the most reliable real-time signals.

Strange sounds during phone calls. According to Malwarebytes , clicking, static, or faint voices in the background of calls could suggest interference from wiretapping or spyware. Occasional static might be a weak signal. Persistent noises that weren't there before are a red flag. If your calls have consistently sounded different recently, that's worth noting.

Unfamiliar apps in your app list. Malwarebytes notes that malicious software often disguises itself as an ordinary app. Some monitoring apps use names containing words like "monitor," "spy," or "track." Others disguise themselves with generic system-sounding names. Surfshark's guide recommends going to Settings, then Applications, and looking through both visible apps and running services for anything unrecognized. Search any unfamiliar name on Google before assuming it's harmless.

Strange text messages you can't explain. Norton explains that some spyware requires the hacker to send coded command texts to your phone to trigger different actions. These messages aren't supposed to be visible, but glitches sometimes surface them. If you receive messages that look like gibberish, random numbers, or character strings from numbers you don't recognize, don't dismiss them as spam. They might be command signals intended for software running on your phone.

The Diagnostic Codes That Check for Call Forwarding

This section is worth knowing about, but with an important caveat upfront. As Norton's USSD code guide makes clear, no USSD code will confirm outright if your phone is being monitored for data or spyware. These codes only reveal call and message forwarding settings at the network level. If someone installed a stalkerware app that watches your location and reads your texts, these codes won't detect it. But if someone set up unauthorized call forwarding to redirect your calls to themselves, these codes will expose it.

According to SafeMyKid's phone security guide , dialing specific combinations lets you check if your calls, texts, or data are being rerouted without your consent. These codes work on most Android and iOS devices.

Dial *#21# to check whether unconditional call forwarding is active. This tells you if all your incoming calls are being silently diverted to another number without your phone ever ringing. If this shows a number you don't recognize, someone has set up forwarding on your line.

Dial *#62# to check where your calls are sent when your phone is switched off, out of signal, or in airplane mode. As SafeMyKid notes , a suspicious number appearing here could mean someone is monitoring your calls during the periods when you'd assume you're most unreachable.

Dial *#67# to see where your calls are forwarded when your line is busy. SOC Investigation's tracking code guide recommends comparing the result to numbers you've consciously set up to spot any discrepancies.

Dial *#004# for a comprehensive overview of all call forwarding settings active on your line, including voicemail diversion.

Dial ##002# to immediately disable and cancel all call forwarding on your device. According to Technastic's USSD code guide , this works on both Android and iOS and resets all redirection options at once.

These codes vary by carrier and by country. If you get an "Invalid MMI code" message, your carrier may use a different format. Contact your carrier's support line to ask about your specific forwarding check codes if the standard ones don't work.

How to Check If Someone Is Monitoring Through Your Accounts (No App Required)

This is the angle most monitoring detection guides miss entirely, and it catches a significant number of cases.

Someone doesn't need to install anything on your phone to track you if they have access to your accounts. As Bitdefender's tracking guide explains, if someone has access to your credentials or an old device still connected to your account, they may be able to see your location history, searches, or synced activity without ever touching your phone.

Check your Google account's active devices. Go to myaccount.google.com, then Security, then Your Devices. You'll see every device currently signed into your Google account. If there's a device listed that you don't recognize or no longer use, remove it immediately. An old phone you sold or gave away that you forgot to sign out of could be giving someone else a window into your account activity.

On iPhone, go to Settings, tap your name at the top, and scroll down to see every device signed into your Apple ID. Any device you don't recognize should be removed. Also check Settings, then Privacy and Security, then Location Services. Scroll to Share My Location and check whether Find My is sharing your location with anyone you didn't intentionally add.

Check Google Maps timeline. Open Google Maps, tap your profile photo, then Your Timeline. If location history is on, you'll see a detailed log of everywhere you've been. More importantly, anyone who has access to your Google account can see this same history. If someone knows your Google password, they've essentially had a GPS tracker on you the entire time.

Check which apps have access to your location. On iPhone, go to Settings, then Privacy and Security, then Location Services. Every app with location access is listed there, with whether it's set to "Always," "While Using," or "Never." Any app you don't recognize with "Always" access is worth removing. On Android, go to Settings, then Location, then App Permissions. Review and tighten anything that doesn't need persistent location access.

The Tools That Help You Detect Spyware on the Phone Itself

If the behavioral signs are there and the account audit didn't explain everything, running a dedicated scan is the right next step.

