How to Avoid Malware on Android

Android may have a more open platform than Apple, but with that comes the potential for malware. Google is trying to take steps to correct it with things like Google Play Protect, but it’s still out there. WIth a little bit of care, though, it’s pretty easy to keep your phone safe and malware-free.

What Is Android Malware?

I’m sure you’ve heard the term “malware” before—it’s a shortened version of “malicious software.” It’s all too common of an issue on Windows, but you can’t really think of it as the same thing on Android. It’s not going to cause a bunch of popups, make your browser lag, install toolbars, or anything like that. It just doesn’t work the same way.

Instead, it’s a lot less in your face. Often, people won’t even know they have this garbage installed, because it keeps itself more hidden on Android. A malicious app may disguise itself as a legitimate app, or it may hide itself from your view completely. All the while, though, it can run in the background doing any number of questionable activities, like stealing your private information and uploading it who knows where.

For example, the recently-found Skygofree malware does some pretty bad stuff—like having the option to execute some 48 different commands, turn on your phone’s microphone, connect to compromised Wi-Fi and collect tons of information, and more. It’s bad.

But don’t dump your phone and head for Apple just yet. It’s pretty easy to avoid malware on Android, as long as you’re even the slightest bit careful. Here’s what you should do.

Stick With Official Apps, and Be Cautious when Sideloading

One major thing that sets Android apart from other mobile operating systems is the ability to sideload apps—that is, install apps that aren’t in Google’s official Play Store. Most people won’t need to do this, but it can be handy if an app isn’t available in your country, or the latest version of an app hasn’t rolled out to your device yet.

Unfortunately, this setting can be dangerous. Google is also actively taking steps to reduce the number of malicious apps found in the Play Store, but it has no control over what you choose to manually install—and if you’re installing apps that haven’t been vetted, you’re at a much higher risk for installing malware. That’s why the option to sideload is disabled by default. Google has also improved the sideloading process in Android Oreo to make it a bit safer.

When sideloading any app, take a few seconds to ask yourself if you trust the source. Is it coming from a legitimate place? For example, you’re probably safe is the app is coming from APK Mirror, since all files are verified and approved by the site’s very cautious owner before they’re allowed to be hosted on the site. (I know the owner well, and have worked for him in the past.)

If, on the other hand, you’re downloading an APK from a site you don’t know, do some research first. Is this the developer’s website? Is the developer a well known and trusted one? Have other people vetted this software?

In addition, just look at the site—how many ads are there? What are the quality of those ads? If there’s a lot of fishy stuff going on, odds are you should probably avoid it.

Avoid Third-Party App Stores

Because you can sideload apps on Android, that means you can also sideload third-party app stores. There aren’t many legitimate reasons to do this, though there are exceptions—like using Amazon’s Appstore for exclusive apps or deals.

But the general rule here should be this: just use Google Play. It’s not perfect, but it’s still a lot safer than using some potentially janky third-party option that could be filled with all sorts of junk. Here’s how a bad situation could play out: let’s say you install a questionable third-party app store. You have to enable sideloading to install it in the first place, which allows you to also use this app store to install more apps. Even if you’re using Android Oreo, which requires sideloading to be enabled on a app-by-app basis, you have to grant this new app store permission to install apps.

But what if this app store itself is malicious? Now it has permission to install more apps, so it can install more malware. This is one of the primary ways malware is spread through the system.

For the Love of God, Don’t Install Pirated Apps

This goes hand-in-hand with the above point, and probably goes without saying—I really wish it did—but don’t pirate apps, you guys! Just like on Windows, pirating software is a great way to riddle your device with all sorts of questionable software. Who knows what you’re actually installing with pirated content, because it’s not always what you think it is.

Also, you know, pirating software from hardworking developers is just a generally crappy thing to do so just don’t do it, okay?

Make Sure You’re Installing Official Apps, Even When Using Google Play

All the above said, Google Play still isn’t perfect. For example, it was recently discovered there was a fake Whatsapp listing in the Play Store, and it had been download over one million times. It was such an impressive fake listing because even the developer name looked nearly identical to the actual developer of WhatsApp. That’s pretty scary stuff.

Again, Google is actively taking steps to reduce these kinds of problems, but a little due diligence can go a long way. When you’re installing new app, be wary of anything that looks amiss. Check its permissions, read the description, and check the developer’s account. If something doesn’t look right, it probably isn’t.

Always Install System Updates

Google releases monthly security patches for Android, which help in keeping the system protected against attacks—especially when a specific vulnerability is found that malicious applications are trying to exploit.

While every not every manufacturer will release updates as quickly they should, it’s your job to install every one they do send out. They won’t all bring new features, but the stuff they do behind the scenes will keep you protected against these attacks. Take the 15 minutes out of your day and do it.

Cameron Summerson is a die-hard Android fan, Chicago Bulls fanatic, metalhead, and cyclist. When he's not pounding keys here at HTG, you can find him spending time with his wife and kids, spinning legs on the bike, chugging away on the 6-string, or being disappointed in the Bulls.


Chris Hoffman is a technology writer and all-around computer geek. He's as at home using the Linux terminal as he is digging into the Windows registry. Connect with him on Twitter.