Skip to content

Detecting and removing Android malware

Phones contain more sensitive information than PC’s and Workstations. It usually contains pictures, credit cards, private messages, and other valuable data for adversaries.

If you think it will turn into a “legal issue”, DO NOT shut the device down or try to remove the malware, and call in a first responder instead.

Detecting malware

  • If the symptoms appeared immediately after installing an app, that app may be the guilty party.
  • If you get ads in the notification bar, then long tap those and then touch on All Categories to learn which app is displaying the ads.
  • Go to Settings -> Battery and monitor usage. If you recently charged, Battery usage data is not available. Wait a few hours for the data to become available.
  • Go to Settings -> Network & Internet -> Data usage -> Mobile data usage / Wi-Fi data usage.

Removing malware

  • Go to Settings and tap on Apps (& Notifications).
  • Locate the app.
  • Tap on it, and choose Uninstall.

If the Uninstall option is greyed out or not there at all, then it means that the app has gained privileges.

Removing admin rights

  • Go to Settings -> Security & location -> Device admin apps.
  • Tap on the checkbox and then tap on Deactivate this device admin app.
  • Go back to the Apps & notifications to remove it.

Fail

  • If removing admin rights did not work, do a Factory reset
  • If a factory reset does not work, it is probably a very persistent malware (like xHelper), and you may wish to analyse it further and/or get help doing so.