It seems too good to be true.
Purchasing an invisible software that allows you to spy on anyone’s phone. Low price, quick and easy installation, complete remote access to any device.
Fraud alert: high.
Generally, whoever approaches the spy apps world for the first time, inevitably struggles to discern whether the product is legit or an utter fraud.
Reviews don’t seem to help, with half of them stupidly fake and the other half clearly biased for affiliate marketing purposes.
Moreover, there seems to be dozens of these spy softwares, causing more confusion.
After some research, I identified the two most popular spy apps out there and decided to find out whether they really work as advertised.
In the first part of this post I discuss how spy apps work on mobile phones, from installation to monitoring, highlighting strengths and major flaws.
In the second part, I describe my experience with the two most popular spy apps providers, MSPY and XNSPY, on iPhone.
Table of Contents
Are Spy Apps Legal?
Are you thinking to exploit these applications to monitor your partner?
Think twice.
In fact, you are acting against the law in many countries.
Monitoring a phone of an adult without their permission is illegal.
You may act legitimately if you own your partner’s phone, but that’s kind of a grey area.
Conversely, it is legal to secretly monitor your underaged child’s device, for safety reasons.
In fact, spy softwares are sold to the general public as ‘parental control’ softwares.
Of course, these applications are then used for all sorts of things.
Including monitoring cheating partners.
How Do Spy Apps Work? From Installation to Monitoring: Everything You Need to Know
You are probably wondering how the heck these spy apps work.
Well, all spy apps fundamentally work in two ways:
#1 For Android and iPhone, by installing a software in the target device (physical installation).
#2 For iPhone only, by collecting data from the iCloud (remote installation)
Let’s briefly review the first option.
Installation Type #1: Spy Apps Physical Installation on Target Device (iPhone/Android)
You will need to be able to access the target device for up to 30 minutes to install the spy software.
That’s a bit of a downside.
But, at the end of the day, you should be using these for parental control purposes anyway.
The application is generally undetectable, yet the installation is not always straightforward.
Especially if you are required to grant full access to your monitored device operating system.
This process is fairly complex and it is known as ‘rooting’.
In the Android world, it is possible to install a spy software without needing to root a device.
However, without rooting, the monitoring experience is generally very limited.
Conversely, in the iOS realm, an iPhone must be rooted, or ‘jailbroken’, to allow the installation of a spy software.
It is still possible to track a non-jailbroken iOS device through iCloud monitoring (remote installation), but we will discuss this possibility later on.
Meanwhile, let’s take a closer look at the process of rooting or jailbreaking.
Stay with me.
I’ll keep it very basic!
Rooting (Android) and jailbreaking (iOS) basically means the removal of restrictions imposed by the phone manufactures.
This way, you have the freedom to do whatever you please with your phone.
From installing unofficial applications, adding new themes, playing otherwise unsupported games and more.
If you are not tech savvy, this manoeuvre is unsafe, as it may cause your phone not to run as smoothly as before.
Plus, rooting or jailbreaking a device automatically invalidates its warranty.
Different spy app providers offer a paid installation service carried out by technicians who complete the rooting or jailbreaking process without incidents.
This way you don’t have to run the risk to do it yourself.
Now, why would anyone want to root or jailbreak a device to install a spy software, when there are other viable options?
Well, rooting allows you to monitor non-default applications, otherwise impossible.
WhatsApp, Facebook and Tinder are non-default applications, just to name a few.
