It’s commonly suggested that Android has a “virus problem.” But, while there are viruses and malware on Android, it’s not really something you need to be concerned about—as long as you pay attention to what you’re doing.

Android is Inherently Secure

Android itself is a pretty secure operating system—a statement that has only gotten truer over the last few years. Right out of the box, all mainstream Android phones feature a locked bootloader to prevent access to the system partition. Optional “sideloading” of non-approved apps is also disabled by default.

Those two (unlocked bootloaders and sideloading apps) are by far the most common ways that people get malware on their Android devices, and both are blocked by default. The fact of the matter is that most of Android’s malware issues are only there because certain default security features have been disabled. Alas, that’s one of the primary things that sets Android apart from the competition. You’re free to do more of what you want with your handset, even if that means weakened security.

That said, Google has even made sideloading more secure with Android Oreo. Instead of this feature being a blanket setting that simply allows or disallows apps being  installed from outside of the Play Store, it now works on an app-by-app basis. That means you can allow apps to be installed from something like the Amazon Appstore, but nothing else. It’s a smart way to handle this setting.

Put simply: if you never plan on unlocking the bootloader (which isn’t even possible on many phones) or sideloading apps, you’re as protected as you can be by the system alone.

The rest, however, does take a little due diligence on your part.

Google Play Protect Scans Apps, but It’s Not Perfect

Google has a system in place that scans all apps in the Play Store (and on your phone). It’s named Google Play Protect. Think of it as always-on, always-scanning malware protection for your phone.

RELATED: How to Avoid Malware on Android

But like any malware scanner, it isn’t perfect. Things do slip through the cracks, and sometimes these malicious applications have been downloaded tens of thousands of times before they’re discovered. That’s the type of thing that leaves the impression that Android is an insecure, malware-infested operating system when covered by the media.

And while it does happen, this is also an unfair depiction of Android as a whole. We’ve talked about how to avoid malware on Android before, but one key point is worth reiterating: pay attention. That’s really all there is to it. Make sure the developer is legitimate, read the description, look at the screenshots, and check the comments.

All in all, these are things that should be done before installing an app anyway (and not just on Android), and it really doesn’t take that long to do. The odds are the app you’re planning on installing is legitimate and you have nothing to worry about, but taking a few minutes to read over the details before installing will be the difference between getting the app you’re looking for and installing a malicious piece of software.

RELATED: How to Spot (and Avoid) Fake Android Apps in the Play Store

And No, You Don’t Need an Antivirus App Installed

Many, many antivirus companies have capitalized on Android’s “virus problem” by releasing malware scanning apps for the platform. Don’t get me wrong—it’s cool that these are an option! But they’re not really going to find anything that Google doesn’t already know about and has protection against with Play Protect.

Of course, most antivirus apps on Android do other things, too—like block spammy phone calls, protect your phone from theft, and more. Those are added benefits, but also they’re also features Android now has built in.

To put it plainly, you can use an antivirus app if it makes you feel better, but all you’re really doing is allowing some third-party app to use up resources doing what your phone already does on its own. It doesn’t make a lot of sense.

If you just pay a little bit of attention to what you’re installing from Google Play, you’ll be fine. That’s really all there is to it.

Profile Photo for Cameron Summerson Cameron Summerson
Cameron Summerson is ex-Editor-in-Chief of Review Geek and served as an Editorial Advisor for How-To Geek and LifeSavvy. He covered technology for a decade and wrote over 4,000 articles and hundreds of product reviews in that time. He’s been published in print magazines and quoted as a smartphone expert in the New York Times.
Read Full Bio »