Android · Recovery Guide

How to Remove Malware and Suspicious Apps From Android

Follow these steps to thoroughly remove malicious software and suspicious applications from your Android device.

Step 1: Disconnect From the Internet and Restart in Safe Mode

Isolate your device to prevent further damage and stop the malware from communicating. Then, restart in Safe Mode, which loads only essential system apps, making it easier to uninstall malicious software.

1. Disconnect from the internet: Swipe down from the top of your screen to open the Quick Settings panel. Tap the Wi-Fi icon to turn it off. Repeat for Mobile data. If you suspect spyware, you may also want to physically remove your SIM card for now.
2. Enter Safe Mode: Press and hold your phone's Power button. When the power options appear, touch and hold Power off. You'll be asked if you want to 'Reboot to safe mode'. Tap OK. Your phone will restart, and 'Safe mode' will be displayed at the bottom of your screen. On some Samsung devices, you may need to press and hold the Volume Down button immediately after the Samsung logo appears during startup until 'Safe Mode' is displayed.
3. callout_variant

Step 2: Remove Malicious Device Administrator Permissions

Malware often grants itself Device Administrator permissions to prevent uninstallation. You'll need to revoke these permissions before you can remove the offending app.

1. Navigate to Device Admin apps: Go to Settings → Security & privacy → More security settings → Device admin apps. On some older Android or Samsung devices, you might find this under Settings → Biometrics and security → Other security settings → Device admin apps.
2. Deactivate suspicious apps: Review the list for any unfamiliar or suspicious apps. Tap on the app you suspect is malicious. If activated, tap Deactivate this device admin app or toggle the switch to the Off position. Confirm your choice if prompted.
3. callout_variant

Step 3: Uninstall Shady Applications

With Device Administrator permissions revoked, you can now proceed to uninstall the unwanted applications.

1. Access the Apps list: Go to Settings → Apps → See all apps. On Samsung devices, this is typically Settings → Apps.
2. Identify and uninstall: Scroll through the list and look for any apps you don't recognise, didn't intentionally install, or that have suspicious names or icons. Tap on the suspicious app, then tap Uninstall. Confirm with OK. If the app is a system app, or came pre-installed on your device, you might only see a Disable option instead of Uninstall. Disable it if you can't uninstall it.
3. Clear cache and data (if uninstall fails): If you cannot uninstall an app, go back to its App info page. Tap Storage & cache → Clear cache, then Clear storage or Clear data. Try uninstalling again.

Step 4: Run a Security Scan and Reset Settings (If Needed)

After uninstalling the suspected malware, it's wise to run a security scan and consider resetting your network or all settings if problems persist.

1. Run Google Play Protect Scan: Exit Safe Mode by restarting your phone normally. Open the Play Store app. Tap your Profile icon (top right) → Play Protect → Scan. This will check for harmful apps.
2. Reset Network Settings: If you're experiencing unusual network activity or connectivity issues, go to Settings → System → Reset options → Reset Wi-Fi, mobile & Bluetooth. Tap Reset settings. This won't delete data but will reset network configurations.
3. Reset app preferences: If apps are behaving strangely after malware removal, go to Settings → Apps → See all apps. Tap the three dots (top right) → Reset app preferences. This will reset disabled apps, notification settings, and default apps without losing data.
4. Perform a Factory Reset (Last Resort): If all else fails and your phone is still misbehaving, a factory reset will wipe all data and settings, returning your phone to its original state. Go to Settings → System → Reset options → Erase all data (factory reset). Back up important data first!