Take a look at the below table (swipe left or right if you are on mobile).
| Monitorable Features (Physical Installation) | Rooted (iOS) | Non-Rooted (iOS) | Rooted (Android) | Non-Rooted (Android) |
|---|---|---|---|---|
| Call History | Yes | N/A | Yes | Yes |
| SMS Texts | Yes | N/A | Yes | Yes |
| WhatsApp Chats/Calls | Yes | N/A | Yes | No |
| Incoming Emails | Yes | N/A | Yes | No |
| List of Contacts | Yes | N/A | Yes | Yes |
| Calendars | Yes | N/A | Yes | Yes |
| List of Installed Apps | Yes | N/A | Yes | Yes |
| Photos | Yes | N/A | Yes | Yes |
| Browsing History | Yes | N/A | Yes | Yes |
| Location History | Yes | N/A | Yes | Yes |
| Social Media | Yes (Limited providers) | N/A | Yes (Limited providers) | No |
As you can see, without rooting or jailbreaking, there is not much left for you to monitor, really, with social media, WhatsApp chats and emails being off the table.
But there’s a problem.
At the time of writing [March 2020], while most spy softwares on the market are compatible with any rooted Android device regardless of its version, the same cannot be said for iOS.
Currently, spy applications are generally compatible with any jailbroken iOS device up to iOS 9.1.
Apple released iOS 9.1 in 2015.
In other words, you can only fully monitor old iOS devices, which makes it completely useless in most cases.
The table below sums it all up:
| Pros | Cons | |
|---|---|---|
| Physical Installation (Android) | Rooting is not necessary to monitor default features | Rooting is necessary to monitor non-default features |
| Spy apps are generally compatible with all rooted Android devices | Requires access to target device | |
| Physical Installation (iOS) | N/A | Jailbreaking is always required to monitor default and non-default features |
| N/A | Requires access to target device | |
| N/A | Spy apps are generally incompatible with jailbroken iOS > 9.1 |
In sum, if you are planning to monitor a relatively recent Apple device, you may be forced to use the ‘no-jailbreak’ monitoring version offered by several spy app providers.
The ‘no-jailbreak’ version collects data from the iCloud, as explained below.
Installation Type #2: Spy Apps Remote Installation on Target Device (iPhone Only)
We all know the iCloud by now.
Among its many features, iCloud is the Apple service that allows users to keep all information safe and retrievable should they lose a device.
Now, the question is:
How can spy softwares penetrate any iCloud account?
Is the Apple iCloud service that vulnerable?
Well, of course no.
Before we dive into the specifics of iCloud monitoring, let’s take a look at what features can be monitored indeed.
Take a look at the table below:
| Monitorable Features (Remote Installation) | Non-Rooted (iOS) | Non-Rooted (Android) |
|---|---|---|
| Call History | Yes | N/A |
| SMS Texts | No | N/A |
| WhatsApp Chats/Calls | Yes | N/A |
| Incoming Emails | No | N/A |
| List of Contacts | Yes | N/A |
| Calendars | Yes | N/A |
| List of Installed Apps | Yes | N/A |
| Photos | Yes | N/A |
| Browsing History | Yes | N/A |
| Location History | Yes | N/A |
| Social Media | No | N/A |
The features available for tracking are very limited.
WhatsApp monitoring is the sole feature that makes iCloud tracking apps worth buying.
But this isn’t the only downside.
iCloud monitoring presents several technical hurdles that may prevent a full monitoring experience.
2.1 You Need to Know iCloud Credentials
iCloud monitoring is possible only if the credentials of the monitored account are known.
In other words, you need to know the Apple ID email and password of the monitored person to be able to download iCloud logs.
So, does that mean that knowing someone’s iCloud credentials is enough to spy on their phone?
Nah.
But that is certainly what spy applications advertise on their websites.
2.2 ‘2FA’ Must Be Disabled
First of all, iCloud tracking cannot work if the monitored device has two-factors authentication (2FA) enabled.
2FA is an extra layer of security that prevents people from accessing your online account, should they know your password.
This extra layer of security also prevents spy applications to download iCloud logs from the monitored device.
Can you disable 2FA on your target device?
No.
Once 2FA feature is active, it cannot be disabled.
Nowadays, the majority of Apple devices have 2FA protection already on.
Should you not have 2FA, Apple will bombard you with daily notifications until when you enable it out of desperation.
To bypass the 2FA, spy application providers will suggest to create a brand new iCloud account without 2FA to be associated with the device you want to monitor.
