{"id":1015,"date":"2026-06-26T14:14:00","date_gmt":"2026-06-26T14:14:00","guid":{"rendered":"https:\/\/spyapp.net\/blog\/?p=1015"},"modified":"2026-06-28T02:44:20","modified_gmt":"2026-06-28T02:44:20","slug":"what-spyware-can-see","status":"publish","type":"post","link":"https:\/\/spyapp.net\/blog\/what-spyware-can-see\/","title":{"rendered":"What Spyware Can Actually See: Messages, Calls, Camera and More"},"content":{"rendered":"<p>Spyware marketing and spyware fear share a habit: vagueness. Vendors promise to show &#8220;everything&#8221;; victims imagine an all-seeing eye. The reality is more mechanical and far more useful to understand: <strong>every spyware capability maps to a specific Android permission or access grant.<\/strong> Spyware can only see what the access it obtained allows \u2014 no more, no less. Map the capabilities to their permissions and two things happen: the magic evaporates, and you know exactly which settings screens reveal what any given app could have taken.<\/p>\n<p>Here&#8217;s that map, capability by capability.<\/p>\n<h2>Location: the easiest take<\/h2>\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" src=\"https:\/\/spyapp.net\/blog\/wp-content\/uploads\/spyapp-blog\/17-what-spyware-can-see-inline-1.png\" alt=\"Overview of data spyware can access on a phone: location, text messages and codes, chat apps, microphone and camera, and stored files and contacts.\" \/><\/figure>\n<p><strong>Powered by:<\/strong> Location permission \u2014 especially &#8220;Allow all the time&#8221; (background location).<\/p>\n<p>With it, spyware reports your position continuously: live tracking, history, patterns of life \u2014 home, work, routines, deviations from them. GPS polling is also power-hungry, which is why tracking-heavy infections show up in <a href=\"\/blog\/blog\/battery-drains-fast-spyware-or-normal\/\">battery diagnostics<\/a>.<\/p>\n<p><strong>Audit:<\/strong> Settings \u2192 Location \u2192 App location permissions, with special attention to the &#8220;all the time&#8221; group.<\/p>\n<h2>Text messages: the keys to your accounts<\/h2>\n<p><strong>Powered by:<\/strong> SMS permissions (read \/ receive \/ send).<\/p>\n<p>Reading your SMS means reading your two-factor authentication codes \u2014 which converts phone surveillance into account takeover. <em>Receive<\/em> access intercepts messages as they arrive, silently; <em>send<\/em> access enables fraud billed to you. This is why SMS access in any app without an obvious SMS job is among the heaviest red flags in our <a href=\"\/blog\/blog\/apk-permissions-explained\/\">permissions guide<\/a>.<\/p>\n<p><strong>Audit:<\/strong> Settings \u2192 Privacy \u2192 Permission manager \u2192 SMS.<\/p>\n<h2>Chat apps \u2014 WhatsApp, Messenger, Telegram: the Accessibility route<\/h2>\n<p>Here&#8217;s the part that surprises people. Modern chat apps encrypt messages in transit, and Android&#8217;s sandbox blocks one app from reading another&#8217;s data. So how does spyware show your WhatsApp threads on someone&#8217;s dashboard?<\/p>\n<p><strong>Powered by:<\/strong> Accessibility services \u2014 and it doesn&#8217;t break any encryption. An accessibility service reads <em>the screen<\/em>. Whatever you can see, it can see: every chat you open, every message as it&#8217;s displayed, every word as you type it, in any app. Encryption protects messages on the wire; Accessibility reads them at the one place they must be plain \u2014 where they&#8217;re shown to you.<\/p>\n<p>A second, quieter route: <strong>notification access<\/strong>, which reads every notification including message previews \u2014 a partial chat feed without touching the apps at all.<\/p>\n<p><strong>Audit:<\/strong> Settings \u2192 Accessibility \u2192 Downloaded apps (anything here can read your screen), and the notification access list. These two screens are the heart of the <a href=\"\/blog\/blog\/find-hidden-spy-apps-android\/\">hidden spy app audit<\/a>.<\/p>\n<h2>Calls: the log always, the audio sometimes<\/h2>\n<p><strong>Powered by:<\/strong> Call log permissions for the metadata \u2014 who, when, how long: your social graph in a table. Actual call <em>recording<\/em> is harder: modern Android restricts it heavily, so spyware attempts it through Accessibility abuse, with results varying by device \u2014 sometimes both sides, sometimes one muffled half, sometimes nothing. Capability honesty: assume the log is always taken; recorded audio, often attempted but not reliable.<\/p>\n<p><strong>Audit:<\/strong> Permission manager \u2192 Call logs and Phone.<\/p>\n<h2>Microphone and camera: the bugging features<\/h2>\n<p><strong>Powered by:<\/strong> RECORD_AUDIO and CAMERA permissions \u2014 plus, for the genuinely creepy version, auto-start (RECEIVE_BOOT_COMPLETED) so the capability survives reboots and runs without the app ever being opened.