How to Remove Spyware from an iPhone or iPad

How to Remove Spyware from Your iPhone or iPad

1. Restart your device

It may sound simple, but restarting your device is an excellent first step to remove spyware from an iPhone.

Some of the most intrusive types of spyware rely on jailbreaking your device to give a hacker remote access.

However, all current major iPhone jailbreaks — including palera1n, Dopamine, and NathanLR — are semi-untethered. This means a restart will deactivate the jailbreak and render any jailbreak-dependent spyware inoperable. The attacker would need to regain access to your device to re-run the jailbreak tool before the spyware becomes active again.

This makes restarting a quick and effective first move. Here’s how to do it:

1. Press and hold the side button and the volume up or down button until the power-off slider appears.
2. Slide to power off.
3. Once powered off, hold the side button until you see the Apple logo appear.

2. Update your device’s operating system

Most spyware relies on out-of-date software, which often contains security vulnerabilities. Therefore, ensuring you are running the latest version of iOS is vital for your device’s security.

Keeping updated can protect your iPhone in two ways:

• Firstly, if you already have spyware that’s exploiting a known security vulnerability, the threat will be removed as soon as you update to a new iOS version.
• Secondly, running the latest version of iOS restricts the options available to a potential hacker, which makes it much harder to compromise your device in the first place.

Updating your iPhone to the latest version of iOS is a simple process. Here’s how to do it:

1. Go to Settings.
2. Scroll down and tap General.
3. Tap Software Update.
4. If a software update is available, tap Download and Install.
5. If prompted, enter your passcode.

Fig 1. Performing an iOS update.

3. Remove suspicious apps

If you prefer taking a more granular approach to threat removal, manually review all the apps installed on your device and delete any that look suspicious.

Also, remember to check app folders, as hackers often use these to keep their spy apps out of sight.

It’s worth noting that some malicious apps can be hidden from the device’s home screen altogether, which means they could go unnoticed when performing a visual review of installed apps.

4. Remove unknown custom keyboards

Malicious custom keyboards installed on your iPhone can act as keyloggers that record every keystroke you make, including passwords and personal information. This data can then be transmitted to hackers because they monitor everything you type. Such keyboards should be removed immediately.

Custom keyboards are a more common threat than many people realize. Certo’s own researchers demonstrated how third-party iOS keyboards were being manipulated to silently record keystrokes — read more about this threat here.

To delete unrecognized custom keyboards on your iPhone, follow these steps:

1. Go to Settings > General > Keyboard.
2. Tap Keyboards.
3. Tap Edit.
4. Tap the red minus button next to any keyboard you don’t recognize.
5. Tap Delete.

Fig 2. Removing a custom keyboard on iPhone.

Note: By default, most devices have two keyboards: Your chosen language (e.g. English (US)) and Emoji.

5. Change your Apple Account password

Some hackers will go after your iCloud account instead of targeting your device with spyware. It can be tricky to detect when someone has accessed your iCloud data. Fortunately, it’s straightforward to protect your account from this attack.

Firstly, you’ll want to change the password for your Apple Account as soon as possible. Doing so will lock any hackers out of your account, which means they must work out your new password to regain access.

It’s important to have access to the email account associated with your Apple Account and first check your trusted phone number before you proceed, as these will be used to verify your identity during the password reset process.

Here’s how to change your password on an iPhone and iPad:

1. Go to Settings.
2. Tap your name at the top.
3. Tap Sign-In & Security.
4. Tap Change Password.
5. Enter your current passcode when prompted.
6. Follow the on-screen instructions to update your password.

Fig 3. Changing your Apple Account password on iPhone.

Alternate method (for both iPad and iPhone)

If you can’t access your device, you can reset it via the Apple Account login page:

1. Go to the Apple Account page (appleid.apple.com) in a browser.
2. Sign in to your Apple account.
3. Click Sign-In and Security.
4. Click Password.
5. Enter your current password and set a new password.
6. Check the box labeled Sign out of Apple devices and websites associated with your Apple Account.
7. Click Change Password.

6. Enable Lockdown Mode

Lockdown Mode is an optional, extreme security feature available on iPhones and iPads running iOS 16 or later.

This feature is designed to provide additional protection against sophisticated cyberattacks, particularly from state-sponsored iOS spying software like Pegasus and Predator.

Lockdown mode is designed for people who might be personally targeted by surveillance software via state-sponsored cyberattacks due to their professions or identities.

To enable Lockdown Mode on an iPhone or iPad, follow these steps:

1. Open the Settings app.
2. Tap Privacy & Security.
3. Scroll down and tap Lockdown Mode, then tap Turn On Lockdown Mode.​​

Fig 4. Enabling Lockdown Mode on iPhone.

7. Remove unknown Bluetooth devices

Bluetooth technology is everywhere—we often don’t even realize we’re using it. But Bluetooth is prone to hacking in certain situations and can give hackers access to your phone.

