How to Detect Spyware on an iPhone
By Simon Lewis
Updated:
For many iPhone users, the thought that someone might be monitoring their device isn’t paranoia, it’s a genuine concern worth taking seriously.
We’ve been detecting spyware since 2015, when we built the world’s first iPhone spyware detection tool — and after over 1 million device scans, we’ve learned exactly what to look for.
That experience has taught us one thing: no iPhone is untouchable. In late 2025, several zero-day vulnerabilities were confirmed as actively exploited in the wild — where simply visiting a malicious webpage was enough to compromise a device. We covered what that means for everyday users here.
And zero-days are just one piece of the puzzle. Spyware installed by someone with physical access to your phone, misused legitimate apps, and rogue configuration profiles don’t rely on software flaws at all — and can sit on a device for months undetected.
If you’re worried your iPhone may be compromised, this guide walks you through exactly what to look for, and what to do about it.
How to Detect Spyware on iPhones
Despite their stellar reputation for having robust security features, iPhones aren’t immune to spyware. Wondering whether you might have a spyware app installed? Here are the 6 best ways to tell:
1. Check for unknown or suspicious apps
We’ve all been there—sifting through our devices, stumbling across unknown apps and thinking, “When did I download these?” Most of the time, a forgotten app is just that. But sometimes, the reason you’re finding unknown apps can be more sinister.
When unknown apps surface on your iPhone, it’s not always a case of forgetfulness. Some spyware disguises itself as legitimate-looking apps that sneak past our defenses.
To detect suspicious or unfamiliar apps on an iPhone, you can follow these steps:
Check App Library
Swipe to the App Library (last page on your Home Screen) to see all installed apps. Look for apps you don’t recognize or remember installing.
Don’t forget to check the Hidden Apps folder. Hackers may place malicious apps there to avoid detection.
Review storage usage
Go to Settings > General > iPhone Storage. This section lists apps and their storage usage.
Look for unfamiliar apps, especially those with vague names or icons, which may signal hidden or potentially unwanted apps.
What should you search for to find hidden spy apps?
Search for jailbreak-related apps like Cydia, Sileo, or Checkra1n. Even if your iPhone isn’t jailbroken, these apps might be present if someone else has tampered with it.
Also, look out for apps with generic names like SystemCore, SystemUpdate, or Phone Monitor—these may hint at spyware.
Lastly, if you’re unsure about an app, tap on it for more details. Check if it appears in the Apple App Store and read user reviews to verify its legitimacy. It’s also worth mentioning that you should never download apps outside Apple’s official app store.
Fig 1. Reviewing storage usage by app on iPhone.
Inspect app permissions
Go to Settings > Privacy & Security and review app permissions, such as Location, Camera, Microphone, etc. This can help you spot apps accessing data they shouldn’t.
If you find a suspicious app, locate it in your App Library and long-press on the app icon until a menu appears. Tap Remove App and then Delete App to uninstall it.
Fig 2. Reviewing apps with access to location on iPhone.
2. Check for suspicious profiles
Some spyware uses Apple’s legitimate Device Management system to install itself without going through the App Store. Attackers can trick users into approving a “configuration profile” that gives them sweeping access to the device.
These profiles can grant control over settings, apps, and even network traffic — and most users would never know they’re there.
To check for unauthorized profiles:
- Open Settings > General.
- Scroll down and tap VPN & Device Management.
- If you see any profiles installed that you didn’t knowingly authorize — especially from organizations you don’t recognize — tap the profile and select Remove Profile.
Fig 3. Removing a suspicious configuration profile
3. Monitor your data usage
Data usage naturally ebbs and flows based on our online activities, but when you observe a sudden surge, there might be more at play than just excessive video streaming.
Spyware often collects data from your device and secretly transmits it to an external server. This under-the-radar operation can cause a spike in your data consumption.
Track your mobile data usage over a few days or weeks to understand how much you typically use over a given period. If you notice a strange spike in usage, this may be a sign that your device has spyware installed.
Here’s how to check your data usage:
- Go to Settings on your iPhone
- Tap Cellular (or Mobile Service for some carriers).
- Here you’ll see an overview of “Current Period” data usage and, if applicable, “Current Period Roaming” data usage.
