How To Find Hidden Apps On Android

Tips
1

I’m worried there might be hidden apps on my Android phone that I can’t see in the regular app drawer or settings. I recently noticed storage and data usage that don’t match the apps I know I installed. Can someone explain the reliable ways to uncover hidden or disguised apps, including any system menus or tools I should check, so I can be sure nothing suspicious is running in the background?

2

First thing, do not panic. Hidden apps on Android are usually either system stuff, launchers hiding icons, or spyware from someone who had access to your phone.

Here is how I would check, step by step.

  1. Show all installed apps
    • Go to Settings → Apps (or Apps & notifications).
    • Tap “See all apps” or similar.
    • Tap the three dots in the top right.
    • Enable “Show system” or “Show all apps”.
    Now scroll slowly and look for:
    • Random names like “Services”, “Updater”, “System Tool”, “Device Service”.
    • Apps with no icon or weird low quality icons.
    If something looks off, tap it, then tap “App details” in store. That opens Play Store if it is a normal app. If Play Store says “Item not found”, it often comes from outside Play Store.

  2. Check hidden icons in launcher
    Icons can be hidden from the home launcher.
    This depends on your phone brand. Quick paths:
    • Samsung: Long press on home screen → Settings → Hide apps.
    • OnePlus / Oppo: Home Settings → Hidden Space or Hide apps.
    • Xiaomi: Settings → Home screen → Hide apps.
    Unhide anything strange and see what it is.

  3. Look at “Device admin” and special access
    Some spying apps use special permissions.
    • Settings → Security → Device admin apps / Device admin.
    Disable anything you do not trust.
    Then check Special app access:
    Settings → Apps → Special app access →
    • “Install unknown apps”
    • “Appear on top”
    • “Usage access”
    • “Accessibility”
    Focus on apps that are not from Google or the phone maker.
    If some random app has Accessibility or Usage access, that is a red flag.

  4. Check data and battery usage
    You already noticed weird usage, so line that up with the app list.
    • Settings → Network & internet → Data usage → Mobile data usage.
    Sort by usage.
    Tap top entries and see which app corresponds.
    Do the same for battery: Settings → Battery → Battery usage.
    Spy or hidden control apps often appear here with generic names.

  5. Use Safe mode to see if problem is from third party app
    Safe mode loads only system apps.
    Most phones:
    • Hold power button → Long press on “Power off” → Tap “Safe mode”.
    In Safe mode, check storage and data again.
    If the weird usage stops, the problem comes from a user installed app.

  6. Check for hidden folders and big files
    Go to Files or any file manager.
    Enable “Show hidden files”.
    Sort by size and see what is huge in:
    • Internal storage root
    • Android/data
    • Android/obb
    If you see a random folder with big logs or recordings, check what app owns it.

  7. Anti malware scan
    Use 1 trusted scanner, not ten. Examples that are often recommended in forums:
    • Malwarebytes Mobile
    • Bitdefender Mobile
    Install, update, scan, then uninstall if you do not want to keep it.
    If a scanner flags an app, cross check by searching that app name online.

  8. Hardening for later
    If you suspect someone you know installed something:
    • Change your Google password on another device.
    • Turn on 2FA for Google.
    • Remove unknown devices from your Google account.
    • In Play Store → Profile → Manage devices and apps → Look at “Installed” and remove weird entries.
    • Disable install from unknown sources for all apps.

  9. Nuclear option if stuff still looks off
    If data usage and storage still do not match and you still feel unsure:
    • Backup photos, contacts, authenticator codes.
    • Settings → System → Reset options → Erase all data.
    Then set the phone up as new. Do not restore apps automatically. Install them one by one from Play Store only.

If you share your phone model and Android version, people here can give exact menu paths and brand specific tricks.

3

Since @cacadordeestrelas already covered most of the “normal” UI paths, I’ll throw in some extra angles and a couple places I personally don’t trust Android to be transparent.