It’s crucial to unpair any unrecognized Bluetooth devices if you suspect your iPhone has been compromised. Here’s why:

• Data access and transfer: Once paired, some Bluetooth devices can access sensitive data on your iPhone or even send data to your device.
• Eavesdropping: Certain Bluetooth-enabled devices, especially headsets or car systems, can be used to listen to your calls and read your text messages.
• Remote control: Some Bluetooth devices can exert control over certain iPhone functions, like taking over your keyboard, calls and audio functions.

To remove unknown or unwanted Bluetooth devices from your iPhone or iPad, follow these steps:

1. Open the Settings app on your device.
2. Navigate to Bluetooth.
3. Here, you will see a list of paired devices. Locate the Bluetooth device you want to remove.
4. Tap the information (i) icon next to the device name you wish to remove.
5. A new screen will open, then tap Forget This Device.
6. A confirmation pop-up will appear; tap Forget Device or Confirm to remove the device from your list of paired Bluetooth devices.

Fig 5. Removing an unknown Bluetooth device on iPhone.

8. Delete unrecognized profiles

Some organizations use configuration profiles to set up devices with specific settings or install bespoke apps.

Hackers, however, can misuse this feature to install malicious apps on your iPhone outside of the official App Store. It’s good to check for any profiles you don’t recognize and delete them immediately.

To uninstall a configuration profile on an iOS device, follow these steps:

1. Open the Settings app on your iOS device’s home screen.
2. Go to General > VPN & Device Management.
3. Under the Profiles section, you’ll see a list of all the configuration profiles installed on your device. Tap on the profile you wish to remove. Please note that profiles won’t be visible until at least one profile is installed.
4. Tap on the Remove Profile button. If your device has a passcode, you’ll be prompted to enter it.
5. A confirmation prompt will appear that asks whether you want to remove the profile. Confirm the removal. Restart your device to apply the changes.

Fig 6. Deleting an unrecognized configuration profile.

9. Perform a factory reset

Even though it’s regarded as an extreme measure, wiping all data from your device with a factory reset is a surefire way to clean your iPhone of any spyware. This method erases all data from the device and reinstalls the latest iOS software, returning it to its original factory settings.

This is a last resort since it will remove all your photos, messages, and data as part of the process. You should therefore make sure you backup all important data first.

We recommend restoring your device from a computer. Using the “Erase All Contents and Settings” option in the Settings app may cause software issues if you have a specific type of spyware. Restoring via a computer is the best way to ensure your device remains operational.

Follow these steps to perform a factory reset:

1. Open iTunes (or Apple Devices) on your PC or Finder on your Mac.
2. Connect your iOS device.
3. Select your device when it appears.
4. In the Summary pane, click Restore iPhone (or Restore iPad).
5. Click Restore again to confirm.
6. The device will then restore to factory settings and restart. This process can take several minutes to complete.

How Does Spyware Get on an iPhone?

Understanding how spyware ends up on a device is just as important as knowing how to remove it. The more you know about how these attacks work, the better placed you are to stop them happening in the first place.

One thing worth knowing upfront: iPhone spyware rarely arrives out of nowhere. In the vast majority of cases, someone has had physical access to the device — even if only for a few minutes.

Below, we break down the five most common ways spyware or malware can find its way onto an iPhone or iPad.

1. Hidden spy apps

This type of spyware has been around the longest and gives an attacker unrestricted access to the victim’s device. It can silently forward text messages, scoop up photos, track location, and even activate the microphone remotely.

To install this kind of spyware, an attacker first needs to jailbreak the target device. This is increasingly difficult to achieve, largely thanks to ongoing security improvements in iOS that have made modern iPhones significantly harder to exploit.

If a jailbreak is successfully applied, the attacker simply downloads a spy app and hides it from view, leaving the victim with no obvious sign anything is wrong.

2. Keyloggers

A keylogger records every keystroke made on a device and silently transmits that data to whoever installed it: passwords, messages, search terms, and more.

On iPhone, keyloggers typically take the form of a malicious custom keyboard. What makes them particularly dangerous is how little time an attacker needs. A few minutes with an unlocked device is enough to install a malicious keyboard and set it as the default, with the victim none the wiser.

3. Tracking apps

The App Store contains many legitimate location-sharing apps designed for families to keep tabs on one another. In the right context, they serve a genuine purpose. In the wrong hands, they become a stalking tool.

Because these apps look and behave like normal software, they can be easy to miss. An abusive partner or someone else with brief access to an unlocked device can download one, grant it location permissions, and leave no obvious trace.

4. Pegasus

Pegasus is one of the most sophisticated pieces of spyware ever discovered. Developed by Israeli cyber-intelligence firm NSO Group, it can silently compromise an iPhone without the victim clicking a single link — exploiting vulnerabilities deep within iOS to gain complete access to messages, calls, photos, and the device’s microphone and camera.

