Help! My Android has malware!
What to do if you think you've got an infected Android phone or tablet
We've talked about antivirus apps for Android a little, specifically if you really need to use one at all. It's a good thing to talk about and sort through all the FUD and nonsense about malware on our smartphones and tablets.
Today, we're going to talk about what to do if you think you might be infected by malware. There's always plenty of discussion (and sometimes a bit of fear-mongering) about how to prevent malware on Android, but very little about what to do if it happens to you. Prevention is still the best idea, whether it's from careful monitoring of the things you do or by using an app to monitor for you, but you can survive a malware attack.
First, a word about Android "viruses"
Viruses do not exist for Android. The name gets used a lot, but technically there has never been a virus found to affect Android, and without some sort of crazy unknown exploit there never will be.
A virus is a bit of self-replicating executable code that can do its dirty work on one machine (yes, our Androids are machines) and also has the ability to automatically transmit itself to other machines. The way Android (and iOS, and some computer operating systems) is sandboxed means this can't happen. At least in theory.
To get malware on your Android, you have to have given it the OK to install itself. This doesn't mean that you said "Cool! Let me install this app that steals my data!" Malware is usually hidden inside something you want to install, or something you're tricked into installing.
Just know that you're not going to get malware from visiting a website or reading a message. You need to actually install it and approve the installation during the process.
Be an expert in 5 minutes
Get the latest news from Android Central, your trusted companion in the world of Android
Here's what to do if malware bites you
- Don't freak out.
Damage is already done if there is going to be any damage, and doing something silly like destroying your phone isn't going to undo anything. Your goals now are to remove the malware, and try to prevent any further data theft or loss. Then you go back and address what may have happened.
- Identify and remove the malware if you can.
Shut your Android off and use another computer to research things if you can here. You'll want to install and run one of the many Android AV apps (here are some free ones) to see if you can find any malware and get it removed. Read what we have to say about the various applications, read the forums to see what other folks have to say about the different Android AV apps, and decide which one you think is the best. Turn your Android back on, install it from Google Play, and let the app do it's thing.
- Access and address any damage
Never assume that you get away from something like this with no ill effects. Call your bank and change your online credentials. Do the same for your credit card companies, and get new cards sent with different numbers. Change the password for your Google account. Do the same for any other online accounts, like Yahoo or Microsoft or PlayStation or Android Central. If you see anything that looks like you didn't do it — credit card charges, crazy postings on FaceBook, or wire transfers from your bank to anywhere — be sure to let the people in charge know that it wasn't you who did it and that you had a bout with some malware during those dates. It happens. There is no need to be embarrassed about it and you'll find that people are willing to assist you any way they can. That's because they have seen it often enough to know that one day, they may be in your situation.
- Change some habits, maybe.
You might never be able to find out just how you got your phone or tablet infected, but you can evaluate if you need to do things a little differently to minimize the risk of it ever happening again. Maybe you need to stop using pirate app stores, or stop clicking "yes" without reading what you're agreeing to, or stop installing random email attachments. Nobody is blaming you for getting infected, but you're the only one who can prevent it from happening again.
Help! That didn't work!
First, see the top bullet point above and don't panic. You might not like doing it, but know that a factory reset will remove any malware you have inadvertently installed and kill it with fire.
If you have reason to believe your Android is infected but normal Android AV apps aren't finding anything, your last course of action is a factory wipe of all your data. This means all of your data, and the only thing you'll have left is what backed up online (think Google Play Games services) and media like pictures. We want to remove any and everything local that might be executable.
Back up all your pictures (and music and videos) to your Google account. Google+ is a great place to store your pictures, drop your videos in your YouTube account, and you can store up to 20,000 songs in your Google Play Music account. Utilize this free space Google gives you, even if it's just to store a few things while you pour digital bleach on everything.
Take the SD card out of your phone if it has one. Visit a computer (or a friend with a computer) and wipe and repartition it using the built-in software for disk management. Don't save anything — you need to be brutal to make sure anything nasty gets nuked.
On your Android, go into the settings and look for the backup and reset options. You want to perform a full factory reset of all your data, including any local storage space. Let it do it's thing, and when you set it back up be sure to not restore any backed up data from your Goggle account.
You still want to change passwords and contact your credit card companies. You also want to take a close look at the way you do things to try and prevent this from happening again. None of that changes.
If you rooted your Android
If you rooted your Android, you may have bigger issues here. Forget the app sandbox, forget Google's Bouncer, and throw out most of the rules that apply to people who didn't root their phone. The solution is simpler, but more brute-force.
Back up your media as described above. Next, go into a custom recovery and wipe everything. Flash a completely new ROM.
If you don't have a custom recovery installed, or one isn't available for your phone, talk to the guys and gals who are hacking and developing custom software with the same phone that you're using.
Going through the pain of a factory reset then finding out that some malware is written to the system files and not your user data means you did everything in vain. Take a few minutes to talk to other people with the same hardware as you.
Jerry is an amateur woodworker and struggling shade tree mechanic. There's nothing he can't take apart, but many things he can't reassemble. You'll find him writing and speaking his loud opinion on Android Central and occasionally on Threads.