How to Spot and Protect Your Phone from Malicious Apps

We all know we shouldn’t download anything from sketchy links or websites, but sometimes even trustworthy app stores can be home to bad downloads. In June 2019, more than 440 million users downloaded apps from the Google Play Store that were laced with obnoxious adware.1

And third-party app stores? Flat out avoid them.2

But lucky you, Apple users, because the Apple App Store was named one of the safest places to download apps in 2019.3

Okay, that’s great for Apple fans. But for those of us who can’t or don’t use the Apple App Store, how do you spot a bad app before you download it? Don’t worry, we’ve got you covered. Here are a few tips for identifying and protecting your phone from apps that might just be hiding something vile.

  1. Avoid unverified apps.
  2. Read the app description.
  3. Keep an eye out for suspicious pop-ups.
  4. Check your data use.
  5. Protect your phone with security software.
  6. Uninstall bad apps.
Heads Up icon
The latest malicious apps may pose as coronavirus trackers
A research team for mobile security company Lookout discovered surveillanceware lurking in an app called “corona live 1.1.4 The app is modeled after the legitimate “corona live” app which displays data from the Johns Hopkins coronavirus tracker.

Bottom line: If you’re going to download something, make sure it comes from a legitimate source first.

1. Download only verified apps

First things first: Third-party app sites are a huge security risk.

We mentioned that Apple’s App Store is one of the safest places to download apps.5 Apple users won’t see a verified or other security callout when they download apps—but those apps are technically verified before they even hit the App Store.

That doesn’t mean Apple users should completely disregard these tips and download whatever they want, though. If you’re loading up your iPhone or iPad with games and fun apps your bestie recommended, stick to the official App store and be mindful of tips two through six.

Okay, now that we’ve covered Apple folks, let’s talk about the Google Play Store.

When you download an app from the Google Play Store, look for the “Verified by Play Protect” callout just under the app name. This appears only after you hit “Install,” so if you don’t see it once you hit that button, we advise mashing “Cancel.”

A screenshot of the Duolingo app showing the Verified by Play Protect in the Google Play Store

The Duolingo app sports a “Verified by Play Protect” callout in the Google Play Store.

Pin icon
Thinking of switching to Apple?
Feeling a little jealous of Apple’s reportedly more secure App Store? Check out our hands-on, in-depth review of the iPhone 11.

2. Look for hints in the app description and contact info

Before you hit download, take a look at the app description and see if there’s any contact info listed.

If the app description is poorly written or nonexistent, you’re right to be suspicious. The same thing goes if the app’s contact info is an unofficial-looking email like “” And goofy emails are especially suspicious if an app claims to be published by a well-known organization like the WHO or the Mayo Clinic.

3. Be suspicious of surprise pop-ups

Some adware that comes buried in apps is even known to lock you out of your phone. The adware found in more than 200 apps on the Google Play Store wouldn’t allow people to answer phone calls or use other apps.1 Talk about annoying.

If your phone is bombarded by pop-ups—even pop-ups that aren’t ads but look like system warnings or reminders—you might have adware. That means it’s time to check for and uninstall any suspicious apps.

Info Box icon
What is adware?
If you suspected adware has something to do with advertisements, you’re right. This malicious software displays unwanted ads on your device to make money for its creator.

Oftentimes these ads will pop up over other legitimate apps and even your device’s main controls. If you suspect you have adware, avoid clicking on those ad pop-ups because they may also download more malicious software to your phone or tablet.

4. Check for unusual data usage

Another way to spot an adware infection is to check your monthly data use. If your data usage spikes suddenly but you’re still using your phone the same way you always do, you might have unwanted adware.

Why might your data use spike if you have adware? Because this type of malware performs unsolicited clicks in the background without you even knowing.

If you spot a spike in your data usage and can identify the problematic app, uninstall it right away.

A screenshot shows data usage for January on an Android phone

Android lets you compare your mobile data usage for each month.

Light Bulb icon
Are you hitting your data limit even with good apps?
Are you tired of running out of data every month but don’t want to spend lots of money on an unlimited plan? Turns out you can have the best of both worlds with Sprint’s unlimited plans. We even named it as our top pick for cheap unlimited plans in our best cheap cell phone plans review. Find out more in our in-depth Sprint review.

5. Use mobile security software

You should have security software on your computer, and you should have security software on your phone too.

Mobile security software can be your first line of defense if you stumble upon malware. It can alert you to suspicious apps and downloads before you even click, making it much easier for you to spot fake apps. And many mobile security apps help you scrub and keep your phone clear of nasty surprises too.

But which security apps are good? Here are a few of our favorites:

  1. Bitdefender Mobile Security: Android | iOS
  2. Norton Mobile Security: Android | iOS
  3. AVG AntiVirus: Android | iOS
  4. McAfee Mobile Security: Android | iOS
  5. Avast Mobile Security: Android | iOS

Make sure your Google Play Protect is turned on

If you own an Android device, you should double-check that Google Play Protect is currently turned on. Play Protect scans apps from the Play Store before you download them and also checks your phone for any harmful apps.

Follow these steps to make sure your Play Protect is on:

  1. Open the Google Play Store app.
  2. Open the menu and select Play Protect.
  3. Tap the Settings cogwheel icon and make sure “Scan apps with Play Protect” is clicked on.
A screenshot shows Google Play Protect scanning Android apps

Google Play Protect scans all the apps on your phone to make sure no malware sneaks in.

6. Uninstall bad apps

If you spot an unwanted or suspicious app, you’ll want to do a couple of things before you uninstall it.

For Android users:

On Android phones, you can scan through all your apps by going to Settings → Apps. Make sure you have every app displayed by selecting “All” in the drop-down menu at the top, then start scanning through the list.

  1. Select the app you want to uninstall.
  2. Choose “Clear cache.” (Android users may need to click “Storage” first.)
  3. Next, select “Clear data.”
  4. Select “Uninstall.”

For iOS users:

  1. Go to your Home screen, then press and hold the app icon. The apps should begin to wiggle.
  2. Tap the “X” icon on the app you want to uninstall, then select “Delete.”
  3. Select “Done” or press the home button when you’re done uninstalling apps.
Heads Up icon
Turn your phone off if you suspect malware.
If you suspect your phone has malware, you can potentially keep the problem from getting worse by shutting your phone down.

Turning your phone off gives you time to research your problem and (hopefully) figure out a solution. If your research doesn’t turn up anything helpful, we recommend installing a mobile security app like the ones we recommend above to help you pinpoint and get rid of the problematic app.

Now that you know how to spot malicious apps, check this out next.

Compare our recommended cell phone plans.


Find out how to get cheap internet.