It carries an eye-watering price tag and NSO Group claims it is sold exclusively to government agencies for legitimate law enforcement purposes. In practice, it has been linked to the surveillance of journalists, activists, and political figures around the world.

For the average iPhone user, a Pegasus attack is unlikely. But for anyone who may be a target due to their profession or public profile, it is a very real threat — and one that Apple takes seriously enough to have built Lockdown Mode specifically to counter it.

5. iCloud spyware attacks

Not all spyware requires physical access to a device. A growing number of commercial surveillance tools market themselves as “no-jailbreak” spyware solutions, and they work by exploiting iCloud rather than the iPhone itself.

Rather than installing anything on the target device, these tools extract synced data directly from iCloud: messages, photos, call history, location, and more. Some present this stolen data in a clean, easy-to-read dashboard, making them accessible even to attackers with no technical knowledge.

Getting in still requires clearing Apple’s security measures, including two-factor authentication. In practice, this often means the attacker needs temporary access to a trusted device or phone number — something that makes this threat most relevant in situations where the attacker is known to the victim.

Keeping your Apple Account password strong and unique, and making sure no unrecognized devices are listed under your trusted devices, are the most effective defenses here.

How to Protect Your iPhone from Spyware

Nowadays, our phones and tablets hold a wealth of personal and work-related information. Keeping these devices safe is very important.

Here are four easy steps to improve the security of your iPhone or iPad, making it significantly harder for cybercriminals to gain unauthorized access.

Physically secure your iPhone and iPad

Restricting physical access is the first line of defense. Never leave your devices unattended in public places.

Also, use a strong passcode to lock your devices. A complex passcode contains digits, letters, and symbols, which make it difficult for prying eyes to guess.

Another way to protect your iPhone is to enable biometric identification, like Face ID or Touch ID, for an added layer of security.

Enable automatic updates

Enabling automatic updates on your iPhone or iPad is crucial for security because updates frequently contain patches for vulnerabilities that could be used to compromise your device.

Cybercriminals exploit these vulnerabilities to gain unauthorized access to devices and personal information.

Automatic updates ensure that your device receives these critical fixes as soon as they are available, thereby minimizing the window of opportunity for attackers to compromise your phone’s security.

To enable auto-updates, go to Settings > General > Software Update and make sure Automatic Updates is set to On.

Regularly scan for spyware

Regularly scanning your phone for spyware is vital for maintaining security because it helps in the early detection and removal of malicious software that could be hiding in your device.

This is exactly what Certo AntiSpy was built for. It works differently to standard security apps you would find on the App Store, which are limited by iOS sandboxing to only checking what Apple allows them to see.

To scan, you connect your device to a computer via USB. This computer-assisted connection allows Certo to scan at a much deeper level than a phone-only app can achieve, uncovering threats that would otherwise go completely undetected.

By conducting regular scans, you ensure that any potential threats are identified and eradicated promptly, keeping your sensitive information and the integrity of your device safeguarded.

Here’s how to perform a deep spyware scan with Certo:

1. Download Certo AntiSpy.
2. Connect your iPhone to your computer.
3. Click Scan.
4. Click Remove next to any threats to restore your privacy.

Fig 7. Removing spyware from an iPhone using Certo AntiSpy.

Turn on Advanced Data Protection

Even if someone gets hold of your Apple Account and password, Advanced Data Protection can stop them from accessing your iCloud data.

Introduced in iOS 16, this feature enables end-to-end encryption for almost everything stored in your iCloud account — including device backups, messages, photos, and notes. That means even Apple itself can’t read your data, and neither can any hacker who manages to break into your account.

This is especially important because some spyware tools don’t need to touch your device at all — they work by logging into your iCloud account remotely and pulling data that’s been synced from your phone. Enabling Advanced Data Protection shuts that door completely.

Before turning it on, ensure that:

• Two-factor authentication is enabled on your Apple Account.
• All devices linked to your iCloud account are running iOS 16 or later.
• You have a recovery contact or recovery key set up (in case you ever lose access to your account).

Once that’s in place, here’s how to turn it on:

1. Open the Settings app.
2. Tap your name at the top.
3. Tap iCloud.
4. Scroll down and tap Advanced Data Protection.
5. Tap Turn On Advanced Data Protection and follow the on-screen steps.

Fig 8. Enabling Advanced Data Protection on iPhone.

Key Takeaways

Finding spyware on your iPhone can be alarming, but it’s a problem with a solution. Whether a restart and an iOS update does the job or you need to go as far as a factory reset, there is always a path to a clean device.

Once you’re confident your iPhone is clear, it’s worth taking a few minutes to address how the spyware got there in the first place, so it doesn’t happen again.