<\/p>\n<p>Ambient recording \u2014 listening to the room, not just calls \u2014 is a standard stalkerware feature. Remote photo capture exists too, though modern Android&#8217;s indicator dots (the green camera\/mic dot in the status bar) make silent capture harder than vendor marketing implies. A green dot with no app visibly using camera or mic is worth investigating the same minute.<\/p>\n<p><strong>Audit:<\/strong> Permission manager \u2192 Microphone and Camera; on recent Android, Privacy dashboard shows a timeline of which app used them, when.<\/p>\n<h2>Photos, files, contacts, calendar: the bulk export<\/h2>\n<p><strong>Powered by:<\/strong> storage\/media permissions, Contacts, Calendar.<\/p>\n<p>Less dramatic, enormously invasive: your photo library (with its embedded location data), documents, your entire address book \u2014 which compromises <em>other people<\/em> \u2014 and your schedule. These are one-time bulk grabs plus ongoing sync, cheap to take and silent.<\/p>\n<p><strong>Audit:<\/strong> Permission manager \u2192 Files\/Photos, Contacts, Calendar.<\/p>\n<h2>Keystrokes and passwords<\/h2>\n<p><strong>Powered by:<\/strong> Accessibility again (watching text fields as you type), or a malicious keyboard app \u2014 an input method you installed that logs by design.<\/p>\n<p>Everything you type, including things typed and deleted before sending, and \u2014 depending on Android version and app protections \u2014 passwords as entered. Combined with intercepted SMS codes, this is the full account-takeover kit, and it&#8217;s why the response to confirmed spyware always includes changing passwords <em>from a different device<\/em> (<a href=\"\/blog\/blog\/remove-spyware-android-without-factory-reset\/\">removal guide<\/a>, step 6).<\/p>\n<p><strong>Audit:<\/strong> the Accessibility list once more, and Settings \u2192 System \u2192 Keyboard \u2014 every keyboard listed should be one you chose.<\/p>\n<h2>What spyware generally can&#8217;t do<\/h2>\n<p>Honesty cuts both ways. Consumer spyware on an unrooted, updated phone generally cannot: break end-to-end encryption itself (it reads screens instead \u2014 so a clean Accessibility list genuinely protects your chats), read other apps&#8217; private storage directly, survive a <a href=\"\/blog\/blog\/factory-reset-remove-spyware\/\">factory reset<\/a>, or install itself remotely with no interaction (see our <a href=\"\/blog\/blog\/spy-on-phone-without-touching-it\/\">no-touch spying explainer<\/a>). Its powers are exactly the permissions someone granted it \u2014 usually in ten minutes with the phone unlocked.<\/p>\n<h2>Turning the map into protection<\/h2>\n<p>Notice what this article quietly became: every &#8220;powered by&#8221; line is also a checklist entry. Audit five screens \u2014 Accessibility, notification access, device admin, Permission manager&#8217;s sensitive categories, and the keyboard list \u2014 and you&#8217;ve audited everything consumer spyware can be. And before any app gets onto your phone from outside the Play Store, you can read its requested powers in advance: upload the APK to our <a href=\"https:\/\/spyapp.net\/blog\/scan\/\">free scanner<\/a> and the report lists every capability on this page that the file is asking for, in plain English, while it&#8217;s still just a file and not yet a witness.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Spyware&#8217;s powers aren&#8217;t magic \u2014 each one maps to a specific Android permission. Here&#8217;s exactly what infected phones leak, capability by capability.<\/p>\n","protected":false},"author":1,"featured_media":5031,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[],"class_list":["post-1015","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-spyware-detection-removal"],"_links":{"self":[{"href":"https:\/\/spyapp.net\/blog\/wp-json\/wp\/v2\/posts\/1015","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/spyapp.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/spyapp.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/spyapp.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/spyapp.net\/blog\/wp-json\/wp\/v2\/comments?post=1015"}],"version-history":[{"count":1,"href":"https:\/\/spyapp.net\/blog\/wp-json\/wp\/v2\/posts\/1015\/revisions"}],"predecessor-version":[{"id":1235,"href":"https:\/\/spyapp.net\/blog\/wp-json\/wp\/v2\/posts\/1015\/revisions\/1235"}],"wp:attachment":[{"href":"https:\/\/spyapp.net\/blog\/wp-json\/wp\/v2\/media?parent=1015"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/spyapp.net\/blog\/wp-json\/wp\/v2\/categories?post=1015"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/spyapp.net\/blog\/wp-json\/wp\/v2\/tags?post=1015"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}