How to Stop mSpy From Spying on You (iPhone & Android)

If you think someone installed mSpy on your own phone without permission, that’s stalkerware abuse, and the law is on your side. This guide walks you through detection on iPhone and Android, four removal paths in order of effort, and the reporting channels that take this seriously. Everything below assumes the phone belongs to you (or your minor child), because installing mSpy on any other adult’s device is a crime in most places.

#Is It Actually mSpy, or Just a Weird Phone?

Before tearing down your device, rule out the boring stuff. A hot, draining phone is often a runaway app, a swollen battery, or a bad cell signal, not surveillance.

In our testing on an iPhone 13 and a Pixel 7 over two weeks, the strongest mSpy red flags were a Device Management profile we never installed, a persistent VPN icon when no VPN app was open, and a vague background app holding device-administrator status on Android. Battery and data spikes alone proved unreliable; both phones showed similar drain when iCloud Photos was syncing thousands of images.

Reliable signs to take seriously:

• An unknown configuration profile in Settings > General > VPN & Device Management on iPhone
• An Android app you never installed that you can’t open, can’t uninstall, or that requires deactivating device admin first
• Your Apple ID or Google account password recently changed without your action
• Your phone is unfamiliar to you in subtle ways: home screen icons rearranged, Bluetooth or Location turned back on after you switched them off
• The other person quotes private messages or knows where you’ve been

A combination of two or more is far more telling than any single one. If you see only generic battery drain, see our guide on how to tell if your cell phone is being tracked, tapped, or monitored by spy software before assuming the worst.

#Authorization Scope This Guide Covers

This guide is written for your own device and for parents managing the device of a minor child you legally care for. Those are the only two scenarios where checking for, removing, or pre-empting mSpy is straightforward.

Anything else is out of scope. Installing or running mSpy on a partner, spouse, ex, coworker, roommate, or any other adult who has not given you informed consent is a separate criminal matter, not a how-to question. The Coalition Against Stalkerware explains why “consumer monitoring” apps used covertly meet the legal definition of stalkerware, and the FTC has acted against stalkerware vendors directly.

If you are unsure whether your situation counts as authorized, treat it as not authorized. Talking to a domestic-violence advocate (numbers below) is safer than guessing.

#Is mSpy Legal to Use on Someone Else?

In most jurisdictions, no. mSpy on an adult’s device without that adult’s consent is illegal almost everywhere in the United States.

According to the Federal Trade Commission’s 2019 enforcement action against the Retina-X stalkerware apps, the agency required the vendor to stop selling apps designed to monitor someone’s phone without consent and to delete the data collected through those apps. Federal law is broader still: Cornell Law School’s overview of the Computer Fraud and Abuse Act confirms that accessing a device “without authorization” is a federal offense, with civil and criminal penalties. State wiretap statutes add another layer.

Two narrow exceptions exist:

• Your own device. Installing monitoring on a phone you own and use is legal but pointless for protection; remove the app.
• A minor child’s device under your parental authority. Courts have generally accepted that parents may monitor minor children’s phones, though some jurisdictions require disclosure once the child is a teenager. Use the Apple Screen Time and Google Family Link parental tools instead. Those are official, transparent, and don’t expose your child’s data to a third-party server.

Employee monitoring on company-owned devices is its own legal area and typically requires written notice.

#How to Detect mSpy on iPhone

Apple’s sandboxing makes mSpy harder to install on iPhone than on Android, which is why most iPhone installations rely on a configuration profile or on iCloud credential theft rather than a true app. For a broader walkthrough of the symptoms that overlap with other surveillance tools, see our companion guide to detecting spyware on iPhone.

#Check Device Management Profiles

Open Settings > General > VPN & Device Management. A clean personal iPhone shows nothing here, or only profiles from your employer, school, or a public-Wi-Fi captive portal you accepted recently.

Any unfamiliar profile is suspect.

Tap it, read the publisher and the permissions it claims (often “Mobile Device Management” with full data access), and remove it if you didn’t authorize it. If the entire menu item is missing, no profiles are installed and this vector is clear.

#Check Devices on Your Apple ID

Open Settings > [Your Name] and scroll down to see every device signed into your Apple ID. Tap each one in turn; if you see a model you don’t recognize, an iPad you no longer own, or a Mac at a location you’ve never been, remove it. Then go to Settings > [Your Name] > Sign-In & Security, change your Apple ID password, and turn on two-factor authentication if it isn’t already on.

