How do I find malicious apps on Android?

Malware is malicious software that is intentionally designed to cause damage to devices or networks. Malicious apps are applications that contain malware or unwanted behaviors like aggressive advertising, collecting personal data without consent, etc. With the rising popularity of Android devices, malware specifically targeting Android platforms has become an escalating threat.

According to research, Android users face four times more malware threats compared to iOS users. In Q2 2023 alone, over 30% of all mobile malware detections targeted Android devices [1]. Adware remains one of the most prevalent threats, representing over 34% of all Android malware in Q1 2023 [2]. As malware continues to evolve, it’s important for Android users to understand how to identify and remove malicious apps.

How Malware Gets on Your Device

Malware can get on your Android device in several ways:

App Stores – While Google Play is generally safe, it’s not immune to malicious apps slipping through. Apps may appear innocuous but contain hidden malware. According to Kaspersky, over 30,000 malware-laden apps were removed from Google Play in 2020.

Third-Party App Stores – Downloading apps outside the official Google Play store increases your risk. Third-party stores lack Google’s security checks, so it’s easier for hackers to publish malicious apps.

Sideloading Apps – Installing apps directly from unknown sources rather than app stores carries serious risks. Sideloaded apps bypass any malware scans performed by app stores.

Malicious Links – Clicking unsafe links in emails, messages or web browsing can trigger malware downloads. This may happen without any action on your part as visiting a compromised site can be enough.

According to Android Authority, over 35 million Android devices showed evidence of sideloaded malicious apps in the first half of 2020. Staying within Google Play and avoiding unknown sources are key steps to prevent malware.

Signs of a Malicious App

There are some telltale signs that indicate an app may be malicious:

Asks for unnecessary permissions – Legitimate apps only request permissions that are needed for their intended functionality. Be wary of apps asking for broad access like contacts, SMS, call logs, camera, microphone etc. when not relevant.

Drains battery – Malicious apps running background processes can drain battery life much faster than usual.

Generates excessive data usage – Malware and adware can rack up data usage by silently downloading files or serving ads. Monitor your data usage for any unusual spikes.

Sends premium SMS without consent – One common scam is malware that subscribes you to premium SMS services without permission, charging your account. Keep an eye out for any unknown SMS charges.

Overall, be vigilant of any app exhibiting suspicious permission requests, abnormal battery drain, suspicious network usage, or unexpected billing charges. These could indicate a malicious app. Cross-check app reviews as well before installing.

Built-in Malware Scanning

Android devices have built-in malware scanning and protection through Google Play Protect. This service by Google continuously scans apps from the Google Play Store and on your device to check for harmful behavior. According to Google’s security blog, Google Play Protect scans over 125 billion apps daily to help protect users from malware and unwanted software.

When you install apps from outside the Google Play Store, Google Play Protect will automatically scan them to verify safety. You can also manually trigger a scan of all apps on your device through the Play Protect menu in the Google Play Store app. This will check for any apps exhibiting dangerous functionality. Google frequently updates Play Protect’s capabilities to detect emerging and evolving threats.

Another key security measure is maintaining your Android device up-to-date with the latest software patches. Google and device manufacturers release monthly updates to fix vulnerabilities and improve defenses. Regularly installing these updates helps protect your device from new methods of malware.

Third-Party Malware Scanners

One of the best ways to detect malicious apps is to use a dedicated third-party malware scanning app. These apps provide more robust malware detection and protection compared to the built-in Google Play Protect. Some top options include:

Lookout Security & Antivirus (Source) – Lookout uses AI and machine learning to continuously analyze apps on your device, even when they are not in use. It can detect malicious and risky apps, phishing attacks, and spyware. Lookout offers both free and premium versions.

Malwarebytes (Source) – Malwarebytes focuses on detecting and removing malware that may have infected your device. It scans apps, files, and web threats. The premium version includes real-time protection. Malwarebytes is good at finding targeted, hard-to-detect malware.

AVG Antivirus (Source) – AVG Antivirus can scan apps, files, and web links for malware. It offers both free and premium versions with features like real-time scans, anti-theft, app locking, and call blocker. AVG uses advanced machine learning algorithms to detect emerging malware threats.

Norton Mobile Security (Source) – Norton provides comprehensive malware protection including app advisor, web protection, WiFi security, and system advisor. The premium version adds features like App Lock, SafeCam, and Privacy Report. Norton leverages a global threat intelligence network to stay on top of new malware.

