How to find and remove malware on your Android device

Tips & tricks
10 mins
How to check and remove malware on your Android phone

Your Android phone is slow. Its battery drains fast. And pop-up ads have started appearing. Is it just your phone getting old? Plus you’ve been online shopping a lot? Or is it dreaded malware?

Malware, or “malicious software,” is a term for various viruses, spyware, or ransomware (cryptolockers) that cause harm to a user, their data, or their devices. The term malware implies malicious intent on the side of the software developer. Getting malware on your phone is worrisome, as it might be out to steal your information or your money. And getting malware off your phone can seem like a daunting task. But we’re here to help.

Signs of malware on Android

Malware often does not make itself obvious. You might first notice signs and symptoms that your device has been infected before taking further action to confirm the presence of malware and finally to get rid of it. Signs of malware on your phone include the following.

  • Your phone tends to overheat. Malware can strain your phone by consuming high amounts of RAM and CPU power. Malware on Android typically runs in the background, consuming more power, and leading to a rise in your phone’s temperature. However, an overheating phone doesn’t necessarily mean a malware infection. Phones can overheat for various reasons, such as bad software updates or high ambient temperatures.
  • The battery drains faster than usual. By constantly running in the background, malware consumes more of your phone’s resources—this constant use of power results in faster battery drain.
  • You’ve noticed a slowdown in your phone’s performance. A slow device could indicate outdated software or a lack of storage space. However, a potential cause is also malware. We’ve touched on how malware consumes many resources, which has a side effect of a slower phone as less RAM and CPU power are available for the OS and other apps.
  • Persistent pop-up ads. The sudden onset of pervasive ads indicates that you’ve installed an app of unknown or nefarious origin that pushes unwanted advertisements to your device.
  • Unrecognized apps. If you see apps on your phone that you don’t remember installing, there’s a high chance they’re viruses.
  • Unexplained increase in data usage. If you’ve found that your data usage has increased sharply on your latest phone bill, chances are there’s a malicious code or program sending data from your phone to unknown servers.

How to detect malware on Android

Seeing signs of malware on your Android phone? The next step is to get further confirmation that malware has made its way into your device. Here’s how to do that.

Check for side-loaded apps on your Android phone

You can install apps from outside the Play Store on an Android phone. However, you should avoid downloading apps from apps or browsers as Google cannot screen them, and they are more likely to contain malware.

From the settings menu of your Android phone, you can block app downloads from outside the Play Store. Here’s how:

  1. Open the Settings app and tap on Apps.
  2. From the hamburger icon, tap on Special Access.
  3. Tap on Install Unknown Apps.
  4. Check to ensure that no apps or web browsers have permission to install apps on your phone.

When you download apps from outside the Play Store, you will download an APK file that will unzip to install the app. Think of APK files as ZIP files. They work similarly. APK files can contain malware, especially when downloaded from untrusted sources. It is also possible to accidentally download an APK file when clicking a link. Here’s how to check if your Android phone has downloaded APK files:

  1. Open the File or My Files app.
  2. Tap on APK or Installation Files to check for any installed files.
  3. Delete any unwanted APK files and uninstall associated apps.

Check for unrecognized apps

Chances are your phone has little-used or forgotten apps, and most of us don’t bother reviewing our apps very frequently. But malware can install malicious apps on your Android phone, so it is good practice to periodically check for unrecognized apps and the permissions you’ve granted your apps. To do so, follow these steps:

  1. Open the Settings app and tap on Apps.
  2. Scroll through the list of apps and check for unrecognized apps.
  3. To check an app’s permissions, tap on the app to view and revoke them.

While checking for unrecognized apps, be mindful that certain Android apps necessary for the OS are listed in the settings menu too. A Google search will yield answers if you’re unsure what an app is for.

Check for pop-up ads

Persistent pop-up ads are a telltale sign of malware. Malware attempts to steal your information by redirecting you to spoof websites and encouraging you to enter personally identifiable information that cybercriminals can steal. This includes your credit card or bank account details.

If you are suspicious of a website’s authenticity, do not give up any personal or financial information. Always verify weblinks, especially if you landed on the page through several redirects. A quick Google search can help you distinguish between genuine and fake websites.

If you’re getting a lot of pop-ups and redirects, clear the cache, history, and cookies of your phone’s browser. You can do so from the settings menu on your browser or through the app’s settings on your phone.

  1. Open the Settings app and tap on Apps.
  2. Search for your phone’s browser.
  3. Tap on Clear Cache and Clear Storage/Clear App Data.

Check for apps that consume too much battery

Malware runs in the background, consuming your phone’s resources, leading to high battery consumption. You should uninstall unrecognized apps that consume too much battery. Here’s how to check battery usage on your Android phone:

  1. Open the Settings app and tap on Battery.
  2. Tap on Battery Usage.
  3. Battery-hungry apps are displayed at the top of the list.

Check for apps with high mobile data usage

Malware can run malicious codes or programs to send data from your phone to unknown servers, leading to increased data usage. Check for apps that are using a high amount of data. Here’s how:

  1. Open the Settings app and tap on Network & Internet or Connections.
  2. Tap on Data Usage.
  3. Tap on Mobile data usage and Wi-Fi data usage to see which apps are using mobile and Wi-Fi data.
  4. Uninstall apps that consume a lot of data but don’t need it to function properly. For example, a calculator app doesn’t need mobile data to work.

