Your spouse is probably reading your messages.

Not might be. Probably are. And in most cases, they don’t need to have done anything technically sophisticated to get there.

The access that was never revoked

Shared iCloud. Shared Google account. Location apps installed during a period when it felt normal and never removed. A browser that saved a password on a device you both used at some point.

If your photos sync to a shared Apple ID, your partner sees them. If your iMessages are tied to that ID, they read them. If Life360 is still running in the background of a phone you haven’t touched in months, your location has been updating on a schedule you didn’t know about.

This is the most common access vector in contested divorces. Not spyware. Forgotten permissions.

Password knowledge accumulated over years

Most people’s passwords follow a pattern. Significant dates, names, numbers with personal meaning. A spouse of several years has watched those passwords typed hundreds of times. They may not have consciously memorised anything. The pattern is still there.

It matters most for accounts that were never shared but follow the same formula as the ones that were. Email. Banking. Correspondence with a lawyer. If the formula is known, the account is accessible.

Consumer spyware marketed as parental controls

mSpy, FlexiSpy, Hoverwatch. Sold openly, 30 to 70 euros a month, about five minutes of physical access to install. After that they run invisibly. They don’t appear in the app list. They often survive a basic reset.

What they log: SMS, calls, WhatsApp, location in real time, browser history, photos, keystrokes on some versions. The dashboard is accessible from any browser.

On iOS without a jailbreak, they work through iCloud credentials. No device access required. Just your Apple ID and password, which is sometimes all it takes.

The case for treating any device used during the relationship as suspect, before any other action, is in why you should assume your devices are already compromised before filing for divorce. The decisions made in the first forty-eight hours are the ones that hold up in court.

Email forwarding rules

Two minutes to configure. Invisible in normal use. Every email you send or receive goes to a second address you don’t know exists.

In Gmail: Settings > See all settings > Forwarding and POP/IMAP. In Outlook: Settings > View all Outlook settings > Mail > Forwarding. If there’s a rule you didn’t create, it has been running since the day it was added. Every message since then.

This shows up in legal proceedings often enough that lawyers now tell clients to check it on day one.

The broader pattern of physical and software-level surveillance signs is documented in how to tell if your phone is being monitored. The forwarding rule is one symptom in a larger checklist.

What to do before you change anything

Assess before you act. Changing passwords before understanding what access exists may alert someone who was watching quietly. Deleting messages before knowing what has been forwarded or backed up may destroy evidence you need, or create a legal problem that wasn’t there before.

The full sequence of audits and decisions sits in our digital privacy checklist before divorce, ordered for someone working alone with a device they no longer trust.

Check active sessions on every major account. Google, Apple, WhatsApp, iMessage all show which devices are currently logged in. Any device you don’t recognise is live access. Check email forwarding rules. Check location sharing on Find My and Google Maps. Look through app permissions for anything with simultaneous location, microphone, and camera access.

Do that audit from a device your spouse has never had in their hands.

Frequently asked questions

Can a spouse legally install spyware on your phone?

In most jurisdictions, no. Installing monitoring software without the owner’s consent is illegal regardless of the marital relationship. The legality of other access methods, like shared accounts and known passwords, is more complicated and varies by jurisdiction. Document what you find before you act on it, and consult a lawyer.

How do I know if my phone has spyware on it?

Unusual battery drain, data usage that doesn’t match your behaviour, the device warm when it should be idle. None of these confirm it individually. The reliable fix is a full factory reset, but don’t do that before getting legal advice in an active dispute.

Should I confront my spouse about it?

Not before getting legal advice. Confrontation alerts the other party, which usually means access is moved or escalated rather than removed. In a contested divorce, what you know but have not yet acted on is leverage. What you have already alerted them to is gone. Document, then act with a lawyer who has read the documentation.

Is screenshotting evidence of access enough for court?

Sometimes, but rarely on its own. Courts increasingly want forensic preservation of the device, with timestamps, hashes, and a chain of custody. A screenshot establishes what you saw at a moment in time but does not prove it has not been edited. For high-stakes proceedings, a forensic copy of the device is the asset that holds up under cross-examination. A lawyer can advise on the right vendor in your jurisdiction.

---

There’s no perfect setup. Anyone selling you perfect is selling fear. The goal is simple: make yourself a harder target than the person next to you.