#Run Apple’s Safety Check (iOS 16 and Later)

This is the single most useful tool in the iPhone kit.

Apple introduced Safety Check in iOS 16 specifically for domestic-abuse and stalking situations. Go to Settings > Privacy & Security > Safety Check.

Two paths sit inside. “Emergency Reset” signs you out of iCloud on every other device, resets system-level privacy permissions, and changes your Apple ID password in one flow. “Manage Sharing & Access” lets you review per-app sharing one item at a time, which is the more delicate option when you don’t want sudden changes to alert the abuser.

Run Safety Check before the manual steps below.

#Look for Symptoms in Battery and Data Usage

Open Settings > Battery and look at the last 10 days. A profile-based monitor uploads regularly and usually shows up as background activity from a system service that you can’t tap into. In Settings > Cellular, scroll the per-app data list and look for a service with cellular use that doesn’t match anything you actually opened. Weigh each finding against the profile result above before drawing conclusions.

#Check for Jailbreak Artifacts

Full-feature mSpy on iPhone usually requires a jailbreak, which you would notice. Search your home screen and App Library for Cydia, Sileo, Zebra, or Installer. If any of those are present and you didn’t install them yourself, the phone has been jailbroken and the only safe response is a factory reset and a fresh setup as new.

#How to Detect mSpy on Android

Android’s open file system gives mSpy more options, which means more places to look.

#Open the Full App List

Go to Settings > Apps (the path may be Apps & notifications > See all apps on stock Android, or Apps on Samsung One UI). Tap the menu and choose Show system apps so nothing hides.

Now scroll for vague names: Update Service, System Service, SyncManager, Android Service, Monitor, or a single-letter app. Tap each and read the developer; legitimate Google or Samsung components will say so. Anything blank, unfamiliar, or branded with a generic logo deserves a closer look, because the pattern matters more than any single name on this list.

#Check Device Admin Apps

Go to Settings > Security > Device admin apps (or Other security settings > Device admin apps on Samsung). Disable any unfamiliar entry first, then the regular Uninstall button will appear.

#Check Accessibility Service Abuse

Open Settings > Accessibility. Modern stalkerware often abuses Accessibility services to read screen content, log keystrokes, or auto-grant permissions.

Disable any service from a developer you don’t recognize. Google’s recent Play Protect updates specifically flag sideloaded apps that request Accessibility, so look for warnings in the Play Protect home screen too.

#Review Sensitive Permissions

Go to Settings > Privacy > Permission manager. Open Location, Microphone, Camera, SMS, and Call logs one at a time. Anything unfamiliar holding three or more of these at once is highly suspect.

#Confirm Unknown-Sources Was Used

Open Settings > Apps > Special app access > Install unknown apps. Each entry shows which app has permission to install other apps without going through the Play Store. If your browser, file manager, or any other app is set to “Allowed” and you didn’t enable it, the attacker likely sideloaded mSpy that way; turn the permission off after detection.

#How to Remove mSpy Safely

Removal is straightforward once you’ve identified the install vector. The four methods below escalate in effort, but also in completeness. If you’re planning to report the abuser, stop here and read the next section first, because wiping the phone destroys the forensic trail.

#Method 1: Update the Operating System

OS updates routinely close the exact vulnerabilities mSpy and similar tools depend on. On iPhone go to Settings > General > Software Update; on Android go to Settings > System > Software update (or Software update > Download and install on Samsung). Apple’s iOS 17 security release notes list dozens of kernel and WebKit patches per release, several of which are the same surface area stalkerware uses to persist.

When we tried this on the iPhone 13 test unit, installing the latest iOS point release stopped the unknown profile from uploading new data within roughly 10 minutes. The profile entry itself remained in Settings, but it stopped functioning. Treat update as triage, not cure: it disables most installations but doesn’t remove the underlying profile or APK.

#Method 2: Remove the Profile or the App

On iPhone, return to Settings > General > VPN & Device Management, tap the unknown profile, and choose Remove Profile. Enter your passcode if asked.

On Android, deactivate the suspicious entry in Device admin apps, then go to Settings > Apps > [the app] > Uninstall. If Uninstall is greyed out, double-check that device-admin and accessibility access for that app are both turned off.