Check for apps with admin privileges

Admin privileges give apps access to system features, such as the ability to erase all data and monitor screen-unlock attempts. It can be harder to uninstall malware if it gains admin privileges. It also gives cybercriminals access to settings that can manipulate your device. You should revoke admin privileges from apps you don’t recognize and uninstall them. Here’s how to check which apps have admin privileges on your Android phone:

  1. Open the Settings app and tap on Security.
  2. Tap on Other Security Settings.
  3. Tap on Device admin apps, Device Administrators, or Phone administrators.
  4. Toggle admin privileges off for any unrecognized apps.
  5. Tap Deactivate.

Check for Android malware using Play Protect

The Play Store has a built-in security feature called Play Protect. Play Protect can scan your apps for malware, even on apps downloaded from other sources. To scan your apps with Play Protect, follow these steps:

  1. Open the Play Store on the Android device you want to scan.
  2. Tap on your profile in the upper-right corner.
  3. Tap on Play Protect.
  4. Tap Scan.
  5. Tap on the option to remove any detected malware.

You should uninstall apps that Play Protect flags as malicious. Play Protect isn’t a comprehensive solution though, as it doesn’t scan your downloaded files.

How to remove malware on Android

Reboot your Android phone in Safe Mode

If you suspect your phone is infected with malware and it isn’t working as expected, Safe Mode is worth a shot. Safe Mode, also known as recovery mode, reboots your device to its default state from when you purchased it.

Safe Mode doesn’t load third-party apps, widgets, or any customizations you might have. It allows you to turn off third-party apps and services, including malware that may have been installed.

Enable Safe Mode with these steps:

  1. Press and hold down the power key. Depending on your device, you may have to press the power button and volume up button at the same time.
  2. Touch and hold the on-screen power button until the Reboot to safe mode message appears.
  3. Tap on OK to reboot your Android phone in Safe Mode.

While in Safe Mode, check your installed apps from within the Settings app. Uninstall unrecognized apps. If you cannot uninstall a suspicious app, disable it first and check if it has admin privileges. Revoke any admin privileges for the app and try to uninstall it again.

To exit Safe Mode, simply restart your device.

Uninstall unrecognized apps

Your phone may be working as expected, but you have noticed malware symptoms; an easy fix is to look through your apps. Malware can install malicious apps on your Android phone; uninstalling unrecognized apps could remove malicious software.

Before installing a new app, it is good practice to research an app’s security and user reviews. You can do this by reading reviews on the Play Store or searching the app’s name. This should help determine if an app is reliable and if other users have had issues with the app.

Read more: How to declutter your phone: Step-by-step guide

Restore your browser settings

If you’re getting a lot of pop-ups and redirects to unwanted websites, clear the cache, history, and cookies of your phone’s browser. This will restore your phone’s browser to its default settings. You can do this from the settings menu on your browser or the app’s settings on your phone.

  1. Open the Settings app and tap on Apps.
  2. Search for your phone’s browser.
  3. Tap on Clear Cache and Clear Storage/Clear App Data.

Clear your downloads

On Android, you can download files of all formats from the internet—and that includes malware. You should regularly clear your downloads of suspicious and unnecessary files. You can do so with these steps.

  1. Open the File or My Files app.
  2. Click through the various tabs of the app to check for any installed files.
  3. Delete any unwanted files and uninstall associated apps.

Can’t uninstall a malware app? Here’s what to do

Sometimes, a malware app may give itself admin privileges to make it difficult to uninstall. The option to delete will not appear, and you can only disable the app. This doesn’t mean it is impossible to uninstall the app. Here is how you can go about it.

  1. Open the Settings app and tap on Security.
  2. Tap on Other Security Settings.
  3. Tap on Device admin apps, Device Administrators, or Phone administrators.
  4. Toggle admin privileges off for the malware app.
  5. Tap Deactivate.
  6. Navigate back to the main Settings menu and tap on Apps.
  7. Locate the app on the list and uninstall it.

How to prevent malware on your Android phone

A malware attack can happen to anyone. There are some actions that Android phone users can take to protect themselves. These include:

  • Use the full range of cybersecurity tools. Tools like an antivirus program and a VPN for Android are your line of defense against cyberattacks
  • Keep your phone up to date. Keeping your device software updated is one of the easiest ways to ensure you have a head start in thwarting the latest malware infections and fixing software bugs. Consider enabling automatic updates.
  • Don’t open strange attachments or unknown links. Never trust attachments of unknown origin. In fact, don’t trust all attachments sent to you by trusted sources—at least until you’ve verified their authenticity, as phishing scams are extremely common.
  • Only install apps from trusted sources. By installing apps from the Play Store, you can ensure that they are authenticated and scanned by Google.
  • Periodically review your apps and their permissions. By reviewing your apps, you can keep aware of your installed apps and the permissions you’ve granted them. This way, you can spot unrecognized apps and take swift action to uninstall them.
  • Use strong passwords. A strong password is your first defense against unauthorized access to your accounts. Pair it with two-factor authentication for an additional layer of security. The ultimate password power move is to use a password manager. Password managers generate strong passwords, securely store them, and automatically fill them into login screens.

FAQ: About removing Malware on Android

Will a factory reset remove malware from my Android?
Can I scan my Android phone for malware?
Do Android phones need antivirus?
How do I find hidden apps on Android?
What apps should not be on my Android phone?
Phone protected by ExpressVPN.
Protect your online privacy and security

30-day money-back guarantee

Various devices protected.
Take the first step to protect yourself online. Try ExpressVPN risk-free.
What is a VPN?
Sentient AI scouring the internet for photos of Paddington bear photoshopped into other movies and shows.