Associating a device with new iCloud account is not exactly the stealthiest procedure, as it will remove existing emails, disable ‘Find my phone’ or reset memojis, to name a few.
This will certainly cause the monitored person to notice the new iCloud account association.
And there’s more:
2.3 iCloud Must Have Free Storage
Spy softwares collect data from the iCloud.
If the monitored Apple device is not regularly backing data up onto the iCloud…
Guess what?
It won’t work.
Indeed, you will need to activate daily iCloud back ups on your target device.
Now, if you own an iPhone, you will know that iCloud offers 5 GB of storage free of charge.
Once that is full, iPhone will simply stop processing iCloud back ups.
So, should you not have free iCloud storage, you will be forced to either delete existing data or to purchase new storage, to make the spy app work.
This is not specified anywhere on spy apps websites.
The table below sums it all up:
| Pros | Cons | |
|---|---|---|
| iCloud monitoring [iOS] | No jailbreak required | 2FA must be disabled |
| Remote installation | iCloud credentials must be known | |
| Compatible with all iOS versions | iCloud must have free storage | |
| N/A | Limited features available to monitor |
As mentioned, WhatsApp is the sole reason why people keep purchasing the iCloud monitoring version from spy apps providers.
I decided to give it a try too:
Do Spy Apps Really Work? My Experience with MSPY and XNSPY on iPhone (No-Jailbreak Version)
I bought the two most popular spy applications out there.
I’ll cut it short:
It was an absolute disaster.
Below is a brief review of my personal experience.
Let’s start with MSpy:
My MSPY Non-Experience and How it Never Worked (Refund Denied)
Phase #1: Purchase and Installation
As I intended to test the app on my work phone (iPhone 7, iOS 13.3.1), I had to purchase the ‘No-Jailbreak’ version (iCloud monitoring).
In fact, the jailbreak version is not compatible with any iOS versions bigger than 9.0.
Also, having the two factor authentication active, I had to go through the painful process of creating a brand new iCloud account with no 2FA.
Once that was done, I purchased the application.
I went for the 1-month Premium version (GBP 45.00) as the basic version does not feature WhatsApp tracking.
Now, why would anyone want to purchase the basic version to have access to someone’s web history, pictures and calendar notes?
I don’t know.
Anyway, upon buying the software, I was directed to enter the target phone Apple ID credentials
I then pressed ‘proceed’ but I was hit with the following error message:
Long story short:
My iCloud storage was full.
As a consequence, my iPhone had not been backing data up for a while.
Unwilling to delete any data from my iCloud and my phone, I was forced to buy extra iCloud storage, which allowed me to successfully back up my phone.
However, I was still being hit by the same error message.
I then contacted customer service through the web chat function, who advised that Apple takes up to 24 hours to successfully process a back up.
I was indeed able to successfully install the application only on the following day.
Phase #2: The Monitoring Experience
This is the MSpy monitoring dashboard:
MSpy, like all spy softwares offering iCloud monitoring, does not offer live monitoring.
MSpy is indeed granted iCloud access exclusively once every 24 hours.
In other words, MSpy enters the target iCloud account once a day and downloads the activity that has been previously backed up by the device of the monitored person.
That means that, on top of the 24 hours installation, I had to wait additional 24 hours before I could see any activity on my MSpy dashboard.
But guess what?
My dashboard never updated.
Three days had passed but no activity was displayed on my dashboard.
It was at this point when I began the customer service marathon.
I’ll keep it brief:
Web chat customer service was unable to resolve and said they would have passed the issue onto a senior technician
Two days later MSpy sent me the following email:
They basically said to make sure 2FA was disabled and the phone back up was being process correctly, which it was.
A week had passed before someone from MSpy customer support communicated to me that the issue had been escalated to the developers.
A week.
21 days after the original purchase of the spy application, my dashboard had never updated.
Armed with divine patience, I ended up contacting again the customer service through the web chat function.