Manually Checking App Permissions

You can view the permissions granted to each app on your Android device by going to Settings > Apps & notifications > App permissions. Here you can see a list of all the apps installed on your device and the permissions they have been granted.

Some permissions that are commonly abused by malicious apps include:

  • Phone – Allows the app to make calls without your confirmation
  • SMS – Allows the app to send text messages, which could rack up charges
  • Location – Allows the app to access your location data
  • Camera – Allows the app to take pictures and record video without your knowledge
  • Microphone – Allows the app to record audio without your knowledge
  • Storage – Allows the app full access to files on your device

You should pay close attention to any apps that request access to sensitive permissions like SMS, call logs, or location but don’t need those permissions for their intended functionality. Additionally, be wary of apps that ask for a long list of permissions they don’t need. These could be signs of a malicious app.

If you notice an app has overly broad permissions, you can revoke its access by tapping the permission and selecting “Deny.” You can also uninstall any suspicious apps. Keep in mind that some permissions are required for apps to function properly, so don’t blindly revoke access without considering how it will impact the app’s usability.

According to researchers, some of the most commonly abused Android permissions by malware are access to SMS, contacts, camera, microphone, location, storage, and call logs (Source: Being vigilant about which permissions your apps request can help you identify and remove malicious apps.

Checking App Reviews

One way to spot a potentially malicious app is to read through its reviews on the app store. Look for complaints of malware, spyware, suspicious behavior, or permissions that don’t match the app’s stated purpose. For example, a flashlight app asking for access to contacts or location data could be a red flag. Sort reviews by most recent first to see the latest concerns.

According to research from Northeastern University and the University of Chicago, analyzing the text of app reviews can help identify malware with over 95% accuracy. The researchers developed an automated technique to scan for certain keywords that tend to occur more frequently in reviews of malicious apps. Some examples are “virus,” “risk,” “spam,” “fake,” and “steal.”

If you see a suspicious spike in negative reviews or mentions of malware, take it as a warning sign. Pay extra attention if the developer does not respond to complaints or does not push updates to address issues. Legitimate apps will typically address major problems reported in reviews. The absence of developer involvement could signify an abandoned or harmful app.

Limit App Downloads

One of the best ways to avoid malicious apps is to limit your app downloads to official sources like Google Play. The Google Play Store scans apps for malware before allowing them on the platform, so it is generally safe to download apps from there.

You should avoid downloading apps from unknown third-party app stores or websites. These sources do not properly vet the apps they host and are much more likely to contain malware. Even some well-known third-party stores like Aptoide have been known to host malicious apps on occasion.

If you need an app that is not available on Google Play, use trusted sources like APKMirror or F-Droid. While not completely risk-free, these sites do scan apps and have a good track record for safety.

In general, limiting your app downloads to official sources like Google Play is the best way to avoid malicious Android apps. Be very cautious with third-party stores and websites offering free APK files.

Keep Your Device Up-to-Date

One of the most important ways to protect against malware is to keep your Android device up-to-date with the latest security patches and Android OS versions. Google releases monthly security patches that fix vulnerabilities and issues that could allow malware to infect your device [1]. These updates are pushed out to Android devices, but you need to install them to be protected.

Go to Settings > System > Advanced > System update to check for any pending security updates. Install these as soon as they become available. You can also enable automatic updates on your device to get security patches as soon as they are released without any action needed on your part.

In addition to security patches, updating your Android version when major releases come out (e.g. Android 12 to Android 13) can bring security enhancements. New versions may provide better malware scanning capabilities or access controls. Make sure your device can support the latest Android OS version available and update when possible.

Keeping your Android device completely up-to-date provides critical security layers that prevent malware from exploiting weaknesses in the operating system. Make system updates a regular habit.


There are multiple techniques you can use to detect and avoid malicious apps on your Android device. First, pay attention to any strange behavior or signs that your device may be infected, like increased data usage or your battery draining faster. Take advantage of built-in malware scanners offered by Google Play Protect or your device manufacturer. You can also install third party anti-malware apps for additional protection.

Manually checking app permissions and reviews before downloading can help spot suspicious or clearly malicious apps. Limiting your app downloads to only trusted sources like Google Play also reduces your risk. Finally, keeping your device up-to-date with the latest OS and security patches closes vulnerabilities that malware could exploit.

Using a layered, proactive approach with multiple detection methods working in parallel is your best bet to keep malware off your Android device. No one technique is foolproof on its own, but combining scanning, best practices, and vigilance provides powerful protection. Stay safe out there!