First of all, you should check whether your cell phone is rooted, because you can no longer trust a rooted device – even if you have done the root yourself for good reason at some point. On rooted devices, attackers can hide a spy tool so well that you cannot discover it in a few simple steps.
Discover Root
Therefore search your device under “Spy Apps” for tools that are traditionally used for rooting. These include SuperSu, BusyBox or KingRoot. You can also use the RootChecker app to check directly whether your mobile phone is rooted.
With rooted devices, you have two options: Either you reset your smartphone to the factory settings, or you repair the rooted system, which, however, involves a lot of effort. You should consult someone who has experience with rooted systems. The c’t article Android Trojans dissected gives an insight into possible approaches.
Protect Android Phones – Checklist
Disable unknown device administrators
Device administrator apps have a particularly high number of access rights under Android, so you should check these apps. In the settings under “Security & Location / Apps for device management” (Warning: the menus for the device administrators on some smartphones are slightly different) you will normally only see “Find my device” and “Google Pay”, possibly also the Mobile Device Management Your company or a mail app. However, if you find other apps here, this could indicate an infection of your device.
In this case, deactivate these unknown device administrators and uninstall the associated app. Unfortunately, it is not always possible to clearly determine which this is, because an app can name HIRE A HACKER entry in the device administrator list as desired.
Scan the phone with Play Protect
You should also take a closer look at the Android security features. Play Protect checks all apps on the smartphone and also works with older Android versions. The easiest way to find Play Protect is in the app Play Store in the hamburger menu (the three horizontal lines in the top left).
The option “Scan device for security threats” must be activated. The “Improve detection of malicious apps” should also be switched on. Here you should definitely check how long ago it was the last scan from Play Protect: If it was more than a few days ago, this could indicate a spy attack.
Now run a scan of all apps; Internet access must be activated for this. For example, Play Protect recognizes the espionage tools mSpy and FlexiSpy, which can then be completely uninstalled.
Track down spy software from third-party sources
Attackers generally have to manually install the spy tools on your device because Google’s virus scanner would detect them, which is why the apps in the Play Store are by and large free of malware.