This is what they said:
My subscription was extended for 2 additional weeks.
Needless to say, my dashboard never updated, not even during the extension period.
In Sum
Sadly, I paid for a software that never worked, at least for me.
A refund was denied because:
‘We would like to point out that, according to our Refund Policy, the 14-day refund period is a period within which it’s possible to request a refund’.
Instead, I was given additional 2 months free subscription on top of the extension period previously granted.
Needless to say, two months passed but my dashboard remained empty.
My XNSPY Half-Experienced and How It Partially Worked (Refund Granted)
Call me crazy.
But after the shocking MSpy experience, I purchased from its greatest competitor.
Xnspy.
Phase #1: Purchase and Installation
Again, I purchased the ‘No-Jailbreak’ version, wanting to test it on my iPhone 7 (iOS 13.3.1), where I had a brand new iCloud account free of double factor authentication, which I had set up for this purpose.
I was lucky to find a promotional 40% off and ended up spending GBP 29.00.
Not bad.
I went for the Premium version as, similarly to MSpy, the basic version does not offer WhatsApp monitoring.
The installation was fast.
I was prompted to enter the monitored account Apple ID credentials and, within minutes, I was given access to the XNSpy dashboard.
Not only that.
After completing the phone back up as per Xnspy instructions, my dashboard updated immediately.
Again, not bad.
It had taken me 24 hours to install MSpy.
And my dashboard never updated.
Phase #2: The Monitoring Experience
There was a problem, though.
My Xnspy dashboard was displaying only partial data.
I was able to see one recurring GPS location (my home), contacts, pictures and browser history.
Text messages and WhatsApp chats were not displayed.
Forgetful as I am, I failed to take a screenshot of my WhatsApp section in the Xnspy dashboard, so I’ll use the demo version below as an example.
In my case, the WhatsApp and the iMessages sections were empty, with an alert saying something like: ‘No activity detected’.
It did not take me long to figure out why iMessage chats were not displayed on the Xnspy dashboard.
Simply, iMessage chats were not being backed up from my phone onto the iCloud.
Why?
As a security measure, Apple does not allow iMessage chats iCloud back up if two factor authentication is disabled.
There is no workaround for this.
Xnspy advertises iMessage chats as trackable, when in reality this is not possible due to Apple restrictions.
In fact, if 2FA is enabled, Xnspy cannot be installed in the first place.
The same does not apply to WhatsApp.
My WhatsApp chats were indeed correctly backed up and stored on the iCloud.
I had also set my WhatsApp chats to be backed up on a daily basis.
Just like MSpy, Xnspy updates its dashboard only once every 24 hours.
I thus let a few days pass.
But again, WhatsApp logs were not visible at all.
I then decided to contact customer service through the web chat function.
Here is the transcription:
According to Xnspy customer service, a recent iOS update had caused WhatsApp monitoring not to work anymore.
But of course the WhatsApp monitoring feature was still advertised on their website.
And they never removed it.
I religiously checked everyday on Xnspy website for a few days and I was disappointed to see that the WhatsApp feature was being advertised without actually working.
In Sum
I paid for a service that worked only partially.
Not only that.
I paid for a service that promised what could not be offered.
Surprisingly, I was promptly refunded.
Conclusion
So, do spy apps really work?
Before answering this question, it is worth to keep in mind the following considerations:
1. I tested the two most popular spy app providers among many other less popular alternatives
2. I exclusively tested spy softwares on iOS and not Android
3. My personal experience does not necessarily reflect each user’s experience
With that said, I consider spy softwares as unreliable products anyone should stay away from.
In my case, I was not able to monitor anything other than browser history, contacts and pictures.
Please, consider other alternatives to save money and avoid frustration.
For instance, did you know that there is a free, effective way to secretly read someone’s WhatsApp conversations using the WhatsApp Web version, without resorting to unreliable spy softwares?
We discuss it here: ‘How to catch a cheater without hiring a private investigator’.