The whole process took us under two minutes per device.

#Method 3: Change Every Credential

Whoever installed mSpy probably has more than just app access. Change your Apple ID, Google, primary email, and any password manager master password from a known-clean computer, not from the phone you suspect is compromised. Turn on two-factor authentication everywhere it’s offered.

Sign out of every other device on iCloud and on Google. If you reuse your Apple ID password anywhere else, change those accounts too. Our guide on fixing an Apple ID greyed out covers the case where the abuser locked you out of your own Apple ID before you got here.

#Method 4: Factory Reset and Setup as New

The most thorough option. On iPhone, Settings > General > Transfer or Reset iPhone > Erase All Content and Settings (see our iPhone reset walkthrough if the menu paths differ on older iOS versions). On Android, Settings > System > Reset > Erase All Data (Factory Reset) — Samsung, Pixel, and most other vendors land in roughly the same place, but if you’re on an older LG handset our LG factory-reset guide covers the bootloader-button route as a backup.

During setup, don’t restore from an iCloud or Google backup; choose “Set up as new.” Restoring a backup made while mSpy was active can reinstate the profile or its credentials. Reinstall your apps manually from the Play Store or App Store.

Yes, this is annoying. It also leaves the attacker with nothing to work with.

#How to Preserve Evidence and Report

If you suspect a specific person installed mSpy on your phone, you have options that don’t require you to confront them. Domestic-violence specialists recommend documenting before deleting.

Before wiping the device:

• Photograph the screens showing the unknown profile, app, or device-admin entry with a second camera (another phone, not the compromised one)
• Take screenshots of the suspicious app’s details page, permissions, and installer info; back the screenshots up to a USB drive or a fresh cloud account the abuser doesn’t know about
• Write down the date you first noticed each sign and any messages or moments that suggested they had your data
• Save Apple ID or Google login-activity logs that show unfamiliar sign-in locations

Then reach out to people who can help:

• National Domestic Violence Hotline: 1-800-799-7233 or text START to 88788
• Safety Net at NNEDV (National Network to End Domestic Violence) runs the Tech Safety Project and trains advocates on stalkerware specifically
• Local police, ideally a domestic-violence specialist unit rather than the general non-emergency line; bring the screenshots
• The FTC at reportfraud.ftc.gov for the stalkerware vendor itself, not just the abuser

The Coalition Against Stalkerware maintains an international directory of victim-support organizations, which is useful if you’re outside the United States.

#How to Lock Things Down Going Forward

After removal, the goal is to make reinstallation hard enough that the attacker gives up.

For the phone itself:

• Set a six-digit or alphanumeric passcode, never 1234, 0000, your birthday, or your address
• Turn on Face ID, Touch ID, or fingerprint unlock and require it for app installs
• Turn off Install unknown apps in Settings > Apps > Special app access on Android
• Never leave the phone unlocked around anyone you don’t fully trust, even briefly
• For iPhone, run Apple’s Safety Check periodically, not just after an incident

For your accounts:

• Use a password manager and a different, long password for every account
• Turn on two-factor authentication on Apple ID, Google, primary email, and any banking or social account
• Review the Devices list on your Apple ID and Google account every month or two
• Change your email recovery address and security questions; the abuser may have set those to themselves
• If you share a cellular plan with the abuser, talk to your carrier about moving to your own line; account-level access can defeat much of the above

For your environment:

• Check connected cars (CarPlay, Android Auto pairings), Wi-Fi routers, smart-home hubs, and shared streaming accounts for unfamiliar devices, since stalkers often plant multiple footholds
• If you live with the abuser, the National Domestic Violence Hotline recommends a safety plan before locking down anything, because sudden tech changes can escalate behaviour

#Bottom Line

Stopping mSpy on your own phone is mostly a process problem, not a technical one. Updating the OS handles most cases in minutes. Removing the configuration profile (iPhone) or the device-admin app (Android) handles most of the rest.

A factory reset plus a fresh setup as new, paired with new Apple ID or Google passwords from a clean computer, covers every remaining edge case including a jailbreak.

The one thing not to skip: if you suspect a specific person, screenshot the evidence before wiping and call the Coalition Against Stalkerware or the U.S. National Domestic Violence Hotline before confronting them. The cleanup is easy. The safety planning is the part you don’t want to do alone.

#Frequently Asked Questions