How to remove spyware from an iPhone or iPad

How to tell if your iPhone has spyware

Concerned about iPhone spyware and want to find out if you’re affected? Before we get into the spyware removal steps, here are the top five things to look out for that may indicate someone is spying on your iOS device:

1. Battery drain

Spyware or stalkerware works by recording specific activity on your iPhone, such as the calls you make, texts you send, or photos you capture. For a spy app to record this information it will be active in the background, which can eat through your battery fairly quickly.

iPhone or iPad batteries will typically degrade over time. However, suppose you see a sudden drop in battery life. This could indicate that something is running in the background, and it’s certainly worth further investigation.

2. Overheating

Spy apps can use many resources while active on your device. As such, they will typically make your device run a little hotter than normal. Of course, there are many other reasons a device may heat up, but it’s an important sign to look out for.

3. High data usage

Have you noticed higher-than-expected data usage on your device? Most spyware will send recorded data to the hacker using your WiFi or 4G/5G connection. So if you use your device a lot and it’s infected with spyware, your data usage could increase significantly.

Fortunately, on the iPhone, it’s easy to see which apps are using your data. You can view the stats under Settings > Mobile Data.

If you find a suspicious app that is using lots of data, you should delete it immediately.

4. Suspicious apps

Most spyware takes the form of a monitoring app. The advanced ones can be made entirely invisible, and you’ll need to run a spyware scan to uncover them. However, others are just like regular apps and can be identified by performing a quick visual audit of installed apps.

Watch out for unknown or suspicious apps hidden in folders. A common tactic used by hackers is to hide spy apps in a ‘Utilities’ folder or other places where their victims may not look.

5. Unknown keyboards

A new type of spyware is emerging that captures everything you type into your keyboard. It takes the form of a custom keyboard on your device, which looks the same as the official Apple one but gives a hacker direct access to your keystrokes.

These so-called ‘keyloggers’ are relatively easy to detect. Just look for any unknown keyboards under Settings > General > Keyboard > Keyboards. By default, there should be two: ‘English (US)’ and ‘Emoji.’

If there are any other keyboards you don’t remember installing, they should be removed.

How does spyware get on an iPhone?

There are a few ways spyware or malware could find its way onto your device. It’s not something that happens by accident, and it almost always means someone has physically tampered with your phone or computer.

In this section, we’ll break down the five main tactics hackers use to spy on iPhones and how they can make it onto the device.

1. Hidden spy apps

This type of spyware has been around for the longest and gives hackers unrestricted access to the victim’s device. It can silently forward text messages, scoop up all of your photos, track your location, and even turn on your microphone remotely.

Fortunately, it is one of the more difficult spyware types for hackers to use since they would first need to jailbreak your device. Usually, this is not possible if you have an up-to-date iOS version. If they did manage to jailbreak the device, then all they would have to do is download a spy app and hide it from view.

2. Keyloggers

We briefly discussed keyloggers above, but this relatively new spyware is becoming increasingly popular with hackers. This is mainly due to how easy it is to install compared to other spying tools.

Keyloggers typically take the form of a custom keyboard. For a hacker to install one of these, they would have to get hold of your device for a few minutes to install the malicious keyboard and set it to default.

3. Tracking apps

The App Store is full of tracking apps like Life360. Unfortunately, while most of these apps are well-intentioned, hackers often misuse them to track their victim’s location.

For your device to be affected by a tracking app, the person responsible would have needed physical access to your device to download it from the App Store.

Pro Tip: Review the apps that have access to your location in the Settings app to see if you have any tracking apps installed.

4. Pegasus

Pegasus was first discovered in 2016 and is certainly on the more advanced end of the spyware spectrum. Developed by the Israeli cyber-arms company, NSO Group, previous versions of Pegasus could infect an iPhone remotely just by sending a malicious link via SMS.

Pegasus has a hefty price tag (suspected millions of dollars), and it’s claimed that the spyware is only available to governments. As such, it’s highly unlikely that most iOS users will ever encounter a targeted attack using Pegasus.

Pro Tip: If you’re worried about Pegasus or other more advanced iOS spyware, turn on Lockdown Mode on your iPhone or iPad. It adds an extra layer of protection against these sorts of attacks.

5. iCloud hacking

This type of hacking is not strictly spyware, since no malware is actually installed on the device during the attack. However, it’s important to cover here, as iCloud hacking could be a way for a hacker to access some information from your device if you sync data with iCloud.

