Android phones can pick up malware through shady apps, fake updates, risky links, or overly-permissive downloads. The good news: you can do a solid first-pass security check at home in 15–30 minutes. Use the steps below to identify common red flags, remove suspicious apps, and harden your device.

1) Start with the obvious warning signs

Malware isn’t always dramatic, but it often leaves clues. Look for patterns like:

  • Battery draining unusually fast (especially when you’re not using the phone).
  • Phone overheating during idle time.
  • Sudden data usage spikes or unexplained mobile data consumption.
  • Pop-ups or ads appearing outside your browser (or on the home screen/lock screen).
  • Apps crashing, settings changing on their own, or accessibility features enabled unexpectedly.
  • Unknown charges, premium SMS messages, or strange notifications about subscriptions.

One symptom alone doesn’t prove infection, but multiple signs together justify deeper checks.

2) Check for unfamiliar or “too new” apps

Most Android infections start with an app install. Review what’s installed and remove anything you don’t recognize.

  1. Open SettingsApps (or Apps & notifications) → See all apps.
  2. Sort by recently installed (if available) and scan the list.
  3. Tap suspicious apps → check App details, permissions, and data usage.
  4. If you don’t trust it, Uninstall it.

Tip: Malware sometimes disguises itself with generic names (e.g., “System Update”, “Cleaner”, “Security”, “Flash”, “QR Scanner”) and vague icons.

3) Look for dangerous permissions and special access

Some permissions are particularly powerful and commonly abused. Check these areas:

  • Accessibility access: Settings → Accessibility → Installed apps/services. Disable anything you didn’t intentionally enable.
  • Device admin apps: Settings → Security → Device admin apps (wording varies). Turn off admin rights for unknown apps.
  • Notification access: Settings → Notifications → Special access. Remove access for apps that don’t need it.
  • Install unknown apps: Settings → Security/Privacy → Install unknown apps. Only allow trusted sources (ideally none).
  • Display over other apps: Settings → Apps → Special access → Display over other apps. Adware often uses this.

If an app that “shouldn’t need it” has high-level access, treat that as a strong indicator of risk.

4) Run Google Play Protect (built-in scan)

Play Protect is Android’s default app scanning feature and is a quick baseline check.

  1. Open the Google Play Store.
  2. Tap your profile icon → Play Protect.
  3. Tap Scan and follow any prompts.

Make sure scanning is enabled in Play Protect settings.

5) Check your data and battery usage for outliers

Malicious apps often “stand out” in usage stats.

  • Battery: Settings → Battery → Battery usage. Look for apps consuming power while you weren’t using them.
  • Data: Settings → Network & internet → Internet/Data usage. Look for apps using lots of background data.

If an unfamiliar app is unusually high on either list, uninstall it and reboot the phone.

6) Boot into Safe Mode to remove stubborn apps

If an app resists uninstalling or pop-ups won’t stop, use Safe Mode (it loads without third-party apps running).

  1. Press and hold the power button.
  2. Press and hold Power off until you see the Safe Mode prompt (on many devices).
  3. Enter Safe Mode, then go to Settings → Apps and uninstall suspicious apps.
  4. Restart normally to exit Safe Mode.

7) Update Android and your apps (patch the holes)

Even if you remove the bad app, outdated software can leave you exposed.

  • System update: Settings → System → System update.
  • Security update: Settings → Security & privacy → Security update (or similar).
  • App updates: Play Store → Manage apps & device → Update all.

8) Quick hygiene checks (small steps, big impact)

  • Review browser settings: Remove unknown site permissions and notification subscriptions.
  • Disable USB debugging unless you actively use it (Developer options).
  • Turn on Find My Device and ensure screen lock is enabled.
  • Use a strong Google account password and enable 2-step verification.

9) What to do if you still suspect infection

If symptoms persist after uninstalling suspicious apps and scanning:

  1. Back up important files (photos/documents). Avoid backing up unknown APKs.
  2. Change key passwords (email, banking, social) from a separate trusted device.
  3. Check for account compromise (Google account security alerts, unknown logins).
  4. Factory reset as a last resort: Settings → System → Reset options → Erase all data.

After a reset, reinstall apps slowly from the Play Store only, and avoid restoring “everything” if you’re not sure what caused the issue.

10) Prevention checklist (for the future)

  • Install apps only from the Google Play Store (or a trusted manufacturer store).
  • Be skeptical of “cleaner/booster/security” apps with aggressive ads.
  • Read permissions before installing; deny anything that feels unrelated.
  • Keep Android and apps updated.
  • Don’t tap links in unexpected SMS/DMs—verify first.

Bottom line: Most Android malware exposure can be detected through app review, special-access checks, and Play Protect scans. If red flags remain, a factory reset and password changes are the most reliable way to fully recover.