- Tap Show All to see a list of apps and the amount of cellular data each one used in the current period. Identify any unusually high data consumption for apps you rarely or never use.
Fig 4. Viewing data usage by app on iPhone.
4. Keep an eye on your battery usage
While factors like age, battery health, and heavy app usage can contribute to battery depletion, an unexpected battery drain can point toward spyware programs working overtime in the background.
Because spyware is always running in the background to keep track of your activities, it can use up your battery life at an abnormal rate. If you’ve ruled out other factors draining your battery, it’s time to investigate what might be happening behind the scenes.
Here’s how to check battery usage:
- Go to Settings > Battery to view detailed battery usage by app.
- Scroll down to see apps that have used the most battery in the past 24 hours or the last 10 days.
- Check for unusual apps consuming battery in the background, especially those with high background activity you didn’t expect.
Fig 5. Viewing battery usage by app on iPhone.
5. Run a spyware scan
Often the easiest way to detect and remove spyware is to use a dedicated anti-spyware tool like Certo AntiSpy. This type of software can find many threats and help remove them in just a few clicks.
Unlike other iPhone security apps, which are limited by Apple’s sandboxing rules, Certo AntiSpy uses a different approach. You install Certo AntiSpy on your Mac or PC, then connect your iPhone via USB. The software runs entirely from your computer, allowing it to analyze your device at a much deeper level than any App Store app can achieve, reaching threats that a phone-only tool simply cannot see.
In our 2024 scan data covering nearly 700,000 device scans, Certo detected medium or high security threats on 6.26% of devices. Here’s why it’s the most trusted tool for the job:
- Detects hidden spy apps, keyloggers, rogue profiles, and more.
- Flags jailbreaks, suspicious apps, and security misconfigurations.
- Award-winning — recognized by the Cyber Security Excellence Awards, Globee Cybersecurity Awards, and Global Infosec Awards.
Video: How to scan your iPhone for spyware
Check out this related video ⬇️
6. Check for suspicious custom keyboards
Most people never change their iPhone’s default keyboard — which is exactly what makes a malicious custom keyboard so effective as a surveillance tool. If someone has installed a keylogger on your device, it will almost always take the form of an additional keyboard app that secretly records everything you type.
Certo’s security researchers investigated this attack method in detail, revealing how cybercriminals were using custom keyboards to capture victims’ passwords, messages, and two-factor authentication codes in real time, without any visible signs on the device.
To check whether a suspicious keyboard has been installed:
- Open Settings and tap General.
- Tap Keyboard, then tap Keyboards.
- Review the list of installed keyboards. You should only see Apple’s default keyboard and any that you knowingly added.
- If you spot an unfamiliar keyboard, tap Edit, then the red minus icon to remove it.
Pay particular attention to any keyboard that has “Allow Full Access” enabled — this permission allows a keyboard to transmit data over the internet, which is required for keylogging to work.
Fig 6. Checking for a malicious custom keyboard on iOS
If you're worried about a partner or someone close to you
If you suspect that someone in your personal life — a partner, ex-partner, or family member — may have installed spyware on your phone, you’re not alone. Spyware is frequently used as a tool of domestic abuse and coercive control, and it can be deeply unsettling to discover.
Certo is a proud member of the Coalition Against Stalkerware, an organization dedicated to protecting victims of technology-facilitated abuse. If you’re in this situation and need support, visit our resources page for organizations that can help — whether you need safety advice, legal guidance, or someone to talk to.
How to Protect Your iPhone Against Spyware
Detecting spyware on your iPhone is a vital first step, but true security goes beyond detection — it’s about prevention. By actively protecting your device from threats, you can stay one step ahead of hackers.
Here are 8 simple ways to protect your iPhone from spyware and safeguard your most sensitive data from cybercriminals.
Update your iOS to the latest version
If your device’s operating system is outdated, you could be vulnerable to spyware attacks. System updates often include security patches that fix exploits used by spyware. Here’s how to check whether a software update for iOS is available on your device:
- Go to Settings > General.
- Tap on Software Update. Your device will check for updates
- If an update is available, tap Update Now.
