AVG Signal Blog Security Malware How to Check if an Android App Is Safe to Install

Written by Caroline Corrigan
Published on July 21, 2018

Can you get viruses or malware on your phone?

The short answer: Yes, you absolutely can, and don’t let anyone tell you otherwise...

The long answer: While Android smartphones and tablets can’t get viruses, they can get other forms of malware — especially when you inadvertently install untrustworthy apps.

This article contains :

    It’s important to note the difference between the two: Malware, or malicious software, is any piece of software designed to harm the user or the device. A virus is a kind of malware which replicates itself to the point of corrupting user or system files on a device. This doesn’t happen on Android devices.

    You’ve probably heard the terms adware, spyware, and Trojans (oh my!). But did you know these different types of malware can infect your phone as well as your computer?

    Android devices can't get viruses but they can get other forms of malware.

    Consider the money-stealing malware “ExpensiveWall,” which was downloaded between one million and 4.2 million times this year.

    Without any indication, ExpensiveWall charged victims’ accounts for fake services like premium SMS messages. Or the infamous Faketoken Trojan that steals your credit card information by impersonating the interfaces of taxi-booking apps.

    And that’s just the tip of the malware-berg. There are tons of malware variants, each capable of harming your device in its own unique way. For instance, malicious malware apps such as Android/KingRoot, Android/Generic, and Android/deng (which was detected in app files com.android.incallui and com.android.provision.confirm as recently as July) could potentially be adware waiting to flood your device with unwanted advertisements or pop-ups, or worse, waiting patiently to compromise your personal information.

    Malware apps like Android/ztorg (detected in app file org.rain.ball.update in June) could access your private information and disrupt your life in a number of ways:

    • Stealing your contacts and sensitive photos

    • Following your every move with a location tracker

    • Reading your private text messages

    • Saving your passwords after you type them in

    • Jacking up your phone bill with tons of SMS messages to premium numbers

    • Going on shopping sprees with your bank account

    Mobile malware is clearly no joke — and the best way to protect yourself is to know what you’re up against.

    How can I keep malware and viruses off my phone?

    • STEP 1: Avoid third-party app stores

    • STEP 2: Look out for fake apps and scams

    • STEP 3: Check app permissions

    Step 1: Avoid third-party app stores

    All app stores are not created equal, and using third-party app stores is risky in a big “infecting your device with malware” kind of way. Sure, stores such as the Amazon Appstore and GetJar may seem like a thrifty alternative to official stores like Google Play. With free and discounted apps as far as thee I can see, who wouldn’t want to venture outside the confines of Google Play in search of the best deal? But of course, if something sounds too good to be true, it probably is.

    Installing apps from outside of Google Play is a surefire way to put yourself in danger.

    By installing apps from third-party stores, you’re bypassing security measures put in place to vet apps for malware threats, making it much easier for a hacker to infiltrate your device with an infected app. So while you may think you’re staying ahead of the Android curve by downloading the new Super Mario Run app, you might actually be downloading a Marcher trojan that steals the login information for all of your apps, including your banking apps. Suddenly, some stranger is on a losing streak in Vegas, funded by you.

    Step 2: Look out for fake apps and scams

    Knowledge is power. And in the wake of one of the most successful app store scams ever, knowing how to recognize app scams is an invaluable skill.

    While third-party app stores pose a greater risk when it comes to downloading fake, malware-riddled apps, they also sneak their way into Google Play from time to time.

    So how do you know if an app is safe? Similar to our test for spotting email scams, here are a few major things to look out for:

    Find out who the developer is

    Look at the developer’s name found right below the app’s name. A quick Google search should provide you with verified info about the developer, such as a website. If the developer has created a number of apps, they are more likely to be trustworthy.

    Number of downloads

    Check to see how many times the app has been downloaded. If it has lots of downloads, it’s more likely to be legit.

    Date published

    If you’re downloading Facebook Messenger and suddenly notice it was published just a few months ago, that’s a telltale sign the app is fake. Instead, look for an “updated on” date.

    You can find all of these details under "Read more" on any app page in the Google Play store:

    App details of an application in Google Play

     Check out the developers, the number of downloads and last updated notices to know if an app is safe

    Read reviews

    See what other people are saying about the app in question. A real app should have a sizable number of reviews. A fake one will likely have very few, often all 5-star reviews.

    Spelling and grammar errors

    Notice several spelling or grammar mistakes? Probably fake. Fake apps are often created hastily, or in countries where English isn’t native.

    Unbelievable discounts

    Again, if you find a deal that seems too good to be true, it probably is.

    Step 3: Check app permissions

    If you’re a bit trigger-happy when it comes to the “Install” button, it’s time to break the habit. Reading through the list of app permissions lets you know exactly what information and functions the app can access on your device, which can be crucial to identifying if an app is fake or not.

    Be on the lookout for suspicious permission requests that do not relate to the app’s intended purpose. Instagram obviously needs permission to access your photos, but Candy Crush shouldn’t be asking to read your sensitive log data. Understanding Android app permissions is key to keeping malware at bay.

    Where to find app permissions on Google Play

    If you want to check app permissions before you install, scroll down to the bottom of the page, and hit “Permission details” under the Developer section.

    Permission details in the Google Play store

    Where to find app permissions on your phone

    Installed something a while back and don’t know if it’s safe? If you’re running Android 6.0 or above, you can find and even revoke specific permissions for different apps (though be mindful that this might break app).

    How to find app permissions in Android

    Just open your settings, and use the search tool at the top right to look for “App permissions”.

    Is Google Play Protect enough to stop malware?

    The play protect logo in Google Play.

    Probably not. Google’s doing a lot to market their “security system that never sleeps”. But, despite the hype, Google’s in-house antivirus didn’t even come close to the competition. AV-TEST’s Android antivirus test showed that the software blocked only 65.8 percent of new malware strains (with the industry average 95.7 percent).

    With results like these, solely relying on Google Play Protect isn’t going to protect your phone from malware.

    Android safety apps that do fend off malware

    By now you may be feeling like app stores are the first circle of malware hell, but fear not. Today, there are multitudes of mobile safety apps available to help protect your device, including your trusted Android app virus checker, AVG AntiVirus for Android. AVG AntiVirus includes several features specifically developed to enhance Android app security:

    • Pre-installation scan: If you do decide to download an APK from a source other than Google Play, you’ll have the option of using AVG AntiVirus to scan it for threats before installing.

    • Smart Scan: Used to scan apps post-installation. If an issue is detected, you will be notified immediately.

    • App Permissions: One of the new features in the updated AVG AntiVirus, App Permissions acts as a kind of Android app safety checker by helping you understand the permissions required by each app you install.

    • App Shield: Automatically scans each app after installation and subsequent updates. If you want, you can set notifications that let you know each time an app has been scanned.

    What to do if your Android phone is already infected?

    If you suspect your phone already has malware on it, then don't panic. All hope is not lost. There are ways you can isolate and even get rid of it. It's simpler than it sounds. In fact, we've got a handy guide on how to remove malware from your Android phone ready just for you. Go check it out.

    Stay smart and stay safe

    Malware can be daunting, but keeping an eye out for suspicious apps and using a preventative security software like AVG AntiVirus for Android can help you avoid downloading it onto your device. App stores don’t need to be scary places, so go forth and responsibly download apps to your hearts’ desires, friends.

    Protect your Android against threats with AVG AntiVirus

    Free install

    Protect your iPhone against threats with AVG Mobile Security

    Free install
    Caroline Corrigan