Home / Blog / Malware

Malware

How to tell if an app is spyware before you install it

Learn how to evaluate any app for spyware risk before installing: checking permissions, developer reputation, reviews, data practices and how to scan the installer for hidden threats.

25 May 2026 · 8 min read

The best time to stop spyware is before it ever reaches your device. Once an app is installed and granted permissions, it can begin collecting data immediately. Fortunately, you can assess an app's risk in a couple of minutes using signals that are available before you tap "install". Here is a practical checklist.

Start with the permissions it requests

The single most important question is: what does this app want access to, and does its function justify that? A calculator that requests your contacts, microphone and location is a glaring mismatch. On the Play Store and App Store, you can review an app's declared permissions and data practices before installing. Look especially for requests involving location, microphone, camera, SMS, contacts and — most concerning — accessibility services or device-admin rights, which legitimate consumer apps rarely need.

A mismatch between an app's function and its permissions is the first warning sign.

Investigate the developer

Tap the developer's name. Established, reputable developers usually have a portfolio of apps, a real website, and a contact address. Warning signs include a developer with a single app, a generic free-email contact, no website, or a name that mimics a well-known brand without being it. Spyware is frequently published under throwaway developer accounts that disappear and reappear.

Read the reviews — carefully

Reviews are useful but easily manipulated. Look past the star rating to the substance: do reviewers mention the app doing something unexpected, draining battery, showing ads aggressively, or being hard to uninstall? Be sceptical of a flood of five-star reviews that are short, generic and posted within a narrow time window — a classic sign of fake reviews padding a questionable app.

Check the install count and history

A brand-new app with very few installs is not automatically dangerous, but it carries more unknowns than a widely used one with a long track record. For sensitive categories — security tools, "phone cleaners", keyboards — prefer established options with millions of installs and a long history over an unknown newcomer.

Scrutinise the data-safety section

Both major app stores now require developers to disclose what data they collect and share. Read this section. An app that admits to collecting location, contacts and device identifiers and "sharing with third parties" is telling you, in its own words, that your data is the product. That is not always malware, but it is a privacy cost you should weigh.

App-store data-safety labels reveal collection practices before you install.

Beware apps from outside official stores

The overwhelming majority of stalkerware and mobile spyware is distributed as a sideloaded file — an APK downloaded from a website or sent directly — precisely because official stores would reject it. If you are being urged to enable "unknown sources" and install something from outside the store, treat that as a major red flag. The convenience is rarely worth the risk.

Scan the installer before you run it

If you do have an installer file — whether an APK someone sent you or a desktop program — you do not have to take it on faith. Upload it to the SpyApp scanner, which checks it against detection engines and the community database and tells you whether it matches known spyware families. A clear malicious verdict means do not install; a clean result with a trustworthy source is reassuring.

Watch for these specific spyware tells

  • It wants to hide. Any app offering to remove its own icon or run invisibly is behaving like stalkerware.
  • It requests accessibility access without a disability-related purpose.
  • It asks for device-admin rights for no clear reason — this is how spyware prevents its own removal.
  • It mimics a system app with names like "Android Service" or "System Update" but is not from your device maker or Google.
  • It promises to spy on someone else. "Monitor your partner's messages" apps are stalkerware by design.

Putting it together

No single check is foolproof, but together they form a reliable filter. Before installing anything you are unsure about, ask: do the permissions match the function, is the developer credible, do the reviews raise concerns, and — if you have the file — what does a scan say? Two minutes of due diligence prevents the far larger headache of removing spyware after the fact.

Rule of thumb: if an app wants more access than its purpose requires, wants to hide itself, or comes from outside an official store, do not install it until you have verified it.

Already installed something you now doubt? Our guide on detecting stalkerware walks through confirming and removing it safely.

Check it yourself. Use the free SpyApp scanner to analyse any suspicious file, link, domain or IP — and see what the community already knows about it.

Frequently asked questions

Are apps on official stores always safe?

No, but they are far safer. Stores screen submissions and remove bad actors, while sideloaded apps bypass all of that. Most mobile spyware is distributed outside official stores.

What permission should worry me most?

Accessibility access and device-admin rights. Legitimate consumer apps rarely need them, but stalkerware relies on them to read your screen and prevent removal.

Can I scan an app before installing it?

Yes. If you have the installer file, upload it to the scanner to check it against known spyware before you run it.

Keep reading