Android viruses are rare, but they exist. Almost exclusively installed via dodgy apps, the best way to avoid an Android virus is to keep to the secured confines of the Google Play store. Even that is not always enough to keep you entirely safe, however.
When Google becomes aware of a dodgy app it will automatically remove it from all affected devices, which is exactly what happened in January 2018 when Check Point discovered 60 apps were exposing children to pornography. In March it then pulled seven apps containing Andr/HiddnAd-AJ malware, which peppers devices with ads and notifications six hours after its installation.
However, Symantec has found that apps previously pulled from Google Play are reappearing with the same code but a different name and developer. This is true of at least seven apps on the US Play Store containing the Android.Reputation.1 virus.
Should your device get lumbered with some malware, we will explain how to:
- Put it into Safe mode
- If necessary remove the malicious app's administrator status
- Uninstall the app
If this fails a factory reset should remove the bug once and for all, though you would understandably prefer not to have to do so if your Android isn't backed up.
Before we begin, it's worth pointing out that your Android phone or tablet probably doesn't have a virus. What you're more likely to be seeing is an ad that wants to convince you the device is infected and that you need to download an app, or sluggish behaviour (in which case you should also check out our guide on how to speed up Android).
To prevent further threats, you might also want to install an antivirus app for your phone or tablet. You'll find our favourites in our round-up of the best mobile antivirus. Our top pick is Bitdefender.
If you're convinced that malware is at large, read on for instructions on removing it from your device.
Where do Android viruses come from?
The number-one way an Android virus finds its way on to your phone or tablet is on the back of an app.
This is true of all the biggest Android viruses to hit the headlines over recent years: Gunpoder, Ghost Trojan, Googlian and Godless all came to be in this manner, while Mazar sneaks in via a text message prompting you to download the Tor browser (guess what: you're not downloading the Tor browser).
Even the recent Loapi is installed from outside Google Play. The Loapi trojan is a disturbing new threat that is installed via antivirus apps that a user thinks they are installing to protect their device. It can place such a heavy workload on your device that it overheats and kills the battery; it can also send out text messages on your behalf, subscribe you to paid services without your knowledge, allow attackers to execute HTTP requests for DDoS attacks, and mine the cryptocurrency Monero.
Skygofree is another piece of Android malware, powerful spyware that is installed on your device via download links on fake websites posing as official sites for known brands, such as mobile operators.
Android viruses have various aims, with some running malicious processes on your device, some stealing your personal information and others downloading additional software, which may not always be malicious itself. Whatever they're up to, you don't want them there.
How to avoid Android viruses & malware
• Don't install apps from outside Google Play unless you know what you're doing: This functionality should be disabled by default, but to check you can open your phone or tablet's Settings menu, go to Security, then ensure the Unknown Sources option is disabled. If you do install an app outside Google Play, be absolutely certain that you are installing it from a legitimate source and not a fake website posing as an official source
• Avoid cloned apps: 99 percent of the time you will be safe downloading apps from Google Play, but malicious code has been found within apps there. Avoid downloading what appear to be cloned apps from unknown developers, or apps that simply don't do what they say they do
• Check app permissions: No matter from where you are installing an app, check its required permissions before hitting Install. Never allow an app device admin permission, which prevents it being deleted. And does a video player really need to see your contacts? You can also check reviews online and browse the developer's website to see whether it's a genuine operation or cowboy business
• Keep Android up to date: The latest version of the Android operating system won't necessarily be available for your phone or tablet, but you should check that it is as up to date as it can be. Next time you upgrade, consider a brand that is known for its timely operating system updates (for example, Nokia). Check out our guide on how to update Android for further advice
Unfortunately, it turns out that even if you update your Android device, it may not be as up to date as you think. Security Research Labs has published the results of an in-depth study in which it claims several big-name vendors are guilty of saying they've rolled out important patches when they haven't.
The worst offenders on its list are Alps, TCL, Oppo and ZTE, which it says have missed four or more critical and high severity patches on the claimed patch date. With two to four misses are HTC, BlackBerry, Asus, Fairphone, LG, Huawei and Lenovo. With one or two are OnePlus, Wiko, Xiaomi, Nokia, Motorola and Honor. Those in the good books with either zero or just one missed patch are Google, ZUK, LeEco, Samsung, Sony and BQ.
• Install an antivirus app: You don't need to install antivirus on Android, but it can give you peace of mind if you're concerned about viruses, and the apps often have other useful functionality too. Be warned that Android antivirus is known to occasionally report false-positives, but if you know an app is okay you know an app is okay. Our favourite antivirus option for Android is Bitdefender, but there's also plenty of other options for mobile security software in this separate article.
How to remove a virus from Android
Put your phone or tablet into Safe mode. This prevents any third-party apps running, including any malware.
On many devices you can press the power button to access the power off options, then press and hold Power off to bring up an option to restart in Safe mode.
If this doesn't work for your device then you should Google 'How to put [your model name] into Safe mode' and follow the instructions.
When in Safe mode you'll see 'Safe mode' at the bottom left of the screen.
Open your Settings menu and choose Apps, then make sure you're viewing the Downloaded tab (this will depend on the version of Android you're running).
Chances are you will know when your device started misbehaving, and you can usually line that up with a new app you might have downloaded.
If you don't know the name of the app you think has infected your Android phone or tablet, go through the list and look for anything dodgy-looking or that you know you haven't installed or shouldn't be running on your device.
Tap on the malicious app (clearly it won't be called 'Dodgy Android virus', this is just an illustration) to open the App info page, then click Uninstall.
In most cases, this is all you need to do to remove the virus, but occasionally you might find the Uninstall button is greyed out.
This is because the virus has given itself Device administrator status.
Exit the Apps menu and tap on Settings, Security, Device Administrators. Here you'll find a list of any apps on your phone or tablet with administrator status.
Simply untick the box for the app you want to remove, then tap Deactivate on the next screen.
You should now be able to return to the apps menu and remove that app.
With the virus now off your Android phone or tablet, all you need to is restart the device to take it out of Safe mode.
Now that it's working correctly it's a good time to back up whatever important data you have stored on the device, and install an Android antivirus app to protect you from any future viruses that come your way.
You might also like: Best antivirus for laptops & PCs