  1. Don’t rely only on the app list
    Even with “Show system” turned on, some manufacturer builds hide or rename stuff. I prefer looking at what’s actually running and talking to the network:
  • Enable Developer options: Settings → About phone → tap Build number 7 times.
  • Go to Settings → System → Developer options.
    Check:
  • “Running services” or “Running apps” (name varies). Look for stuff using lots of RAM with generic names.
    Not perfect, but it sometimes surfaces trash that blends into the full app list.
  1. Cross check installed packages via ADB
    This is more “nerdy,” but it’s the most honest list you’ll get. Needs a PC:
  • On phone: enable USB debugging (in Developer options).
  • On PC: install ADB (Android platform tools from Google).
    Then connect via USB and in a terminal/cmd run:
  • adb devices
  • adb shell pm list packages
    This spits out all package names. To spot non‑Play‑Store stuff:
  • Ignore com.google.*, com.android.*, and your phone brand packages.
  • Google search weird package names like com.xyz.service.tools etc.
    If something shady comes up in search results, that’s a big clue.
  1. Look for VPN / “security” / parental control apps
    This is where I disagree slightly with the “don’t panic” angle: if someone had physical access to your phone, the biggest risk is not some random hidden icon, but:
  • “VPN” apps that quietly redirect traffic
  • “Parental control” or “employee monitor” type apps
    These often look legit and live in plain sight. Red flags:
  • Any VPN or “security” app you don’t 100% remember installing
  • Anything mentioning “monitoring,” “track,” “family safety,” “employee,” “control,” “filter,” etc.
    Even if it’s on Play Store, search the app name + “spyware” or “stalkerware.”
  1. Check default apps & assistants
    Sometimes abuse comes from apps set as default for key things:
  • Settings → Apps → Default apps.
    Look at:
  • Browser: is it something weird?
  • Phone app: replaced by some “call recorder / call manager”?
  • SMS: not the regular Messages app?
  • Digital assistant: a random app set to handle assistant or voice input.
    If some unknown app is acting as a default here, remove it or set back to system apps.
  1. Inspect accessibility & notification access more agressively
    @cacadordeestrelas mentioned special access, but I’d treat two of them as nearly “smoking guns”:
  • Accessibility
  • Notification access
    Many spy / control apps live there. Turn off these for anything that:
  • Is not from Google or your phone maker
  • Is not a screen reader or automation tool you personally installed
    If in doubt about an app that has accessibility or notification access, uninstall it completely rather than just revoking access.
  1. Check for unknown device backups & sync targets
    If someone is spying, they need a place to receive data. Check:
  • Google account → Settings → Security → Devices: remove anything you don’t use.
    Then on the phone:
  • Settings → Passwords & accounts (or similar).
    See if there are extra accounts (Exchange, work profile, some random email or MDM / “Device management” thing).
    Work profiles or MDM / “Device management” can silently install/push apps and policies.
  1. Look for managed profiles / work profile
    Some spyware / control setups abuse the “work profile” feature:
  • Settings → Apps → Work profile or “Managed profile.”
  • Or look in the app drawer for a “briefcase” icon group.
    If you see a work profile and you’re not on a corporate / school phone, that’s suspicious. Deleting a work profile usually removes everything under it.
  1. Network‑level check with a firewall
    If you don’t want to trust scanners, use a no-root firewall to see what calls out:
  • Examples: NetGuard (open‑source), etc.
    Use it to:
  • Block all data for apps you do not recognize and watch what complains.
  • Identify which package is talking to the internet at weird times.
    This is less “click and forget” and more “sit and observe,” but it’s very revealing.
  1. Consider who had access, not just what app is there
    If this is about potential stalkerware from a partner / ex / family member:
  • Any time they had your unlocked phone for 5–10 minutes is enough to install & hide stuff.
  • Change all important passwords from a different device.
  • Reset any recovery email or phone numbers they might control.
    A lot of people skip this and just hunt apps, then the attacker logs in via their Google / socials anyway.
  1. When in doubt, clean slate, but do it properly
    I actually agree with the “nuclear option,” but I’d tweak how to do it:
  • Back up only what you absolutely need: photos, contacts, authenticator codes.
  • Do not backup/restore system settings or apps.
  • Factory reset.
  • On first boot:
    • Do not auto-restore apps from Google backup.
    • Install your apps manually from Play Store only.
      Then watch storage & data for a few days with only your known apps. If the weird usage is gone, whatever it was is wiped.

If you share phone brand / Android version, people can point at exact menu names, but even without that, ADB package listing + checking accessibility / notification access will catch 95% of sketchy stuff in my experience.

4

Skip all the usual “check the app drawer / show system apps” stuff since @cacadordeestrelas and the follow‑up already hammered those. Here are extra angles that hit the weirder ways things hide.

1. Check for hidden launchers & “clone” spaces

Some spyware or shady apps hide behind:

  • Alternative launchers that create a separate home screen
  • “App cloners” or “private space / second space” apps

What to look for:

  • Any launcher app in Settings → Apps → All that you do not actively use
  • Any app mentioning “dual apps,” “private space,” “vault,” or “clone”

Then:

  • Settings → Apps → Default apps → Home app
    • Make sure default Home/Launcher is the one you actually use
    • Switch to each launcher one by one and see if any extra icons appear

If you suddenly see random apps only under a specific launcher, that’s a big clue.

