Every step you need to take
One of Android’s greatest strengths is the open nature of the platform. Unlike iOS devices, you’re free to install any software you want. Unfortunately, that’s also a source of problems.
Opening Android up to software outside of the official app store introduces the possibility of malware. If your Android phone has been afflicted by malware, you’ll want to remove it as soon as possible. In this article, you’ll learn how.
Do I Have Malware?
We assume that since you’re reading this article, you suspect that your Android phone has a malware infection. However, malware is rarer than you might think. There are a few typical malware symptoms you’ll want to be aware of:
- A sudden drop in phone performance, even after restarting.
- Sudden, unexplained battery drain.
- Your mobile data usage spikes despite your online habits being the same.
- You see apps that you don’t remember installing.
- Excessive, unwanted popup ads.
If that sounds like you, let’s move on to how you can deal with your malware issue.
Switch Off the Phone!
If you’re highly confident that your phone is infected with malware, switch it off completely. This should prevent the malware from “phoning home” and perhaps further infecting and taking control of your device. Remove the SIM card while you’re at it.
When you’re ready to turn the phone on again, put it in Airplane Mode or switch off your WiFi router to prevent the device from connecting to the internet. Hopefully, you’ve cut off communications from the phone before any of your private data has been sent back to the malware authors.
Use an Antivirus App
Using antivirus software is the most obvious thing to do when dealing with malware on an Android device, but some readers may not know that antivirus apps exist. Of course, it would be better to install an antivirus app before your phone is infected.
That’s because some malware might interfere with the installation of antivirus applications. We’ll cover a few things you can do if it’s too late for an antivirus app. If installing an antivirus app is still viable for you, check out The Five Best Android Antivirus and Security Apps for verified and effective options.
Put Your Phone Into Safe Mode
Just like most desktop computers, Android offers a “Safe Mode.” In this mode, the phone doesn’t allow any third-party applications to run. It’s a good way to test whether it is in fact an app that’s causing your issues. If your phone’s problems disappear in Safe Mode, it’s likely malware.
To enter Safe Mode on Android 6 device and newer:
- Press the power button.
- From the options, tap and hold Power Off.
- When you see Reboot to Safe Mode, select it and confirm.
Now, wait for your phone to restart. In Safe Mode, you can still remove apps, so this is a good opportunity to uninstall the apps you’re most suspicious of. If you’re lucky, that might remove the malware.
If you’re not that lucky, you’ll at least have stopped some of its functionality, allowing you to install a trusted antivirus app if necessary.
In Safe Mode, Remove App Admin Privileges
Safe Mode temporarily puts a stop to whatever third-party apps are doing on your phone. As mentioned above, you can use this as a chance to delete suspicious apps. However, you should also take the opportunity to review which applications are listed as “Device Administrators.” Apps with this level of privilege can do extreme things, such as erasing the entire phone.
Some applications need administrator privileges to do their job, but such apps have explicit justifications listed in the Device Administrators list.
Getting to your list of apps with administrator rights can vary from one phone to the next, but the path should be something like Settings > Security > Device Administrators.
On our Samsung S21 Ultra unit, the menu is called “Device admin apps” and is listed under “Other security settings” within the Biometrics and security menu. Few apps should have this privilege toggled on, and you should disable this permission for any applications you don’t know for sure should have complete control of your phone.
Factory Reset Your Phone
Yes, completely wiping and resetting your phone to its out-of-the-box state may feel a little drastic. However, it could be the fastest way to remove malware from an Android phone.
It should be no more than a mild inconvenience for most people since all your information is in the cloud. So, once you’ve signed in with your Google account after the reset, your data should be restored automatically. Before you reset, read Google’s backup and restore document, so you’re sure how it works.
Serious Infections Such As Rootkits
Certain types of malware prove harder to remove from your Android phone than your typical bug. Some of them are so tough that they’ll survive a factory reset! Rootkits are a prime example of such a hard-to-kill malicious program.
A rootkit is a type of malware that installs itself into the core parts of the operating system. Normally, those critical parts of the software running your phone would be completely off-limits, but hackers find exploits in systems all the time and use those to enable the installation of rootkits.
Rootkits are almost impossible to detect, but poorly-written ones can still produce classic malware symptoms. They are the most dangerous form of malware because they offer complete control of your phone to a stranger. They can spy on you and do with your phone data what they like.
Antivirus makers aren’t sitting on their hands. Apps like Avast Antivirus also come with a built-in rootkit scanner. Of course, it’s not clear how effective they are because we can’t know about the rootkits these scanners miss, but it’s better than nothing!
An Ounce of Prevention
Hopefully, if you were infected with malware, the above tips have helped cleanse your phone of evil. If it turns out you weren’t infected, that’s even better news!
Now we need to talk about not getting infected or victimized by malware in the first place:
- Only install apps from the official Google Play Store unless you’re 100% sure where a third-party app is coming from.
- Don’t sideload apps from sites that provide pirated copies of apps.
- Don’t root your phone unless you know exactly what the risks are and how to compensate for them.
- When using public USB charging points, use a power-only cable to avoid malware embedded in hacked chargers.
- Think carefully about which permissions apps ask for and whether they need them to work. If not, deny the permission and if the app refuses to work, delete it.
- Don’t install “free antivirus” apps from unknown brands or click on links promising a free malware scan. These are likely “scareware” or another form of malware themselves.
Finding out you’ve got malware on your phone can feel like quite a violation, but with the right safeguards, you’ll almost certainly avoid becoming a victim in the first place.