How to Spot and Protect Your Phone from Malicious Apps
We all know we shouldn’t download anything from sketchy links or websites, but sometimes even trustworthy app stores can be home to bad downloads. In June 2019, more than 440 million users downloaded apps from the Google Play Store that were laced with obnoxious adware.1
And third-party app stores? Flat out avoid them.2
But lucky you, Apple users, because the Apple App Store was named one of the safest places to download apps in 2019.3
Okay, that’s great for Apple fans. But for those of us who can’t or don’t use the Apple App Store, how do you spot a bad app before you download it? Don’t worry, we’ve got you covered. Here are a few tips for identifying and protecting your phone from apps that might just be hiding something vile.
- Avoid unverified apps.
- Read the app description.
- Keep an eye out for suspicious pop-ups.
- Check your data use.
- Protect your phone with security software.
- Uninstall bad apps.
Bottom line: If you’re going to download something, make sure it comes from a legitimate source first.
1. Download only verified apps
First things first: Third-party app sites are a huge security risk.
We mentioned that Apple’s App Store is one of the safest places to download apps.5 Apple users won’t see a verified or other security callout when they download apps—but those apps are technically verified before they even hit the App Store.
That doesn’t mean Apple users should completely disregard these tips and download whatever they want, though. If you’re loading up your iPhone or iPad with games and fun apps your bestie recommended, stick to the official App store and be mindful of tips two through six.
Okay, now that we’ve covered Apple folks, let’s talk about the Google Play Store.
When you download an app from the Google Play Store, look for the “Verified by Play Protect” callout just under the app name. This appears only after you hit “Install,” so if you don’t see it once you hit that button, we advise mashing “Cancel.”
The Duolingo app sports a “Verified by Play Protect” callout in the Google Play Store.
2. Look for hints in the app description and contact info
Before you hit download, take a look at the app description and see if there’s any contact info listed.
If the app description is poorly written or nonexistent, you’re right to be suspicious. The same thing goes if the app’s contact info is an unofficial-looking email like “firstname.lastname@example.org.” And goofy emails are especially suspicious if an app claims to be published by a well-known organization like the WHO or the Mayo Clinic.
3. Be suspicious of surprise pop-ups
Some adware that comes buried in apps is even known to lock you out of your phone. The adware found in more than 200 apps on the Google Play Store wouldn’t allow people to answer phone calls or use other apps.1 Talk about annoying.
If your phone is bombarded by pop-ups—even pop-ups that aren’t ads but look like system warnings or reminders—you might have adware. That means it’s time to check for and uninstall any suspicious apps.
Oftentimes these ads will pop up over other legitimate apps and even your device’s main controls. If you suspect you have adware, avoid clicking on those ad pop-ups because they may also download more malicious software to your phone or tablet.
4. Check for unusual data usage
Another way to spot an adware infection is to check your monthly data use. If your data usage spikes suddenly but you’re still using your phone the same way you always do, you might have unwanted adware.
Why might your data use spike if you have adware? Because this type of malware performs unsolicited clicks in the background without you even knowing.
If you spot a spike in your data usage and can identify the problematic app, uninstall it right away.
Android lets you compare your mobile data usage for each month.
5. Use mobile security software
You should have security software on your computer, and you should have security software on your phone too.
Mobile security software can be your first line of defense if you stumble upon malware. It can alert you to suspicious apps and downloads before you even click, making it much easier for you to spot fake apps. And many mobile security apps help you scrub and keep your phone clear of nasty surprises too.
But which security apps are good? Here are a few of our favorites:
Make sure your Google Play Protect is turned on
If you own an Android device, you should double-check that Google Play Protect is currently turned on. Play Protect scans apps from the Play Store before you download them and also checks your phone for any harmful apps.
Follow these steps to make sure your Play Protect is on:
- Open the Google Play Store app.
- Open the menu and select Play Protect.
- Tap the Settings cogwheel icon and make sure “Scan apps with Play Protect” is clicked on.
Google Play Protect scans all the apps on your phone to make sure no malware sneaks in.
6. Uninstall bad apps
If you spot an unwanted or suspicious app, you’ll want to do a couple of things before you uninstall it.
For Android users:
On Android phones, you can scan through all your apps by going to Settings → Apps. Make sure you have every app displayed by selecting “All” in the drop-down menu at the top, then start scanning through the list.
- Select the app you want to uninstall.
- Choose “Clear cache.” (Android users may need to click “Storage” first.)
- Next, select “Clear data.”
- Select “Uninstall.”
For iOS users:
- Go to your Home screen, then press and hold the app icon. The apps should begin to wiggle.
- Tap the “X” icon on the app you want to uninstall, then select “Delete.”
- Select “Done” or press the home button when you’re done uninstalling apps.
Turning your phone off gives you time to research your problem and (hopefully) figure out a solution. If your research doesn’t turn up anything helpful, we recommend installing a mobile security app like the ones we recommend above to help you pinpoint and get rid of the problematic app.
- Infosecurity Magazine, “New Adware Found in 200+ Google Play Apps”
- Komando.com, “One Place You Should Never Download Games for Your Phone”
- Digital Information World, “Report Highlights App Stores with the Most Malicious Apps: Apple’s App Store Termed ‘Spam-Free’”
- Lookout Blog, “New Threat Discovery Shows Commercial Surveillanceware Operators Latest to Exploit COVID-19”
- Apple, “App Store – Principles and Practices”