Stalkerware: 86,000 Phone Screenshots Were Exposed (2026)

Can Someone See Your Phone Photos Remotely?

Yes. Stalkerware - a category of commercial spyware designed for covert surveillance - can silently capture everything on your phone screen, including your photos, messages, and private conversations. It runs in the background without any visible indicator, taking periodic screenshots and uploading them to a remote server.

Stalkerware is surveillance software that's typically installed on a phone by someone with physical access to the device - often a partner, ex, or family member. Unlike traditional malware that targets financial data, stalkerware is built specifically to monitor a person's daily life. It captures what you type, what you read, who you talk to, and what photos you look at.

The breach discovered in 2025-2026 shows exactly how invasive this software gets - and how badly the companies behind it handle the data they collect.

86,000 Screenshots From One Phone - What the Breach Revealed

Security researcher Jeremiah Fowler discovered a publicly accessible database containing 86,859 images - all screenshots silently captured from a single person's phone. The database had no password, no authentication, no protection of any kind. Anyone who found it could browse through a year's worth of someone's private life.

The screenshots covered WhatsApp conversations, Facebook messages, Instagram DMs, and TikTok activity. They included intimate personal messages, photos shared in private chats, phone numbers of contacts, and financial details visible on screen at the time of capture. The data spanned from mid-2024 to mid-2025.

The victim was identified only as a prominent European celebrity, entrepreneur, and media personality. Fowler didn't name them publicly, but used phone numbers found in the data to warn the victim directly. He also contacted law enforcement.

The database was labeled "Cocospy" - the name of a stalkerware app that had already been shut down in 2025 after a separate breach exposed millions of its users' personal data. But even after the app went offline, the captured data remained sitting on an open server. Nobody cleaned it up. Nobody deleted it. It just sat there, publicly accessible, for anyone to find.

How Stalkerware Captures Your Photos and Messages

Stalkerware is usually installed manually on a target's phone. Someone needs physical access to your unlocked device for a few minutes. Once installed, the app hides itself - disguising its icon as something harmless like "System Update," "Battery Optimizer," or "Phone Health."

From that point on, it silently captures screenshots at regular intervals. Every text you read, every photo you view, every banking notification that pops up - all of it gets captured and uploaded to a server controlled by whoever installed the app. Some stalkerware goes further, logging keystrokes, recording calls, tracking GPS location, and accessing the camera.

The person monitoring you sees all of this through a web dashboard. They log in from their own phone or computer and browse through your captured data in real time. The victim typically has no idea anything is happening.

What makes this breach particularly disturbing is the aftermath. Cocospy was shut down in 2025, but the surveillance data it collected wasn't deleted. The screenshots from the celebrity's phone remained on an unsecured server for months. This is the norm, not the exception - stalkerware companies have terrible security practices because their entire business model is already built on violating people's privacy.

5 Warning Signs Your Phone Has Stalkerware

Stalkerware is designed to be invisible, but it's not perfect. Here are the most common signs something is wrong:

• 1. Unusual battery drain. Stalkerware runs continuously in the background, capturing screenshots and uploading data. If your phone's battery suddenly drains 30-40% faster than usual with no change in your usage, that's a red flag.
• 2. Increased data usage. Screenshots and captured data get uploaded to remote servers. Check your data usage in Settings - if an unknown app or process is consuming significant data, investigate it.
• 3. Phone overheating when idle. A phone that gets warm while sitting on your nightstand shouldn't be doing that. Background screenshot capture and data transmission generate heat.
• 4. Unknown apps with generic names. Look through your full app list (including system apps) for anything you don't recognize. Stalkerware hides behind names like "System Service," "Battery Manager," or"Phone Backup." If you didn't install it and it's not from your phone's manufacturer, look it up.
• 5. Someone knows things they shouldn't. This is the most telling sign. If a partner, ex, or anyone else references private conversations, knows where you've been, or reacts to messages you never shared with them, your phone may be compromised.

How to Check Your Phone for Stalkerware

The process is different on iPhone and Android.

iPhone

• Go to Settings > General > VPN & Device Management. If you see any configuration profiles you didn't install, that's suspicious. Stalkerware on iPhones often requires a management profile.
• Check Settings > Privacy & Security > Location Services. Review which apps have location access. Any app you don't recognize with "Always" access should be investigated.
• Look for apps you don't remember installing. On iPhone, stalkerware is harder to hide because Apple doesn't allow sideloading (without jailbreaking), but it can still happen through enterprise certificates.

Android

• Go to Settings > Apps, tap the three-dot menu, and select "Show system apps." Scroll through the full list. Stalkerware often disguises itself as a system app with broad permissions.
• Check Settings > Security > Device admin apps. If any app you don't recognize has device administrator privileges, it may be stalkerware. These privileges prevent normal uninstallation.
• Look at app permissions: go to Settings > Privacy > Permission manager. Any unknown app with access to camera, microphone, location, and screen capture is suspicious.

On both platforms, run a malware scan with a reputable tool like Malwarebytes or Norton Mobile Security. These scanners specifically flag known stalkerware apps.

Important safety note: If you're in a domestic violence situation, removing stalkerware may alert the person who installed it. Before deleting anything, contact the National Domestic Violence Hotline at 1-800-799-7233 (or text START to 88788) for guidance on how to proceed safely.

How to Protect Your Photos From Phone Spyware

Even if you're not currently being targeted, these steps make your phone significantly harder to compromise:

• Keep your phone's OS updated. Both Apple and Google regularly patch vulnerabilities that stalkerware exploits. Don't delay system updates.
• Use a strong lock screen. A 6-digit PIN is the minimum. Biometrics (Face ID or fingerprint) make it harder for someone to unlock your phone when you're not looking. Avoid pattern locks - they're too easy to shoulder-surf.
• Don't leave your phone unattended. Stalkerware requires physical access to install. If someone borrows your phone "for a minute" and you get it back with the screen off, check your recently installed apps.
• Enable two-factor authentication everywhere. If someone does get your phone, 2FA on your accounts makes it harder for them to also access your cloud backups and messaging accounts.
• Review app permissions regularly. Go through your installed apps every few months. Revoke camera, microphone, and location access from anything that doesn't genuinely need it.

For platform-specific guides, check the detailed walkthroughs on iPhone photo privacy settings and Android photo permissions. For broader privacy hygiene, the guide on common photo privacy mistakes covers the mistakes most people don't realize they're making.

Frequently Asked Questions