In this attack, the hacker would log into your iCloud account and view or download any data you have synced from your device. However, we’re seeing this attack less and less, mainly due to security improvements made by Apple and two-factor authentication that is now mandatory for Apple IDs. Now hackers need to know your Apple ID password plus another piece of information (for example, a verification code sent to you via SMS), making it a much more complex attack to pull off.

How to remove spyware from an iPhone or iPad

If you’ve uncovered spyware on your device, you’ll probably want to get rid of it immediately. Fortunately, you don’t need a degree in cybersecurity to clean your iPhone from spyware, and in most cases, you’ll be done in a few minutes.

Below we break down seven ways anyone can remove spyware from their iPhone or iPad safely and quickly.

1. Remove spyware with Certo AntiSpy

If you use Certo AntiSpy to check for spyware regularly, the option to remove threats is available directly in the app. Just click the Remove button next to any identified threats.

The app will either remove the malicious software from your device entirely or give you easy-to-follow removal instructions specific to the spyware found.

2. Restart your device

It may sound simple, but restarting your device can often remove spyware.

One of the most intrusive types of spyware relies on your iPhone or iPad being jailbroken to give a hacker remote access. However, if you restart your phone, most jailbreaks will be removed, rendering any installed spyware useless. The hacker would then need to find a way to get hold of your device again to re-run the jailbreak.

3. Do a software (iOS) update

Most spyware relies on out-of-date software, which often contains security vulnerabilities. Therefore, ensuring you are running the latest version of iOS is vital for your device’s security. Keeping updated has two main benefits for protecting against spyware:

Firstly, if there is spyware on your device right now that takes advantage of older security vulnerabilities, then it will be removed as soon as you update to a new iOS version.

Secondly, running the latest version of iOS restricts the options available to a potential hacker, making it much harder to compromise your device.

Pro Tip: Turn on Automatic Updates under Settings > Software Update to ensure you are always running the latest version of iOS.

4. Remove suspicious apps

If you prefer taking a more granular approach to threat removal, manually review all of the apps installed on your device and delete any that look suspicious. Also, remember to check app folders, as hackers often use these to keep their spy apps out of sight.

It’s worth noting that some types of spyware can be hidden from the device’s home screen, meaning they could go unnoticed when performing a visual review of installed apps. Run a scan with Certo AntiSpy to find spy apps designed to be completely invisible.

5. Remove unknown custom keyboards

We talked about these in a little more detail above. However, if you have unrecognized custom keyboards on your device, they could monitor everything you type and should be removed as soon as possible.

To do this, open the Settings app, go to General > Keyboard > Keyboards, and remove any you do not recognize.

Note: By default, there should be two: ‘English (US)’ and ‘Emoji’.

6. Change your Apple ID password

Some hackers will go after your iCloud account instead of targeting your device with spyware. It can be tricky to detect when someone has been accessing your data held on iCloud. But fortunately, it’s straightforward to protect your account from this attack.

Firstly, you’ll want to change the password for your Apple ID as soon as possible. Doing so will lock any hackers out of your account, meaning they’ll need to work out your new password to regain access.

Pro Tip: Ensure two-factor authentication is enabled for your Apple ID. If it’s turned on, your account and data are better protected from unauthorized remote access, even if someone works out your Apple ID password.

7. Perform a factory reset

Although perhaps extreme, wiping all data from your device with a factory reset is a surefire way to clean your iPhone of any spyware. This method erases all data from the device and reinstalls the latest iOS software, returning it to its original factory settings.

Be aware that this is a last resort since it will remove all of your photos, messages, and data as part of the process. You should perform a backup of your device using iTunes, Finder, or iCloud before doing a factory reset to allow all of your data to be restored later.

We recommend restoring your device from a computer. Using the “Erase All Contents and Settings” option in the Settings app may break the device if you have a specific type of spyware. Restoring via a computer is the best way to ensure your device remains operational. To do the factory reset you should:

1. Open iTunes on your PC or Finder on your Mac.
2. Connect your iOS device.
3. Select your device when it appears.
4. In the Summary pane, click Restore iPhone (or Restore iPad).
5. Click Restore again to confirm.
6. The device will then restore to factory settings and restart. This process can take several minutes to complete.
7. When completed, you can restore all of your data from a backup if you created one before the factory reset.

Key takeaways

As phone hacking becomes more and more widespread, it’s essential to take steps to protect your devices from potential security breaches. Luckily there are a few simple ways to remove spyware from your device — or even better, to prevent attacks before they occur.

• Download Certo AntiSpy for iPhone to protect your phone against viruses and spyware.
• Use secure passwords and VPNs to make it harder for hackers to gain access.
• Update your phone regularly and be vigilant for suspicious apps on your device.