Fig 7. Updating the iOS version on iPhone.
Update your apps
Just like you should ensure your iOS is up-to-date, keeping all your installed apps current is equally essential. Developers regularly release security patches, so staying updated is one of your primary defenses against potential vulnerabilities.
To update your apps:
- Open the App Store.
- Tap your profile icon in the top right.
- Scroll down and tap Update All if any updates are available.
Use a strong passcode
Most iPhone spyware requires the hacker to physically access your device to install it. Therefore, a strong unlock passcode that’s difficult to guess can be one of the best ways to protect against a spyware attack.
Use a combination of uppercase and lowercase letters, numbers, and special symbols, and don’t base your passcode on easily guessed information, like your birthday.
Use two-factor authentication
Some iPhone spyware works by accessing your iCloud account and stealing data synced from your phone, such as photos and messages. Therefore, using two-factor authentication with your Apple Account is another important way to protect your iPhone from hackers.
Two-factor authentication (2FA) is a security feature that enhances the safety of your accounts beyond just a password. Even if cybercriminals decipher your password, 2FA prevents them from breaking into your account.
To access your account with 2FA, you’ll need to provide two forms of authentication. This typically combines something you know (such as your password) with something you receive and input (for instance, a code produced by an application or a single-use password delivered through SMS or email).
Don’t open suspicious links
Clicking on suspicious links or attachments can give surveillance software, spyware, and malware direct access to your device.
Don’t click on links in emails or texts from contacts you don’t recognize; be careful about clicking on unknown links while browsing the internet.
Run regular anti-spyware scans
If your iPhone is infected with spyware, your messages, calls, photos, and other private information could be exposed.
Regularly scan your device for spyware and malicious software. Not sure how to do this? Certo AntiSpy makes detecting and removing spyware easier than ever and protects your phone.
Enable Lockdown mode
Lockdown mode is an optional, extreme protection measure that can be turned on to help combat targeted and sophisticated cyberattacks, such as Pegasus.
When enabled, your device will function differently. Some apps, websites, and features will be limited, and some experiences will be completely unavailable.
While this doesn’t protect against all hacking methods, it can help against certain types of advanced spyware.
Lockdown mode can be enabled as follows:
- Open the Settings app.
- Tap Privacy & Security.
- Under Security, tap Lockdown Mode and tap Turn On Lockdown Mode.
- Tap Turn On Lockdown Mode.
- Tap Turn On & Restart, then enter your device passcode.
Fig 8. Enabling Lockdown Mode on iPhone.
Reset iPhone
If you’re concerned about spyware and other methods haven’t worked, you can factory reset your iPhone as a last resort to remove any hidden or malicious software. Just make sure you have a backup of important data before proceeding.
Here’s how:
- Go to Settings > General > Transfer or Reset iPhone.
- Tap Erase All Content and Settings.
- If prompted, enter your passcode and confirm the reset. You may need to enter your Apple Account password to turn off Find My iPhone.
- The iPhone will reset and restart, erasing all data and returning it to factory settings.
Types of iPhone Spyware
Hidden spy apps
Hidden spy apps are the most commonly used type of iPhone spyware.
They are designed to remain hidden on your iPhone and give hackers access to huge chunks of personal data, including instant messages, emails, real-time location, photos, and more.
This type of spyware program requires the hacker to have physical access to the victim’s device for a few minutes to install it.
Once installed, the hacker can then remotely monitor all activity on the infected device. Sometimes, they may even turn on the microphone and camera to listen and watch remotely.
iCloud attack
Hackers can also use iCloud spyware attacks to steal data from iPhones by targeting information stored in iCloud rather than the physical device.
This type of attack doesn’t require direct access to the iPhone, but does require the hacker to have the victim’s Apple Account login details. And because it is carried out via the internet, it can be very difficult to detect.
To protect against this, enable two-factor authentication on your Apple Account. This adds an extra layer of security, requiring both your password and a six-digit code to be sent to a trusted device, which makes unauthorized access much harder.
Keyloggers
Keyloggers are a particularly invasive form of spyware designed to silently record everything you type on your device — passwords, messages, search queries, bank details, and more.
