How Legitimate Apps Could Be Used to Spy on You

Most people assume that if someone is spying on their phone, there must be some hidden malicious software involved. But the truth is, you don’t always need spyware to track someone’s location, monitor their messages, or keep tabs on their daily life.

Some of the most popular apps on your phone — ones you use every day — have built-in features that can be quietly turned against you. All it usually takes is a few minutes of unsupervised access to your device.

Here’s what to look out for, and how to check each one.

Apple iCloud

Your iCloud account doesn’t just back up your photos. Depending on your settings, it can sync your messages, contacts, location, calendar, and more. If someone has your Apple ID and password, they can access much of this data without ever touching your phone.

No app needs to be installed on your phone for this to work — an attacker simply signs in from their own device.

A compromised iCloud account can also expose your real-time location through Find My, and give someone access to iMessages and notes synced to the cloud.

How to check which devices are signed into your Apple ID:

1. Open Settings and tap your name at the top.
2. Scroll down to see a list of all devices signed into your Apple ID.
3. Tap any device you don’t recognize and select Remove from Account.

Fig 4. Checking devices signed into an Apple ID.

If you’re unsure whether your account has been compromised, change your Apple ID password and make sure two-factor authentication is enabled. You can do both at appleid.apple.com.

Google Chrome

If someone changes the Google account your Chrome browser is logged into, they gain access to your full browsing history, saved passwords, and autofill data — all synced to an account they control.

It’s a surprisingly low-effort move, and easy to miss if you’re not specifically looking for it.

How to check:

1. Open Chrome and tap the three dots in the top right.
2. Tap Settings.
3. Check the Google account shown at the top. If it doesn’t look right, tap on it and sign out, then sign back in with your own account.

Fig 5. Checking the logged in account on Google.

If there was a suspicious account logged in, change the passwords for any accounts that may have been visible in Chrome’s saved passwords.

App Permissions: The Bigger Picture

Beyond these specific apps, it’s worth doing a broader check on which apps have access to your location, microphone, and camera. These permissions are sometimes granted without much thought during initial setup — and they can quietly continue running in the background long after.

On iPhone:

1. Go to Settings > Privacy & Security.
2. Tap Location Services, Microphone, or Camera.
3. Review each list and revoke access for any app where it doesn’t make sense.

Fig 6. Checking Location Services on iOS

On Android:

1. Go to Settings > Security and Privacy > More privacy settings > Permission Manager.
2. Tap through Location, Microphone, and Camera to see which apps have access.
3. Tap any app and change its permission to Deny or Only while using the app.

Fig 7. Checking location permissions on Android

How to Stay Protected

Keeping these features in check is less about paranoia and more about good habits. A quick review of the settings above takes five minutes and gives you a clear picture of what’s being shared and with whom.

A few other things that help:

• Use a strong, unique passcode. Most of the methods above require brief physical access to your phone. A device that’s harder to unlock buys you protection.
• Enable two-factor authentication on your Apple ID and Google account so that even if someone has your password, they can’t sign in without your second device.
• Keep your OS updated. The latest operating systems include improved privacy notifications that make it harder for unauthorized access to go unnoticed.

Wrapping Up

You don’t have to be the target of a sophisticated attack to have your privacy compromised. Sometimes it’s a familiar app, quietly doing something you didn’t authorize.

The good news is that all of the features described here are reversible. A few minutes in the right settings menus can close a door that may have been open for longer than you’d like.

If you want to go a step further and check your device for spyware or hidden tracking apps as well, Certo’s free apps for iPhone and Android are a good place to start.

If you’re concerned that someone close to you is monitoring your phone and your situation feels unsafe, the Coalition Against Stalkerware has resources and support for exactly that.

Frequently Asked Questions

Is it illegal for someone to monitor me through these apps without my permission?

In most U.S. states, accessing someone’s accounts or tracking their location without consent is illegal, regardless of whether dedicated spyware is involved. Exploiting shared features like Find My or iCloud to monitor a partner or ex without their knowledge can fall under cyberstalking or computer fraud laws.

I’ve found something suspicious — what should I do next?

Revoke the access you’ve found and change the passwords for any accounts that may have been exposed. If you share accounts with the person you suspect, separating those accounts should be a priority. Avoid confronting someone if you feel it could put you at risk. The Coalition Against Stalkerware has practical guidance for people in that situation.

Can this happen if I’ve never let anyone use my phone?

Not through the methods in this article — all of them require brief physical access to your device, or knowledge of your account credentials. If you’ve kept your phone to yourself and use a strong, unique password for your Apple ID and Google account, your exposure to these particular risks is low.