How to check and remove malware on Android devices

Your Android phone is running slow. The battery drains faster than usual.. And those annoying pop-up ads? They’re everywhere. Maybe it’s just normal wear and tear—or maybe it’s malware.

Malware isn’t just an inconvenience. It can steal your personal data, track your activity, or even take control of your phone. It might lurk in a sneaky app or a suspicious download, posing a hidden threat in the background. Knowing how to check for malware on Android is the first step to protecting your device.

In this guide, we’ll show you how to remove malware on Android, from spotting the warning signs to getting rid of infections for good. We’ll also cover simple ways to keep your phone safe so you won’t have to deal with malware in the first place.

What is malware?

Malware is short for malicious software. It’s any software designed to harm your device, steal data, or spy on your activity. It can get onto your Android phone through fake apps, suspicious downloads, or infected websites. Once inside, it can slow your phone down. It can also flood it with ads or steal your personal information.

How malware impacts your Android phone

Malware can do more than just make your phone sluggish. Here’s how it can affect your device:

• Slows down performance: Malware runs in the background, using up processing power.
• Drains battery fast: Some types of malware constantly collect data, causing excessive battery usage.
• Displays pop-up ads: Adware-based malware bombards your phone with unwanted ads, even outside apps.
• Spies on your data: Some malware steals passwords, banking details, and personal information.
• Hijacks your phone: Ransomware can lock you out of your device, demanding payment to regain access.

What’s the difference between malware and viruses?

Many people use “virus” and “malware” interchangeably, but they’re different. All viruses are malware, but not all malware are viruses. That might sound complex, but it’s not. Let’s break it down.

Malware: The broad category of threats

Malware includes any software designed to harm or exploit a device. It comes in many forms, including:

• Spyware: Spyware secretly tracks your activity and collects personal data.
• Ransomware: Ransomware locks your device and demands a payment to unlock it.
• Adware: Adware bombards you with pop-ups and unwanted ads.
• Trojans: A trojan disguises itself as a legitimate app to trick you into installing it.

Viruses: A specific type of malware

A virus is a type of malware that replicates itself by attaching to files or programs. On computers, viruses spread when infected files are shared or opened. Traditional viruses are rare on Android because apps run in a sandboxed (isolated) environment. This means they can’t easily interact with other apps or system files to spread further.

That doesn’t mean Android is virus-proof. Some malware acts like a virus by disguising itself as legitimate apps or spreading through phishing links. These threats often:

• Trick people into installing them by mimicking real apps.
• Exploit security flaws to gain deeper access to the device.
• Download additional malware once installed.

Common misconceptions about viruses on Android

Many people assume any phone issue means they have a virus, but that’s not always the case. Android malware behaves differently from traditional computer viruses, and some common myths can lead to confusion:

• “My phone has a virus!” Most of the time, it’s malware, not a virus. Android security measures make viruses uncommon.
• “Viruses spread like they do on PCs.” Android malware usually comes from shady apps or downloads, not infected files.
• “A factory reset removes all malware.” Some malware can survive a reset, especially if it has deep system access.

Signs your Android phone might be infected

Malware doesn’t always make itself obvious. If your Android has been acting strangely, it’s important to check for signs of infection before the damage gets worse.

Symptoms of malware on Android

Different types of malware cause different issues. Some might interfere with system performance, while others steal data or bombard you with ads. Here’s what to look out for:

Symptoms caused by viruses:

• Unexplained crashes or reboots: If your phone suddenly restarts on its own or apps crash frequently, a virus may be interfering with system processes.
• Corrupted files or apps: If files won’t open or apps behave strangely, malware could be altering or damaging them.
• Unusual behavior of legitimate apps: If an app you trust suddenly asks for new permissions, behaves erratically, or opens without you tapping it, it could be infected.

Symptoms caused by other malware types:

Malware doesn’t have to be a virus to cause problems. Many other types of malicious software can slow your phone down or even steal personal data. Watch out for these warning signs:

• Drastic battery drain (spyware, trojans): Malware running in the background uses up processing power, causing your battery to drain faster than usual.
• Unexpected pop-ups or ads (adware): If you’re seeing pop-ups even when you’re not using a browser, you might have adware forcing ads onto your screen.
• Apps you don’t remember installing: Some malware downloads other malicious apps without your permission. If you see unfamiliar apps on your phone, it’s a red flag.
• Unexplained data usage (spyware, ransomware): A sudden spike in data usage could mean malware is secretly sending information to an external server.
• Phone overheating: If your phone gets hot even when you’re not using it, malware could be overloading your system.

