A friend of mine — smart, skeptical, not the type to click random links — noticed her phone battery dying by noon every day. She figured it was old hardware. Then she noticed her mobile data bill had jumped $40 in a month without any change in her habits. She ignored it. Two months later, her ex-partner confronted her with screenshots of private conversations she'd had with her therapist.
The spyware had been on her phone for nearly three months.
This isn't a rare story. It's not a story about naïve people falling for obvious traps. It's about how spyware hides in plain sight behind symptoms we all rationalize away — and how most of us hand it the perfect cover by assuming our phone is just "getting old."
The Battery Lie
Battery drain is the sign almost everyone ignores, and the reason is obvious: phones genuinely do get slower and thirstier over time. But there's a meaningful difference between gradual decline and a sudden shift.
If your phone was lasting a full day six months ago and now needs charging by 2pm without any change in how you use it, that gap deserves scrutiny. Spyware runs continuously in the background — tracking location, capturing keystrokes, uploading data — and all of that costs power.
The specific test: charge your phone to 100%, put it in airplane mode for four hours without touching it, then check the drain. Normal standby loss is roughly 1-3%. If you're losing 10-15% in airplane mode, something is consuming resources it shouldn't be.
Your Data Bill Is a Better Detective Than You Are
When spyware is installed on a smartphone, it has to upload the information it collects to the attacker's server — and that requires a lot of data. Microsoft This makes your monthly data usage one of the clearest objective signals available to you.
Go to Settings → Mobile Data (iPhone) or Settings → Network & Internet → Data Usage (Android). Look at which apps consumed data over the past 30 days. If you see an app you don't recognize burning through data, or a familiar app consuming wildly more than usual, that's worth investigating — not dismissing.
The counterintuitive part: spyware that's well-designed will throttle its uploads to avoid detection, sending data only when you're on Wi-Fi. So elevated cellular data is a sign of cheaper, sloppier spyware. The sophisticated stuff won't show up here at all.
The Signs Everyone Talks About (And Why They're Unreliable)
You've probably seen lists like this before: "phone gets hot," "apps take longer to load," "screen turns on randomly." These aren't wrong, but they're weak signals on their own.
Phones get hot because you're in direct sunlight. Apps slow down because of a bad update. Screens turn on for notifications. The problem with relying on these physical symptoms is that they produce too many false positives, which means you'll either panic constantly or stop paying attention entirely.
What actually matters is combinations and sudden changes. One of these symptoms appearing gradually over a year is probably just hardware aging. Two or three of them appearing within the same week, without any other explanation, is a different story.
Check Who Has Permission to Use Your Camera and Microphone
This is the most underused five-minute check that most people never do.
On iPhone: Settings → Privacy & Security → Microphone (or Camera). You'll see every app that has ever requested access, and whether it's allowed. An app called "Flashlight" or "Weather" having microphone access is a red flag.
On Android: Settings → Privacy → Permission Manager. Same idea. Spyware often requests permissions for sensitive data like location, camera, and microphone to monitor your activity. CyberGhost If an app you don't remember installing has those permissions, revoke them immediately and search the app name online before deciding whether to delete it.
The Counterintuitive Sign That Most Articles Skip
Here's the one that surprises people: sometimes the phone behaves better than expected in certain contexts.
Stalkerware — the type of spyware most often installed by someone you know, like a partner or family member — is frequently installed manually, directly on the device. The person who installed it often knows your usage habits. They may have set the spyware to pause or reduce activity during hours when you'd be watching closely.
According to Norton, spyware attacks increased by 166% in the last few months of 2024 Norton — and a significant portion of those cases involve someone in the victim's personal life, not a random cybercriminal. If your phone acts oddly specifically when you're away from home or connected to unfamiliar networks, but runs fine at your desk in front of your partner, that pattern itself is worth noticing.
The mundane version of this insight: the absence of obvious symptoms doesn't mean the absence of spyware.
What to Actually Do Right Now
Don't wait until you're certain. If two or more of these things are true — unexplained data spikes, unfamiliar apps with camera/mic permissions, sudden battery changes — treat it as a fire drill.
Start here:
- Audit your apps. On both iPhone and Android, go through every installed app. Delete anything you don't recognize. If an app has a generic name like "System Service" or "Phone Manager" and you didn't install it, that's suspicious.
- Reboot in Safe Mode (Android only). Hold the power button, long-press "Power Off" until you see the Safe Mode prompt. In Safe Mode, third-party apps are disabled. If your phone suddenly runs normally, a third-party app was causing the problem.
- Change your passwords from a different device. If you suspect spyware, don't change passwords on the infected phone — a keylogger will capture them before they're even sent.
- Update your OS immediately. New Android OS versions introduce patches that address security vulnerabilities, which can remove active spyware infections or prevent future ones. Avast The same applies to iOS. Running outdated software is the single most common reason spyware gains a foothold.
- Nuclear option: factory reset. If you have strong reason to believe your phone is compromised, back up your photos and contacts to a computer (not the cloud — the cloud may sync the compromise), then factory reset the device. Restore only contacts and photos, not apps.
The Honest Caveat
Here's what won't sit well: the most sophisticated spyware — tools like NSO Group's Pegasus, which has been used against journalists and activists — leaves almost no detectable trace for an ordinary user. It can install through a missed call on WhatsApp or a text you never opened. There's no app in your list, no permission to revoke, no obvious data spike.
For most people, in most situations, the signs above are enough to catch the kinds of spyware that get deployed by jealous partners, cheap scammers, or careless criminals. But if you're in a situation where a powerful, well-resourced adversary might be targeting you specifically, consumer-level detection methods won't be sufficient. In those cases, organizations like Access Now's Digital Security Helpline offer free support.
For everyone else: the boring habits matter most. Lock your screen. Update your software. Don't install apps outside official stores. The spyware that gets most people isn't sophisticated — it's just patient.
Sources:
- Norton
- Microsoft 365 Life Hacks
- Avast
- CyberGhost