Is My Phone Being Monitored? Warning Signs and How to Act
Spyware and stalkerware leave subtle traces in how a device behaves. Learn to recognize the signs that your phone may be monitored and what steps to take without alerting the intruder.
Battery, heat, and data that vanish without explanation
Monitoring apps run in the background, recording audio, location, and messages, then sending everything to a remote server. This constant effort drains battery and processing power. If your device suddenly heats up while idle, discharges far faster than usual, or consumes an unusual amount of mobile data, it is worth investigating, especially if the change was abrupt and followed no update or new app.
Compare your current usage against your historical pattern in the system settings, which show which apps consume the most battery and data. Unknown processes at the top of the list, or generic names trying to pose as system services, are relevant clues. No single sign proves infection, but their sum changes the risk level.
Strange behavior of the screen and apps
Screens that light up on their own, a phone that restarts for no reason, apps opening or closing unexpectedly, and sudden sluggishness can indicate intrusive software competing for resources. Noises during calls, echoes, or a slight delay when starting a conversation also deserve attention, though they often have ordinary carrier or network causes.
Watch for permissions you never granted. An app that suddenly has access to the microphone, camera, location, and messages without any functional reason is suspicious. Periodically review granted permissions and the app manager. Stalkerware often hides with invisible icons or names that mimic legitimate manufacturer tools.
How access usually happens
Most stalkerware infections require physical access, even briefly, to the unlocked device. That is why the most common victims are people close to whoever installed the software: ex-partners, family members, or colleagues. In corporate contexts, the vector may be a malicious link, a compromised charger, or a seemingly harmless app downloaded outside official stores.
Passwords that changed without your action, login alerts from unknown devices, and verification codes arriving when you did not request them are signs that credentials have been compromised. In this scenario, monitoring may be happening in the cloud, with no app installed on the phone, which calls for a different investigative approach.
What not to do when you suspect
Do not confront the person you suspect installed the monitoring, and do not immediately change passwords from the compromised device itself. In situations of personal risk, sudden changes can alert the intruder and escalate the danger. Also avoid running a factory reset before an assessment: it erases important evidence that could support a complaint or legal action.
Resist the urge to install dozens of antivirus apps of dubious origin. Many are ineffective against sophisticated stalkerware, and some are themselves vectors for spying. Use a clean, secure device to research and ask for help, keeping the suspect phone away from sensitive conversations while you plan your next steps.
When to seek professional forensic analysis
If the signs persist, if there is a history of harassment, or if the device belongs to an executive with access to sensitive information, a specialized technical analysis is the safest path. TSCM and mobile forensic professionals can identify hidden processes, suspicious communications, and traces of compromise that ordinary tools cannot reach, while preserving the evidence.
SCS Detect has worked for 18 years in electronic sweeps and information protection, serving executives and companies in São Paulo, Rio de Janeiro, and Brasília. If you suspect your phone is being monitored, contact us through a secure channel for a discreet assessment focused on your safety.
You may be under surveillance right now.
Talk to SCS Detect through a secure channel. Confidential service in São Paulo, Rio de Janeiro and Brasília, and across Brazil.
Request a confidential sweep