Unlike other spyware that targets data already stored on your phone, keyloggers capture information in real time, at the moment you enter it, making them especially difficult to defend against.
On iPhone, keyloggers are most commonly delivered through malicious third-party keyboard apps. iOS allows users to install custom keyboards to replace the default one, and while most are legitimate, this feature has been exploited by hackers.
Once a malicious keyboard is installed and granted “Full Access” — a permission that allows the keyboard to transmit data over the internet — everything you type can be secretly sent to a remote server.
Certo’s security researchers have demonstrated how this attack works in practice, showing how third-party custom keyboards were being manipulated by cybercriminals to secretly record victims’ keystrokes.
Malicious configuration profiles
Configuration profiles are used by companies and schools to manage settings on employees’ or students’ devices — things like email accounts, VPN settings, and network access. But in the wrong hands, they’re a powerful attack tool.
A malicious profile can grant an attacker sweeping control over a device: redirecting internet traffic, installing untrusted apps, or silently monitoring activity. Unlike spyware apps, profiles don’t need to hide — they sit in plain sight within Settings, disguised as something routine.
Victims often approve them without realizing what they’re granting access to, having been tricked into thinking it’s a legitimate software requirement.
This method is particularly effective because it exploits a trusted iOS feature rather than a vulnerability, meaning it works on fully up-to-date, non-jailbroken devices.
If you don’t recognize a profile installed on your device, it should be treated as suspicious until proven otherwise. See step 2 above for instructions on how to check.
Misusing legitimate apps
Pre-installed apps such as ‘Find My iPhone’ and ‘Google Maps’ can be misused by hackers to track the victim’s location. This requires the hacker to gain access to the victim’s device to set up the tracking.
Another example is WhatsApp’s Linked Devices feature. Certo’s research found that this legitimate feature is being exploited by hackers to gain ongoing access to all of a victim’s WhatsApp messages — simply by scanning a QR code on their phone.
A hacker can also change the logged-in account on the device’s web browser to collect browsing data history and account login details.
As no malicious apps or code are installed, these types of attack can go unnoticed for months or even years, during which time the hacker has gained a wealth of information.
Zero-day exploits
Zero-day exploits are rare but can be devastating. Hackers use these attacks to exploit previously unknown operating system or app weaknesses, often without the device owner’s knowledge.
For instance, the Pegasus spyware uses zero-day exploits to infect iPhones and Android devices, enabling remote access to messages, cameras, and more without the victim’s awareness.
Once a weakness is exposed, hackers act quickly to exploit it. Millions of users can be affected when zero-day attacks target popular devices or apps. In some cases, advanced zero-day exploits, like those used in Pegasus, can infect a device remotely without physical access to the victim’s device.
Frequently Asked Questions (FAQs)
How does spyware get installed onto my iPhone?
Even though the iOS ecosystem is renowned for its security measures, spyware installation on an iPhone can occur through various means. Here are some common ways spyware can find its way onto your device:
- Jailbroken devices that have an outdated or compromised operating system
- Phishing attacks via malicious email, text messages, or social media
- Insecure public Wi-Fi networks
- Malicious apps that install spyware on an iPhone
- Physical access if someone knows your passcode
What are the risks of having spyware installed on my iPhone?
Given the amount of sensitive personal information stored on your iPhone, spyware can be a significant threat. Here are the primary risks associated with spyware on your iPhone:
- Personal data theft
- Financial loss
- Compromised privacy
- Location tracking
How do I protect myself from spyware?
Protecting yourself from spyware requires a combination of best practices, software solutions, and vigilance. Here’s how to shield yourself from cyber threats:
- Run regular system scans with an antivirus app like Certo AntiSpy
- Ensure your iOS runs on the latest version
- Don’t install apps from third-party app stores
- Don’t jailbreak your iPhone.
- Use a strong unlock passcode that only you know
By Simon Lewis
Simon is the co-founder of Certo and a hands-on cybersecurity expert with over 15 years of experience. Holding an honours degree in Computer Forensics, he personally built Certo's first apps and previously consulted for companies and law firms on hacking incidents, fraud, and intellectual property theft. He now channels that expertise into making cybersecurity tools and knowledge accessible to everyone.