How to check for malware on Android

Seeing signs of malware on your Android phone? The next step is to determine whether your device is infected. Let’s go through how to check for malware on Android using built-in security features and manual checks.

Using built-in tools to detect malware

Activate Google Play Protect

Google Play Protect is Android’s built-in security feature that scans apps for malware, even if you downloaded them from outside the Play Store. To scan your apps:

1. Open the Play Store on the Android device you want to scan.
2. Tap on your profile in the upper-right corner.
3. Tap on Play Protect, then Scan.
4. If malware is detected, tap Remove to uninstall the malicious app.

You should uninstall apps that Play Protect flags as malicious. Play Protect isn’t a comprehensive solution, though, as it doesn’t scan your downloaded files.

Review app permissions

Some malware gains admin privileges, which allow it to control critical system settings, making it harder to remove. You should revoke admin privileges from any app you don’t recognize. Here’s how:

1. Open the Settings app and tap on Security.
2. Tap on Other security settings.
3. Tap on Device admin apps, then Device administrators or Phone administrators.
4. Toggle off admin access for any suspicious apps.
5. Tap Deactivate.

If an app refuses to deactivate, you may need to try and remove the malware a different way.

How to check for malware on Android manually

Step 1: Review your installed apps

Android allows you to install apps from outside the Play Store, but apps from unverified sources are more likely to contain malware. To block these downloads:

1. Open the Settings app and tap on Apps.
2. From the hamburger icon, tap on Special access.
3. Tap on Install unknown apps.
4. Ensure that no apps or browsers have permission to install unknown apps.

Some malware installs additional apps without your knowledge. Check for unfamiliar apps on your phone by:

1. Opening Settings and tapping Apps.
2. Scrolling through the list and looking for apps you don’t remember installing.
3. Tapping on an app to check its permissions and revoke any unnecessary access.

If you’re unsure about an app, search its name online to confirm whether it’s legitimate or potential malware.

When you install an app from outside the Play Store, it comes as an APK file, similar to a ZIP file. Malicious APK files can remain on your device even after installation. To check for hidden APKs:

• Open the File manager or My files app.
• Tap APK or Installation files to view downloaded APKs.
• Delete any unwanted APK files and uninstall any associated apps.

If you find an APK file you don’t remember downloading, your device may be compromised.

Step 2: Check for excessive data usage

Malware can secretly send data from your phone to external servers, leading to unexpected spikes in data usage. To check which apps are using the most data:

1. Open the Settings app and tap on Network & internet or Connections.
2. Tap on Data usage.
3. Tap on Mobile data usage and Wi-Fi data usage to see which apps are using mobile and Wi-Fi data.
4. Uninstall apps that consume a lot of data but don’t need it to function properly. For example, a calculator app shouldn’t need mobile data to work.

Step 3: Clear suspicious app data or cache

Some malware stores harmful data in the system cache. Clearing an app’s cache can help remove hidden malware traces. To do this:

• Open Settings and tap Apps.
• Select the suspicious app.
• Tap Storage & cache, then Clear cache and Clear storage.

This removes stored data that malware might use to operate. If the app still behaves suspiciously, consider uninstalling it completely.

Scanning your phone with trusted antivirus apps

If you suspect your phone has malware, using a trusted antivirus app can help detect and remove threats. 

Recommended free antivirus apps

Free antivirus apps can provide a decent level of protection against malware, though they may lack premium features like real-time protection or advanced threat detection. Free versions also often have ads.

Here are some of the best free options:

• Malwarebytes Mobile Security: Scans for malware, adware, and phishing scams. Includes a privacy audit feature to check app permissions.
• Avast Mobile Security: Detects and removes malware while offering additional tools like Wi-Fi security scanning.
• Bitdefender Antivirus Free: Lightweight and efficient, this app offers on-demand malware scanning without draining battery life.
• Sophos Intercept X: A well-rounded security app that includes malware detection, web filtering, and a secure QR scanner.