2. Hunt for dialer & secret‑code launchers

Quite a few stalkerware apps:

  • Hide their icons
  • Open only when you dial a special code like *#1234#

What you can do:

  • Open your Phone/Dialer app
  • Look through its settings for:
    • “Speed dial,” “secret code,” or custom “service codes” you do not remember setting
  • Clear defaults for the Phone app, then:
    • Try installing a second dialer from Play Store
    • See if any app suddenly asks to handle those codes or call actions

This is not guaranteed to reveal the app, but if you see a weird package jumping in when dialing a pattern, you found something.

3. Inspect battery optimization & “ignore battery” lists

Hidden or persistent apps often ask Android to leave them alone:

  • Settings → Apps → Special access → Battery optimization / Ignore battery optimizations

Check:

  • Anything listed as “not optimized” that is not:
    • Messaging
    • Your regular cloud backup
    • Known health / fitness trackers
  • Unknown “services” that are always allowed to run in background

You can:

  • Temporarily set unknown ones to “Optimize”
  • Watch if your phone suddenly behaves differently (fewer push notifications from some “mystery” app, etc.)

If an app breaks only after you block its battery freedom and you never meant to use it, consider removing it.

4. Inspect background data usage per hour instead of monthly

Where I slightly disagree with the usual “check data usage” advice: the built‑in month view hides patterns.

Do this instead:

  • Settings → Network & internet → Data usage → Mobile data usage
  • Tap each app that looks even a bit off
  • Switch to “Last 24 hours” or similar granular view

Focus on:

  • Apps with:
    • Almost no foreground usage time
    • Noticeable background data

If something used data every few minutes in the background, especially at times you were asleep or not touching the phone, put it on a shortlist of suspects.

Pair that with a firewall like NetGuard to actually see which ones keep phoning home.

5. Check file system for odd “service” folders

More advanced, but no root needed:

  • Install a reputable file manager from Play Store
  • Browse:
    • Internal storage root
    • Android/data/
    • Android/obb/

Look for:

  • Folders with:
    • Generic names like service, logs, backup, systemupdate that are not clearly tied to a legit app
  • Very recent modified times with:
    • Lots of .log, .txt, or encrypted looking blobs you did not create

Use the folder name to cross‑reference the app package (often similar). If no visible app matches and Google search returns “monitoring” / “spy” hits, that is suspicious.

6. Watch for overlays & “on top of other apps”

Some snooping tools use overlays to capture input or show fake screens.

  • Settings → Apps → Special access → Display over other apps

Review:

  • Any app that can “appear on top” which is not:
    • Chat bubble apps
    • Known screen dimmers
    • Known floaty tool apps you installed

If something unknown has overlay access and accessibility access at the same time, that combination is a red flag.

7. Think in terms of capability, not just presence

Instead of just trying to find “which app is hidden,” ask:

  • Can any app:
    • Read your notifications?
    • Record your calls or microphone?
    • Read SMS?
    • Capture screen content?

You already saw accessibility & notification access mentioned. Add:

  • Default Phone / SMS apps (recheck them again)
  • Apps with “Call recording,” “screen recorder,” “keylogger,” or “parental control” in their Play Store description

If an app could do what you are afraid of, and you do not absolutely need it, remove it. This is more practical than trying to prove it is malicious.

8. When wiping, avoid “smart” restore

I slightly disagree with the simple “don’t auto‑restore apps” advice because people often still let settings creep back in.

If you factory reset:

  • Only restore:
    • Contacts via Google sync
    • Photos via Photos / manual copy
    • 2FA codes (export/import carefully)
  • Do not:
    • Restore “device settings”
    • Restore “Wi‑Fi & app data”
    • Use manufacturer “clone your old phone” tools

Then:

  • Install apps one by one from Play Store
  • Run a few days with a minimal setup and compare:
    • Storage growth rate
    • Background data usage
    • Battery drain

If the weird usage never appears again, the problem was almost certainly app‑side, not hardware or the OS itself.

About the product title “How To Find Hidden Apps On Android”

Pros:

  • Very clear intent keyword, actually matches what people in your situation search for
  • Good anchor if you want a checklist style post or note you can follow again after a reset

Cons:

  • Generic enough that you will get a lot of conflicting advice from random blogs if you search it directly
  • Many guides under that title gloss over the more advanced spots like work profiles, overlay access, and dialer codes

Used well, it is a decent heading for your own personal “threat checklist” doc that combines what @cacadordeestrelas covered, what the other detailed post added, and the items above.

Bottom line: if you methodically go through:

  • Work / managed profiles
  • Alternative launchers & clone spaces
  • Overlay + accessibility + notification access
  • Per‑hour background data usage
  • Factory reset with no smart restore

and still find nothing odd, the odds of a truly hidden stalkerware app on a non‑rooted, non‑corporate Android build are pretty low. At that point, focus on account security (Google, email, socials) because that is often where the real leak is.