Malwarebytes for Mobile is the most trusted free option for both Android and iPhone. According to Malwarebytes' own security blog , it now includes an AI-powered Scam Guard feature with real-time detection. It uses behavioral analysis rather than just signature matching, which means it can flag spyware that's new enough to have escaped official databases.

Norton 360 Mobile offers deeper protection. As Norton's Android spyware guide explains, its dark web monitoring can tell you if your email or phone number has been leaked online, which helps explain why you might be targeted in the first place.

Certo Mobile Security for iPhone is specifically built for iOS spyware detection. iPhones are harder to infect than Android devices, but as Surfshark notes , spying on an iPhone usually requires jailbreaking it first. Certo checks for jailbreak indicators and known spyware signatures on iOS specifically.

Clario Anti Spy offers spyware scanning on both platforms alongside privacy checks that look at which apps have access to your camera, microphone, location, and contacts simultaneously.

For Android specifically, Google Play Protect runs continuously in the background. You can trigger a manual scan by opening the Google Play Store, tapping your profile icon, selecting Play Protect, and then Scan. It's not infallible, but it catches a wide range of known threats.

What to Do If You Confirm Your Phone Is Being Monitored

The steps here matter, and the order matters too.

Don't tip off the person doing the monitoring before you've secured yourself. If you suddenly change all your passwords while the monitoring is still active, you might alert them to the fact that you've discovered it, which could escalate the situation. Think through your personal safety first if the monitoring involves someone in your immediate life.

Document what you've found. Take screenshots of suspicious apps, unusual data usage readings, or any of the diagnostic code results that showed unexpected forwarding numbers. If this becomes a legal matter, documentation helps.

Run airplane mode immediately if you need to stop data transmission right now. According to Malwarebytes , enabling airplane mode instantly disconnects a device from all wireless networks, temporarily halting any active data exfiltration. It's not a permanent fix, but it buys time.

Remove any suspicious apps you've identified. Then run a full malware scan with Malwarebytes or your security tool of choice. As Avast's phone tap guide warns, simply deleting the app may not be enough. Follow a dedicated spyware removal guide to make sure every trace is gone.

Change your passwords, in the right order. Start with your email, because it's the master key to everything else. Then your Apple ID or Google account. Then banking and financial accounts. Then everything else. Do this from a different device if you're not confident the phone is fully clean yet.

Enable two-factor authentication everywhere it's not already on. The guide on two-factor authentication and the best 2FA tools is worth reading in full alongside this. 2FA means that even if someone has your password, they can't get in without a code only you have access to.

Factory reset as a last resort. If scans don't fully resolve it, or if you have reason to believe sophisticated spyware is present, a factory reset removes everything. As Avast cautions , be careful not to restore from a backup made after you started noticing signs of monitoring. That will simply reinstall the malware. Restore only from a backup that predates when the monitoring likely began.

How to Protect Yourself Going Forward

Prevention is a lot less stressful than detection after the fact.

Keep your phone's operating system updated. Most spyware exploits vulnerabilities in older OS versions. Updates close those doors. Keep automatic updates on so you're always running the latest security patches.

As VPNOverview notes , never click links in text messages you don't trust, since this is one of the most common ways spyware lands on a phone. The guide on how to check if a website is safe before clicking covers how to verify any link before committing.

Don't let your phone out of your sight if you're in a situation where someone might have motivation and opportunity to install something. Spyware that requires physical access typically takes only a few minutes to install. Keeping your phone locked with a strong PIN or biometric lock removes the most common installation method.

Malwarebytes recommends keeping Bluetooth off when not in use, since attackers can use Bluetooth vulnerabilities to gain access to a device or install spyware. There's no reason to stay discoverable when you're not actively pairing something.

Review the permissions you've granted to apps regularly. Malwarebytes points out that if an app is asking for more access than it needs, it could be a sign of hidden spyware. A calculator app with microphone access is suspicious. A weather app with contacts permission is suspicious. Trim permissions down to what each app genuinely needs to function.

For a full picture of how apps access your data beyond just location and microphone, the article on how to find apps that are secretly accessing your data goes through the full audit process in detail.

And if you've been reading this and you're genuinely worried about someone in your life monitoring you in ways connected to control or abuse, please reach out to someone you trust, whether that's a friend, family member, or a support service in your country. The technology side of this is solvable. The situation around it sometimes needs more than a factory reset.

Enjoyed this article? Share it with others!

Tags

PhoneSecurity Spyware CyberSecurity
Back to tech

Related Articles

More from tech