Skip all the usual “check the app drawer / show system apps” stuff since @cacadordeestrelas and the follow‑up already hammered those. Here are extra angles that hit the weirder ways things hide.
1. Check for hidden launchers & “clone” spaces
Some spyware or shady apps hide behind:
- Alternative launchers that create a separate home screen
- “App cloners” or “private space / second space” apps
What to look for:
- Any launcher app in Settings → Apps → All that you do not actively use
- Any app mentioning “dual apps,” “private space,” “vault,” or “clone”
Then:
- Settings → Apps → Default apps → Home app
- Make sure default Home/Launcher is the one you actually use
- Switch to each launcher one by one and see if any extra icons appear
If you suddenly see random apps only under a specific launcher, that’s a big clue.
2. Hunt for dialer & secret‑code launchers
Quite a few stalkerware apps:
- Hide their icons
- Open only when you dial a special code like
*#1234#
What you can do:
- Open your Phone/Dialer app
- Look through its settings for:
- “Speed dial,” “secret code,” or custom “service codes” you do not remember setting
- Clear defaults for the Phone app, then:
- Try installing a second dialer from Play Store
- See if any app suddenly asks to handle those codes or call actions
This is not guaranteed to reveal the app, but if you see a weird package jumping in when dialing a pattern, you found something.
3. Inspect battery optimization & “ignore battery” lists
Hidden or persistent apps often ask Android to leave them alone:
- Settings → Apps → Special access → Battery optimization / Ignore battery optimizations
Check:
- Anything listed as “not optimized” that is not:
- Messaging
- Your regular cloud backup
- Known health / fitness trackers
- Unknown “services” that are always allowed to run in background
You can:
- Temporarily set unknown ones to “Optimize”
- Watch if your phone suddenly behaves differently (fewer push notifications from some “mystery” app, etc.)
If an app breaks only after you block its battery freedom and you never meant to use it, consider removing it.
4. Inspect background data usage per hour instead of monthly
Where I slightly disagree with the usual “check data usage” advice: the built‑in month view hides patterns.
Do this instead:
- Settings → Network & internet → Data usage → Mobile data usage
- Tap each app that looks even a bit off
- Switch to “Last 24 hours” or similar granular view
Focus on:
- Apps with:
- Almost no foreground usage time
- Noticeable background data
If something used data every few minutes in the background, especially at times you were asleep or not touching the phone, put it on a shortlist of suspects.
Pair that with a firewall like NetGuard to actually see which ones keep phoning home.
5. Check file system for odd “service” folders
More advanced, but no root needed:
- Install a reputable file manager from Play Store
- Browse:
- Internal storage root
Android/data/Android/obb/
Look for:
- Folders with:
- Generic names like
service,logs,backup,systemupdatethat are not clearly tied to a legit app
- Generic names like
- Very recent modified times with:
- Lots of
.log,.txt, or encrypted looking blobs you did not create
- Lots of
Use the folder name to cross‑reference the app package (often similar). If no visible app matches and Google search returns “monitoring” / “spy” hits, that is suspicious.
6. Watch for overlays & “on top of other apps”
Some snooping tools use overlays to capture input or show fake screens.
- Settings → Apps → Special access → Display over other apps
Review:
- Any app that can “appear on top” which is not:
- Chat bubble apps
- Known screen dimmers
- Known floaty tool apps you installed
If something unknown has overlay access and accessibility access at the same time, that combination is a red flag.
7. Think in terms of capability, not just presence
Instead of just trying to find “which app is hidden,” ask:
- Can any app:
- Read your notifications?
- Record your calls or microphone?
- Read SMS?
- Capture screen content?
You already saw accessibility & notification access mentioned. Add:
- Default Phone / SMS apps (recheck them again)
- Apps with “Call recording,” “screen recorder,” “keylogger,” or “parental control” in their Play Store description
If an app could do what you are afraid of, and you do not absolutely need it, remove it. This is more practical than trying to prove it is malicious.
8. When wiping, avoid “smart” restore
I slightly disagree with the simple “don’t auto‑restore apps” advice because people often still let settings creep back in.
If you factory reset:
- Only restore:
- Contacts via Google sync
- Photos via Photos / manual copy
- 2FA codes (export/import carefully)
- Do not:
- Restore “device settings”
- Restore “Wi‑Fi & app data”
- Use manufacturer “clone your old phone” tools
Then:
- Install apps one by one from Play Store
- Run a few days with a minimal setup and compare:
- Storage growth rate
- Background data usage
- Battery drain
If the weird usage never appears again, the problem was almost certainly app‑side, not hardware or the OS itself.
About the product title “How To Find Hidden Apps On Android”
Pros:
- Very clear intent keyword, actually matches what people in your situation search for
- Good anchor if you want a checklist style post or note you can follow again after a reset
Cons:
- Generic enough that you will get a lot of conflicting advice from random blogs if you search it directly
- Many guides under that title gloss over the more advanced spots like work profiles, overlay access, and dialer codes
Used well, it is a decent heading for your own personal “threat checklist” doc that combines what @cacadordeestrelas covered, what the other detailed post added, and the items above.
Bottom line: if you methodically go through:
- Work / managed profiles
- Alternative launchers & clone spaces
- Overlay + accessibility + notification access
- Per‑hour background data usage
- Factory reset with no smart restore
and still find nothing odd, the odds of a truly hidden stalkerware app on a non‑rooted, non‑corporate Android build are pretty low. At that point, focus on account security (Google, email, socials) because that is often where the real leak is.