Android · Recovery Guide

    How to Remove Android Spyware and Reset Compromised Settings

    A guide to detecting and removing spyware from your Android phone, protecting your personal data and restoring your peace of mind.

    Identify and disable suspicious apps

    First, let's identify any apps that might be acting suspiciously and remove their ability to cause further harm. We'll start with the least intrusive steps.

    1. Check your app list: Go to Settings > Apps > See all apps. Look for any apps you don't recognise or that have unusual names. On Samsung One UI, this might be Settings > Apps, then tap the three dots or 'Menu' to 'Show system apps' to ensure you see everything.
    2. Review app permissions: Tap on any suspicious app and go to Permissions. Revoke any permissions that seem excessive or unnecessary for the app's function, especially access to your microphone, camera, or location.
    3. Disable 'Display over other apps': Some spyware uses this permission to create fake overlays. Go to Settings > Apps > Special app access > Display over other apps. Turn off this permission for any suspicious applications.
    4. Disable 'Install unknown apps': This prevents further unauthorised installations. Go to Settings > Apps > Special app access > Install unknown apps. Ensure this is 'Not allowed' for all apps except those you explicitly trust (e.g., your web browser for downloading files).
    5. Force stop and uninstall: If you've identified a suspicious app, force stop it (from its app info page) and then attempt to uninstall it. If uninstall is greyed out, it might be a device administrator app, which we'll address next.

    If you are unsure about an app, a quick online search of its name can often reveal if it's legitimate or known to be malicious.

    Revoke Device Administrator permissions

    Some malicious apps try to gain 'Device Administrator' privileges to make themselves very difficult to remove. We'll revoke these permissions.

    1. Navigate to Device Admin apps: Go to Settings > Security & privacy > More security settings > Device admin apps. On some Android versions or Samsung One UI, this path might be Settings > Biometrics and security > Other security settings > Device admin apps.
    2. Identify and disable: Look for any suspicious or unfamiliar apps listed here. Untick or toggle off the checkbox next to any app you suspect is spyware.
    3. Deactivate administrator: Confirm the deactivation when prompted. This will remove its ability to prevent uninstallation.
    4. Uninstall the app: Once deactivated, return to Settings > Apps > See all apps (or Apps on Samsung One UI) and uninstall the suspicious application as you would any other app.

    Be very cautious when disabling Device Admin apps for legitimate software, as this can affect their proper functioning. Only disable those you suspect are malicious.

    Run a security scan and update your software

    After manually removing suspicious apps, it's a good idea to perform a deeper check and ensure your phone's security is up to date.

    • Update Google Play System update: Go to Settings > Security & privacy > System & updates > Google Play system update. Ensure it's up to date to get the latest security patches.
    • Perform a Safety Check: On a Pixel or similar stock Android device, go to Settings > Privacy & Security > Safety Check. Run a full scan.
    • Check for Android system updates: Go to Settings > System > System update to ensure your operating system is running the latest version. This often includes critical security fixes.
    • Install a reputable antivirus/anti-malware app: If you don't already have one, consider installing a well-known security app from the Google Play Store (e.g., Bitdefender, Malwarebytes, ESET). Run a full scan.

    Keeping your operating system and security apps updated is one of the most effective ways to protect your device from new threats.

    Consider a factory reset as a last resort

    If all other steps fail and you still suspect your phone is compromised, a factory reset will erase all data and settings, returning your device to its original state.

    1. Back up important data: Before proceeding, back up all your essential photos, contacts, documents, and other files. Use Google Drive, Google Photos, or connect your phone to a computer to transfer files. Remember, spyware itself might be backed up if you do a full system backup; focus on backing up just your data.
    2. Initiate factory data reset: Go to Settings > System > Reset options > Erase all data (factory reset). On Samsung One UI, this is often Settings > General management > Reset > Factory data reset.
    3. Confirm the reset: You'll be prompted to enter your PIN or password. Confirm that you want to erase all data.
    4. Set up your device: Once the reset is complete, your phone will restart as if it were brand new. When setting it up, be very selective about which apps you reinstall and avoid restoring from a full backup that might reintroduce the spyware. Only restore essential data like contacts and photos.

    A factory reset is a drastic measure and will delete everything on your phone. Only use this if you are certain your device remains compromised after trying all other solutions.

    More from Device Security

    No image

    How to Block Scam Calls and Filter Spam SMS on Android

    How to Block Scam Calls and Filter Spam SMS on Android
    No image

    How to Detect Spyware or Stalkerware on an iPhone

    How to Detect Spyware or Stalkerware on an iPhone
    No image

    How to Stop Apps Spying Through Your iPhone Camera and Microphone

    How to Stop Apps Spying Through Your iPhone Camera and Microphone