Detect Malicious Activity on Your Android Phone

Android’s highly customizable ecosystem makes it more prone to malware and viruses. Android malware can do much harm to your smartphone like stealing personal data, sending text messages to premium numbers, downloading infected apps, and using the phone for launching DDoS attacks.

If you suspect that your smartphone is being used for malicious acts, or it is acting weirdly, then take a look at the following way to find out if your phone is infected by malware.

How to Keep Your Smartphone Secure (6 Vital Tips)

How to Keep Your Smartphone Secure (6 Vital Tips)

Certain precautions to help you secure your smartphone and its data. Read more

1. Track internet usage

Most of these malware need the internet to do their job. You can simply track your device’s internet usage to figure out whether it is being used for any malicious acts or not.

Users with Android 5.0 or above can use the built-in data usage tracker. To do that, go to your phone’s Settings and tap on Data usage. Here you’ll see a list of all the apps that are using your data (both WiFi and mobile data).

A malicious app usually has pretty high data usage, so just look for an app that is using a considerably high amount of data even though you didn’t use it. You can tap on it to see further details about an app.

If your device doesn’t offer the built-in data usage tracker, you can use a third-party app like My Data Manager.

Data usage

Some malicious apps are created for stealing personal data and may not be detected with data usage tracking. Therefore, you should always check in your apps list if there’s a suspicious or untrusted one that you may have accidentally installed.

Once identified, you can uninstall the app if it isn’t necessary. Otherwise, you should at least block its access to the internet by going to App permissions from the phone Settings and blocking internet permissions of that particular app.

5 Apps to Monitor Mobile Data Usage

5 Apps to Monitor Mobile Data Usage

It's always a good idea to keep track of your mobile data usage so you can avoid exceeding... Read more

2. Unusual phone behaviors

Your phone may act a little different when infected with a hidden malware. As malware needs to do its job in the background, it will introduce some changes to your phone’s usual behavior. Some of the changes you may notice are:

  • Phone lights up even though there is no notification or call.
  • Your phone may automatically restart without a reason.
  • You receive text messages with random characters.
  • Phone battery suddenly starts depleting faster.
  • Your phone frequently heats up even when you are not using it.

If you notice sudden unusual behavior on your phone, then it’s a good sign it’s infected and you should use other methods in this list to track it down.

However, you should still do an online search to confirm the reason for your phone’s strange behavior before blaming a malware.

3. Is the phone suddenly slow?

Yes, there may be many causes of your phone slowing down, but if it happens suddenly then it could be due to a malware. Malware usually works vigorously and eats up loads of CPU and RAM while working. So your phone may suddenly slow down when it gets infected.

To confirm this:

  1. Go to Settings and tap on Apps.
  2. Now swipe left and move to Running section.
  3. Look for any unknown or untrusted app that may be using too many resources. You can tap on an app to see more details, including its permissions.
Background Apps

4. Check app permissions

Okay, this one requires a little bit of manual work, but it’s probably the best way to identify a malicious app or malware in your Android phone.

All the apps in your phone depend on permissions to access different functions of the phone. For example, a calling app will need access to the calling function, or a video editor app will need access to the storage of your phone.

If an app is asking for a permission that it doesn’t require for proper functioning, then something must be wrong. Just think about it, why would a video editor app need permission to send SMS? Sending SMS has nothing to do with editing a video.

You need to check all your app permissions or at least the ones you doubt, and see if they have access to any phone functionality they don’t actually need. Here’s how to access app permissions.

  1. Go to Settings and tap on Applications.
  2. Now open up the app you want to check permissions of and then tap on Permissions.
Access App Permissions

You will see all the permissions each app has asked along with a toggle button next to them to enable/disable the permission. As long as a permission is disabled, there is nothing to worry about. However, if you notice a permission enabled that the app doesn’t require to function, then disable it immediately.

Disable Permissions

Later, even if the app does require the permission for a legit reason, it will automatically ask you while performing that particular function. You can then enable it if you think the permission is needed for the app to do what it’s suppose to do.