Best premium antivirus apps

Paid antivirus apps offer real-time malware protection, automatic scanning, and extra security features like anti-theft tools and identity protection. Here are some of the top premium options:

• Norton Mobile Security: Features real-time malware protection and dark web monitoring for personal data leaks.
• Bitdefender Mobile Security: Provides top-tier malware detection and web protection for safe browsing.
• McAfee Mobile Security: Includes anti-theft features, secure browsing tools, and a Wi-Fi security scanner.
• Avast Mobile Security Premium: Offers advanced anti-malware protection and app lock features.
• Trend Micro Mobile Security: Blocks malicious apps before installation and provides protection against phishing attacks.

Want to boost your protection further? ExpressVPN adds another layer of security by encrypting your internet connection, making it harder for cybercriminals and malware to intercept your data and target you. A VPN helps protect sensitive information when browsing, especially on public Wi-Fi networks, where cyber threats are more common. This helps to reduce the risk of malware getting into your system in the first place.

Get ExpressVPN

How to remove malware on Android

If your Android phone is showing signs of malware, removing it quickly is key to preventing further damage. Some malware is easy to uninstall, but other types may require extra steps, such as using Safe Mode or resetting your device. 

Step-by-step guide on how to remove malware from your Android device

Not all malware behaves the same way. Some may slow down your phone, while others hide in the background and steal personal data. Here’s a step-by-step guide on how to remove malware on Android.

Restart your phone in Safe Mode

Safe Mode disables third-party apps, including any malware running in the background. This makes it easier to uninstall malicious software. To enable Safe Mode:

1. Press and hold down the power key. Depending on your device, you may have to press the power button and volume up button simultaneously.
2. Touch and hold the on-screen power button until the Reboot to Safe Mode message appears.
3. Tap OK to reboot your Android phone in Safe Mode.

While in Safe Mode, check your installed apps from your settings. Uninstall unrecognized apps. If you cannot uninstall a suspicious app, disable it first and check if it has admin privileges. Revoke any admin privileges for the app and try to uninstall it again. To exit Safe Mode, simply restart your device.

Identify and uninstall suspicious apps

If your phone is running normally but you’ve noticed signs of malware, check your installed apps manually. Some malware disguises itself as legitimate apps. Here’s what to do:

1. Open Settings and tap Apps.
2. Scroll through the list and look for apps you don’t remember installing.
3. Tap on a suspicious app, then uninstall it.
4. If you’re unsure about an app, check Play Store reviews or search online to see if others have reported security issues.

Read more: How to declutter your phone: Step-by-step guide

Clear your browser’s cache and cookies

Malware can inject unwanted ads and pop-ups into your browser. Clearing your cache, history, and cookies can help remove these threats. To do this:

1. Open the Settings app and tap on Apps.
2. Search for your phone’s browser (e.g. Chrome, Firefox, Edge).
3. Tap on Clear cache and Clear storage/Clear app data.

Use a trusted antivirus app

If malware persists, scan your phone using a trusted antivirus app. Apps like Malwarebytes, Bitdefender, and Avast can detect and remove hidden malware that Safe Mode or manual checks might miss.

Perform a factory reset

If your phone is still acting up and malware won’t go away, a factory reset may be the only solution. This wipes your device completely, removing all apps, files, and settings. Back up important data before you do this.

To factory reset your Android phone:

• Open Settings and tap System then Reset options.
• Tap Erase all data (factory reset).
• Confirm the reset and wait for your phone to restart.

Once your phone resets, only reinstall trusted apps from the Play Store to avoid reinfection.

How to protect your Android device from Malware

Removing malware is one thing—keeping it off your phone is just as important. Cybercriminals are always finding new ways to infect devices, so taking preventive measures can help you avoid security risks. 

Best practices to keep your phone safe

Most malware infections happen because of unsecured downloads, outdated software, or phishing attempts. Here are our top tips to keep your Android phone safe from malware.

Download apps only from the Google Play store

Google Play Store apps go through security checks, making them far safer than third-party app stores or APK downloads. Many malware infections happen because people download apps from unverified sources. To stay safe:

• Avoid “cracked” or modified apps from unofficial sites.
• Always check app reviews before installing.
• Be cautious of apps that request unnecessary permissions.

