The Android operating system is more secure than ever. Security features such as app sandboxing, app signing, encryption, and verified boot are in place to keep your phone and your data from getting compromised. And yet, hackers and cybercriminals will always find a bug or flaw in the OS code to exploit, so they can spread their viruses and other malware. If your Android device happens to be infected with malware, you should know how to remove it.

Why not let malware remain in your Android device?

Malware is malicious software. The name itself already tells you that the intent of such software is anything but good. The things that malware (or malicious software) can do to your Android device are aplenty, and they’re often to the detriment of the users. One particularly common malware behavior is to gain access to your personal data, which hackers can sell to the black market or commit identity theft. 

Some malware try to hide in plain sight, hogging your smartphone’s processing power to mine cryptocurrency. Some malware variants with this behavior can be so taxing on your phone that they can damage the battery.


Some malware are ransomware, which can deprive you of access to your Android smartphone and your data until you pay ransom to the cybercriminals behind the ransomware.

Some malware can send SMS messages or make calls, and you’ll only know when you’re left with a huge bill over these messages and calls. 

What are some signs that your Android device is infected with malware?

When your phone becomes slow, such that your apps need a longer time to load, or when your battery runs out of juice sooner than expected, your phone just might be getting old from wear and tear. On the other hand, it is also possible that malware is the cause. 

Some signs are more indicative of malware infection. For instance, your browser may suddenly launch and load a random website, especially one that shows excessive and/or pop-up ads. Your apps may suddenly crash without warning. You may also notice new apps in your home screen that you don’t recall ever installing. And then there’s the high data usage that doesn’t correlate to your downloading habits.

Note that an infected Android device may also not show any symptoms whatsoever. Cybercriminals want to make the most of malware infections, so they may design their malware to function as surreptitiously as possible.

You’re positive your Android phone is infected. What do you do?

The first thing you need to do is to stop the malware in its tracks. Shut down your phone immediately. Press the power button and keep pressing on it until the phone completely turns off.

At this point, the malware can’t function nor spread. This will provide you a temporary relief and you won’t feel pressured to make sudden decisions that lead to bad results. It gives you time to continue reading this guide, make further research or seek professional help.

If you’ve decided on your next course of action, you’ll want to boot up your phone in Safe Mode.


How do you boot your phone into Safe Mode?

Available in most Android devices, Safe Mode is meant for troubleshooting and fixing your phone when problems arise, such as malware infections. In Safe Mode, the OS only runs essential software while all third-party apps are disabled. 

The steps to launch Android in Safe Mode may vary among devices. Generally, here’s how you do it:

Step 1: Turn on your phone.

Step 2: When your see your phone’s boot animation or splash screen, press and hold down the volume down button.

Step 3: Keep holding the volume down button until your phone restarts.

Step 4: Wait until the OS launches in Safe Mode. There will be a “Safe Mode” text at the bottom of your screen as indication. 

How do you identify the malware?

When you’re noticing signs of an infection, a common way to identify the malware is trace your recent activities on your smartphone. Do you remember installing and running apps just before the signs began showing? One of those apps might be the culprit.

Related articles

How do you delete the malware or offending app?

Deleting the malicious app is just like removing any legit app on your Android phone. You’ll simply need to find the app and uninstall it. In general, here’s how:

Step 1: Go to your device’s Settings.

Step 2: Tap Apps. Find the option that will let you see all the apps via the list. 

Step 3: Scroll through the list, find the app you want to remove, and tap it.

Step 4: Tap Uninstall. 

In some apps, the Uninstall option may not be available. But there should be a Disable option that you should choose instead. 

While you’re still in your Apps list, why not take some time to scroll throughout the list and see what else is installed your device? If you find unfamiliar apps with weird names or apps that arouse suspicion, uninstall them. 

Uninstalling the app didn’t work, what else can you do?

In worse scenarios, you might not be able to identify the malware on your own. You have uninstalled an app, but it may have not been the right one because the signs of infection keep manifesting.

Instead of wild guessing and uninstalling random apps, consider using an antivirus app that can scan your device for you and look for the malware. Some of the recommended, free antivirus apps for Android are:

If you’re willing to spend a few bucks, there’s Bitdefender Mobile Security ($15 yearly) and Norton Mobile Security ($30 yearly). The abovementioned free apps also have paid premium versions.

Antivirus apps can remove malware for you with just a tap on your screen. Plus, they help prevent further infections and offer many security-related features such as guest mode, identity protection, call blocking, and VPN.


Can a factory reset remove malware from your Android device?

It depends on the severity of the infection. Since a factory reset basically erases all data from your phone, including all third-party apps, then malicious apps will also be removed. However, some types of malware can persist even after a factory reset. 

The most prominent example of malware that can survive a factory reset is the xHelper. It’s a Trojan malware designed to force users into installing more apps to their phone.

Reports say it can even install more apps all on its own. Removing xHelper by uninstalling it via the phone settings or a factory reset simply won’t work, because it will just reinstall itself.

It took several months for Malwarebytes researchers to arrive at a working solution for removing the malware. So now, if your phone is infected with xHelper, removing it is as simple as installing Malwarebytes for Android and letting the antivirus app do the job for you.

How do you prevent malware from infecting your Android device?

As is often quoted, prevention is better than cure. You need to be proactive in protecting your Android device instead of merely responding to malware infections when they’ve already happened. 

First, consider your online browsing habits and mobile activities. Unless you know what you’re really doing, do not sideload unknown apps you’ve obtained from APK repositories and other sources. Do not click on links that redirect you to an unknown website. And whenever your phone prompts you to download and install the latest updates, especially security patches, do it as soon as possible.

Install any of the abovementioned antivirus apps. Let these apps perform a complete scan of your device from time to time. The sooner you’re alerted of suspicious activities in your phone, the sooner you can respond accordingly and lessen the potential damage.


Note that the effectiveness of these antivirus apps varies from time to time. What may be the most robust antivirus this year may become ineffective in the next. Read in-depth reviews and evaluations of antivirus apps, such as the ones from independent organization AV-Test. Be ready to switch to a new antivirus should your current antivirus fail to update its malware protection against the latest threats.

Intrigued by a new app on the Play Store? Take some time to review the details first. Learn about the developers’ background and determine their credibility. Don’t lower your guard just because the app has a rating of at least four stars of more, because you shouldn’t readily trust user reviews at the Play Store. It’s quite easy for cybercriminals to create fake, favorable reviews for their apps and improve their app’s popularity and exposure in the Play Store.

Before you install and run an app, review the app’s end user license agreement (EULA), privacy policy and other relevant terms-of-use contract. The documents can be tedious, but at least by reading them you’ll know how much data they will be collecting from you, how they will process such data, and to whom they will be sharing your data.

Join the Conversation


Your email address will not be published. Required fields are marked *

  1. Hello Androel, I’m very glad to read this very informative article as it explains everything properly especially on how to delete those malware and to prevent my device from being infected. Thank you!

  2. Nice article. And I observed that you increased your uploading of your articles these pass few days.. Kudos..

    1. Hello, Joseph! We’re glad you liked the article. Thank you for the support. We will always try to do our best to bring you guys (our readers) good content. :-)