To make it easier for you, I am going to list some sensitive permissions that you should think twice before allowing:

  • SMS: A malicious app could send SMS to paid numbers that you will have to pay for. Sending spam messages is also a concern.
  • Call: The app may make calls to paid numbers and you’ll be charged for them.
  • Internet: Could send your personal information to hacker’s servers, or even run DDoS attack.
  • Storage: Can see all your personal data saved in your phone and steal it for identity theft.
  • Admin: This permission should not be given to any app. It basically lets an app fully control the phone. If you have a rooted phone, then an app may be able to gain this permission. Avoid giving this permission to any app.

5. Phone automatically connects to the internet

As you might have read already, malware heavily depend on the internet connection to do their job. Therefore, some malware also automatically connect the phone to WiFi or mobile data if disconnected to do their job without interruption.

If you disable internet on your phone and it automatically gets enabled after a while, then probably it’s the job of a malware. Although, Android 8.0 Oreo also has a built-in feature to automatically enable WiFi, but you have to enable it yourself. Unless you didn’t enable this option, then it’s a malware.

6. Look for unknown apps

Some malicious apps don’t damage your phone, instead, they download different types of infected apps to do the damage. Go to phone Settings and tap on Apps. List of all the apps installed on your phone will open up. Search through this list and look for any apps that you don’t remember installing.

List of Apps

You might see preinstalled apps here as well, but they won’t have an “Uninstall” button to uninstall them. If you find any unknown uninstallable apps, then immediately uninstall them.

To find the culprit app that is installing these malicious apps, you can check both background apps and data usage of apps. If you notice any suspicious app running in the background and also using the internet by itself, then uninstall it as well.

7. Check browser search and download history

Similar to downloading malicious apps, some malware open shady websites, download malicious content, or simply access/download inappropriate content.

Checking your browser’s search and download history should help detect such acts. Just open up your browser’s history section and look for any webpage that you don’t remember opening. If you find any and no one else apart from you uses the phone, then it’s probably a job of a malware.

browser's history section

You can track data usage and background apps section of your phone to look for such infected apps.

8. Use an antivirus app

Antivirus apps can both help detect and clean up your phone of malware. Of course, they aren’t perfect, but in most cases they do manage to find the culprit.

There are many free antivirus apps available for Android, and I recommend Avast for best security. With it, you’ll get internet security, malware cleaner, Firewall, and WiFi protector in a single package.


Just install Avast and let it scan your phone for viruses. In most cases, it will be able to find the hidden malware.

Tips to better clean your phone from malware

Using the above tricks, you should be able to find if your phone is infected by a malicious software or not. Now uninstalling the app is usually enough to get rid of the malware, but sometimes you’ll need some extra effort if the malware is stubborn enough.

Below I have listed measures that can help you when a simple uninstall doesn’t help.

  • If the app is not uninstalling for some reason, then first clean its data from the same uninstall page and then try uninstalling.
  • If that doesn’t help, then go to App permissions from the phone Settings and open up permissions of that app. Here make sure you didn’t give it the Device admin permission. If you did gave it, then remove it and try uninstalling again.
  • It’s also easier to uninstall the app from the Android’s Safemode. The malware doesn’t work in the Safemode, so it won’t prevent itself from uninstalling.
  • In case the malware has disrupted your phone and it’s becoming impossible to uninstall the app as well, then it’s better to completely reset the phone. Your data will be deleted in the process (back it up beforehand), but most probably your phone will be free of malware. Go to Backup & Reset from the Settings and tap on Factory data reset to start the reset process.
  • Backup & Reset
  • If the malware is incorporated in the system files, then even a reset will not delete it. Although you can try using a file manager to look for the malware in system files, but it’s almost an impossible job without vast tech knowledge.
  • If nothing works, then you can also root your phone and flash a new custom ROM. This will renew everything and get rid of the malware, but you’ll lose phone manufacturer warranty.


Following the above guide should help you identify most types of malicious apps and uninstall them. In most cases, a complete reset isn’t required.

However, it’s the best way to completely get rid of a malware and remove its traces. Do let us know in the comments if you manage to get rid of the malicious app in your phone or not.