Unless they do something nasty like mandating something akin to IEEE 802.1x from the network providers that will only let a device see its authentication server until it crypto-authenticates itself, the software to do such being built into the spyware app; no app, no Internet. Foreign SIM? Install the app or no data for you (app store access would therefore also need to be available.) No app installed? Add the phone's voice and texts to a special watch list.
If the apps can be disabled or uninstalled, there's no guarantee they won't leave something behind that's invisible to the user.