Have you ever wondered if your phone is secretly being tracked? With so many spyware threats out there, it's crucial to stay ahead. In this video, I'll show you how to use MVT – Mobile Verification Toolkit – to scan your phone for spyware, analyze results, and secure your device. Whether you're an iPhone or Android user, this tool can reveal hidden threats that traditional antivirus apps miss. Let’s dive in!
MVT, or the Mobile Verification Toolkit, is an open-source tool developed by Amnesty International. It was initially designed to detect advanced spyware like Pegasus, Predator, and other surveillance tools used against activists and journalists. But you don’t have to be a high-profile target to be at risk – stalkerware, hidden tracking apps, or rogue Wi-Fi profiles could compromise your phone. This tool helps you uncover any suspicious activity.
#Step 1: Installing MVT & preparing phone backup
Before we start scanning, we need to set up MVT on a computer. You’ll need Python 3 (installation guide), and you can install MVT with the following commands:
python3 -m venv env
source env/bin/activate
pip install mvt
The mvt-ios and mvt-android utilities should now be available as commands whenever the virtual environment is active. Now, if you type mvt-ios in the command line, you should see the output.
For iPhones, we won’t scan the device directly. Instead, we need to create an encrypted backup using Finder on macOS or iTunes on Windows. This ensures that MVT can analyze sensitive data like call logs, messages, and system settings.
Using Finder on your Mac, create a phone backup (set a backup password so that the backup appliance can also access sensitive data on your phone).
#Step 2: Decrypting the backup
If your backup is encrypted, we need to unlock it before scanning. Using this command, we’ll decrypt it into a readable format:
mvt-ios decrypt-backup -p "<your-password>" -d ~/Library/Application\ Support/MobileSync/Backup/dest ~/Library/Application\ Support/MobileSync/Backup/00008130-0018258C02E0001C
Where:
dest – is a separate directory located beside the backup. It is used as a destination folder for a decrypted backup00008130-0018258C02E0001C – is a backup directory you created in the previous step with Finder (or iTunes). In your case, the name might be different
NOTE: If you can’t find MobileSync in the /Library/Application Support/, use “Go to folder” in your Finder window and enter the full path to the directory with your backup: ~/Library/Application\ Support/MobileSync/Backup (pay attention to a backward slash in this path)
Once the decryption process is completed (it may take a while, depending on the backup size), we’ll be good to start scanning.
#Step 3: Running MVT to scan for spyware
Now for the fun part – scanning the backup for threats. We run:
mvt-ios check-backup --output ~/Library/Application\ Support/MobileSync/Backup/result ~/Library/Application\ Support/MobileSync/Backup/dest
Where:
result – is the directory we need to create beforehand for the scan results outputdest – the directory that holds our decrypted backup (see the previous step for more info)
MVT will analyze installed apps, Wi-Fi profiles, system logs, and compare them against a database of known spyware (indicators of compromise or STIX). If something is flagged, it will appear in detections.json or mvt-checks.json.
#Step 4: Understanding & acting on results
Once the scan is complete, check the results. If you see warnings like ‘Suspicious app not installed from the App Store’, review the flagged apps. Do you recognize them? If not, delete them immediately!
Spyware often installs hidden configuration profiles that force your phone to connect to rogue networks. If MVT flags an unknown Wi-Fi profile, go to Settings --> General --> VPN & Device Management and remove anything suspicious.
If your phone is deeply compromised (or if you can’t delete suspicious apps or configuration profiles), the safest option is to factory reset your device and avoid restoring from an old backup.
ATTENTION: If you feel that your phone behaves in a weird manner or you see suspicious apps or configuration profiles you don’t remember installing – turn on “Lockdown mode” immediately (iPhone only): Settings --> Privacy & Security --> Lockdown Mode (at the very bottom of the screen).
Final thoughts
Even if your phone is clean now, here’s how to stay protected:
- Enable “Lockdown Mode” (iPhone) – Blocks advanced spyware attacks
- Use strong 2FA & passwords – Avoid weak passcodes like ‘1234’
- Regularly check installed apps & profiles – Spyware often masquerades as harmless apps
- Use a VPN on Public Wi-Fi – Prevents network-based attacks
In case all this is far too complicated you can use antivirus software and antimalware applications. My personal preferences are:
MVT is a powerful tool to check if your phone is compromised. If this video/article helped, drop a like and subscribe for more cybersecurity tips. If you have questions, leave a comment – I’d love to help!
References: