How to Spot and Protect Your Phone from Malicious Apps

We all know we shouldn’t download anything from sketchy links or websites, but sometimes even trustworthy app stores can be home to bad downloads. In 2021 alone, more than 300,000 users downloaded apps from the Google Play Store that got around the security detections of the store to install malware¹

And third-party app stores? Flat out avoid them.²

But lucky you, Apple users, because the Apple App Store has been named one of the safest places to download apps.²

Okay, that’s great for Apple fans. But for those of us who can’t or don’t use the Apple App Store, how do you spot a bad app before you download it? Don’t worry, we’ve got you covered. Here are a few tips for identifying and protecting your phone from apps that might just be hiding something vile.

1. Avoid unverified apps.
2. Read the app description.
3. Keep an eye out for suspicious pop-ups.
4. Check your data use.
5. Protect your phone with security software.
6. Uninstall bad apps.

First things first: Third-party app sites are a huge security risk.

We mentioned that Apple’s App Store is one of the safest places to download apps.⁵ Apple users won’t see a verified or other security callout when they download apps—but those apps are technically verified before they even hit the App Store.

That doesn’t mean Apple users should completely disregard these tips and download whatever they want, though. If you’re loading up your iPhone or iPad with games and fun apps your bestie recommended, stick to the official App store and be mindful of tips two through six.

Okay, now that we’ve covered Apple folks, let’s talk about the Google Play Store.

When you download an app from the Google Play Store, look for the “Verified by Play Protect” callout just under the app name. This appears only after you hit “Install,” so if you don’t see it once you hit that button, we advise mashing “Cancel.”

Before you hit download, take a look at the app description and see if there’s any contact info listed.

If the app description is poorly written or nonexistent, you’re right to be suspicious. The same thing goes if the app’s contact info is an unofficial-looking email like “mick.e.mouse@gmail.com.” And goofy emails are especially suspicious if an app claims to be published by a well-known organization like the WHO or the Mayo Clinic.

Some adware that comes buried in apps is even known to lock you out of your phone. The adware found in more than 200 apps on the Google Play Store wouldn’t allow people to answer phone calls or use other apps.¹ Talk about annoying.

If your phone is bombarded by pop-ups—even pop-ups that aren’t ads but look like system warnings or reminders—you might have adware. That means it’s time to check for and uninstall any suspicious apps.

Another way to spot an adware infection is to check your monthly data use. If your data usage spikes suddenly but you’re still using your phone the same way you always do, you might have unwanted adware.

Why might your data use spike if you have adware? Because this type of malware performs unsolicited clicks in the background without you even knowing.

If you spot a spike in your data usage and can identify the problematic app, uninstall it right away.

You should have security software on your computer, and you should have security software on your phone too.

Mobile security software can be your first line of defense if you stumble upon malware. It can alert you to suspicious apps and downloads before you even click, making it much easier for you to spot fake apps. And many mobile security apps help you scrub and keep your phone clear of nasty surprises too.

But which security apps are good? Here are a few of our favorites:

1. Bitdefender Mobile Security: Android | iOS
2. Norton Mobile Security: Android | iOS
3. AVG AntiVirus: Android | iOS
4. McAfee Mobile Security: Android | iOS
5. Avast Mobile Security: Android | iOS

If you own an Android device, you should double-check that Google Play Protect is currently turned on. Play Protect scans apps from the Play Store before you download them and also checks your phone for any harmful apps.

Follow these steps to make sure your Play Protect is on:

1. Open the Google Play Store app.
2. Open the menu and select Play Protect.
3. Tap the Settings cogwheel icon and make sure “Scan apps with Play Protect” is clicked on.

If you spot an unwanted or suspicious app, you’ll want to do a couple of things before you uninstall it.

For Android users:

On Android phones, you can scan through all your apps by going to Settings → Apps. Make sure you have every app displayed by selecting “All” in the drop-down menu at the top, then start scanning through the list.

1. Select the app you want to uninstall.
2. Choose “Clear cache.” (Android users may need to click “Storage” first.)
3. Next, select “Clear data.”
4. Select “Uninstall.”

For iOS users:

1. Go to your Home screen, then press and hold the app icon. The apps should begin to wiggle.
2. Tap the “X” icon on the app you want to uninstall, then select “Delete.”
3. Select “Done” or press the home button when you’re done uninstalling apps.

Sources