Regularly update your phone and apps

Updates aren’t just about new features—they fix security vulnerabilities that cybercriminals exploit. Keeping your device updated ensures the latest security patches are applied. Follow these tips:

• Enable automatic updates for apps in the Play Store.
• Install Android system updates as soon as they’re available.
• Keep security patches up to date to protect against the latest threats.

Avoid clicking on suspicious links or ads

Cybercriminals use phishing emails, fake ads, and pop-ups to trick people into downloading malware. If something looks suspicious, don’t click on it. Keep these tips in mind:

• Avoid clicking on email links from unknown senders.
• Be cautious of pop-up ads, especially ones that claim your phone is infected.
• Never enter personal information on unfamiliar websites.

Use strong passwords and two-factor authentication

Weak passwords make it easy for cybercriminals to access your accounts. A strong password combined with two-factor authentication (2FA) adds an extra layer of security.

• Use a mix of letters, numbers, and symbols in passwords. Avoid using easy-to-guess combinations or words like your birthday or pet’s name.
• Avoid using the same password across multiple accounts.
• Enable 2FA on important accounts like email, banking, and social media.

A password manager can help generate and store unique, secure passwords for all your accounts.

Use a VPN to secure your internet connection

Cybercriminals often exploit public Wi-Fi networks to steal data or inject malware into connected devices. To help stop them, you can use a VPN for Android. ExpressVPN encrypts your internet traffic, hiding it from cybercriminals who want to intercept your data.

ExpressVPN also helps protect against phishing attacks by masking your online traffic, reducing the risk of malware-infected sites tracking you. Browse more securely, keep your personal information private, and stay protected from online threats.

Get ExpressVPN

How does malware infect Android phones?

Malware doesn’t appear out of nowhere—it needs a way to get onto your device. Cybercriminals use deceptive tactics to trick people into downloading infected apps, opening malicious files, or visiting compromised websites. 

Downloading apps from third-party sources

One of the most common ways malware gets onto Android devices is through apps downloaded outside the Google Play Store. While Play Store apps go through security checks, apps from unverified sources don’t.

Malware-infected apps often disguise themselves as:

• Fake versions of popular apps that look legitimate but contain hidden malware.
• “Cracked” or modified apps that promise free premium features but come bundled with malicious software.
• Fake security or cleaning apps that claim to remove malware but actually install it.

Opening malicious email attachments

Phishing emails remain one of the most effective ways cybercriminals spread malware. These emails often contain attachments or links that install malware once opened.

Signs of a phishing email include:

• Urgent or threatening language, such as “Your account has been compromised!”
• Unexpected attachments from unknown senders.
• Suspicious email addresses that look similar to legitimate companies but contain slight misspellings.

To avoid malware infections, never open attachments or links from unknown sources. If an email claims to be from a trusted company, verify by visiting their official website directly instead of clicking links in the email.

Clicking on suspicious ads or links

Some malware infections start with a single click. Cybercriminals create fake ads and malicious websites designed to lure people in. Clicking on these ads or links can:

• Trigger automatic malware downloads onto your device.
• Redirect you to phishing sites that steal login credentials.
• Launch pop-ups that trick you into installing fake security apps.

Connecting to unsecured Wi-Fi networks

Public Wi-Fi networks lack proper security, making them an easy target for cybercriminals. If your phone connects to an unsecured Wi-Fi network, attackers can:

• Intercept your data, including passwords and payment details.
• Push malware onto your device through fake updates or downloads.
• Redirect you to malicious websites that install spyware or ransomware.

To stay safe on public Wi-Fi, avoid using public networks for banking or entering sensitive information, and disable automatic Wi-Fi connections in your phone settings. You can also use ExpressVPN to encrypt your connection and keep your data private from cybercriminals on public Wi-Fi.

How to stay safe and malware-free

Malware can slow down your phone, steal personal data, and even compromise your security. To keep yourself safe, only download apps from trusted sources, avoid suspicious links, keep your phone updated, and use security tools like antivirus apps to reduce the risk of infection.

Want more protection? You can try ExpressVPN to help secure your internet connection. Our VPN encrypts your traffic, making it harder for cybercriminals to track you or inject malware through unsecured networks. You also get Threat Manager included in your subscription, which blocks ads and malicious websites before they reach your Android phone. Stay safe and prevent malware from seeping through the cracks.

Get ExpressVPN