How to Remove Android Malware: Signs, Fake Alerts, and APK Checks

Android malware usually means a harmful app, a sideloaded APK, notification abuse, spyware, adware, or a fake browser alert trying to make you install something. Do not tap a pop-up button that says your phone is infected. First close the alert, check Chrome notification permissions, run Google Play Protect, remove unknown apps, review high-risk permissions, and then use a second-opinion Android scanner if the phone still behaves strangely.

What is Android malware?

Android malware is harmful or unwanted software that puts the device, user data, accounts, or money at risk. Google describes these threats as potentially harmful applications, including malware categories such as trojans, spyware, phishing apps, and other apps that can risk users, data, or devices [1]. On Android, the practical question is usually not whether the threat is a classic self-replicating “virus”. It is whether an installed app, downloaded APK, browser permission, or account session is doing something unsafe.

That distinction matters because Android cleanup is different from Windows cleanup. You are usually looking for a harmful app, abused permission, fake notification, bad APK, or compromised account session. If your phone only shows one scary page in Chrome, the right fix may be notification cleanup. If pop-ups appear over other apps, unknown apps return, or SMS/account activity changes without you, treat it as a real malware or compromise case.

Fake Android virus alert or real malware?

Many Android scare messages are fake. They are web pages or push notifications designed to make you install a fake cleaner, allow more notifications, or enter credentials. Google Chrome Help lists persistent pop-ups, unwanted redirects, changed browser settings, and alerts about a virus or infected device as symptoms of unwanted software or notification abuse [2].

Signs of Android malware that matter

• Unknown apps: especially apps named like cleaners, updates, players, VPNs, launchers, file managers, or security tools you do not remember installing.
• Battery or data spikes: a malicious app may run in the background, show ads, sync stolen data, or keep a network connection open.
• Permissions that do not fit the app: a wallpaper app, game, flashlight, or video player should not need SMS, Accessibility, contacts, microphone, or Device Admin access.
• Browser hijacking: repeated redirects, pop-ups, fake virus pages, push notifications from unfamiliar sites, or a homepage/search change you did not approve.
• Security settings changed: Play Protect disabled, “install unknown apps” enabled for a browser or messenger, unknown VPN active, or Device Admin enabled for a strange app.
• Account abuse: messages you did not send, new login alerts, unexpected subscriptions, banking prompts, recovery emails, or password-reset messages.

If the issue is mostly ads and redirects, compare the symptoms with our adware symptoms guide. If the concern is monitoring, stolen private data, or someone watching activity on the device, review our spyware warning signs.

High-risk Android permissions to check

One suspicious permission does not prove malware, but the wrong permission on the wrong app is often the clue that separates a harmless nuisance from a real compromise. Start with the permissions and settings below.

How to remove Android malware step by step

1. Stop using sensitive accounts on the phone. If banking, crypto, email, or social accounts may be involved, change passwords later from a clean device. Do not enter new passwords on the affected phone yet.
2. Close fake alerts safely. Do not tap “Install”, “Clean Now”, “Remove Virus”, or similar buttons. Close the tab or browser. If the alert returns, remove the site’s notification permission.
3. Clear Chrome notification abuse. In Chrome, open the suspicious site, tap Page info, open Permissions, and turn notifications off. Google Chrome Help recommends stopping notifications from the offending website when unwanted notifications appear [2].
4. Turn on Play Protect. Open Google Play, tap the profile icon, open Play Protect, and run a scan. Google says Play Protect checks apps, warns about harmful apps, and may disable or remove harmful apps from the device [3].
5. Enable unknown-app detection. If you install apps from outside Google Play, turn on Play Protect’s “Improve harmful app detection” setting so unknown apps can be checked.
6. Restart in Safe Mode if needed. Safe Mode prevents most third-party apps from running. Use it when pop-ups block normal use, a suspicious app refuses to close, or uninstall fails in normal mode.
7. Uninstall recently added apps. Open Settings → Apps and remove apps installed shortly before the symptoms started. Focus on APKs from outside Google Play, fake updates, unknown cleaners, launchers, file managers, VPNs, and “security” apps.
8. Remove admin or accessibility privileges before uninstalling stubborn apps. If Android says an app cannot be removed, check Device Admin and Accessibility first, revoke the privilege, then uninstall the app.
9. Check “install unknown apps”. Disable this permission for Chrome, browsers, messengers, file managers, and download tools unless you have a specific trusted reason to keep it on.
10. Run a second-opinion scan. Use Gridinsoft Trojan Scanner for Android when you downloaded an APK, installed apps from unknown sources, or still see suspicious behavior after Play Protect and manual cleanup. It is free, ad-free, and made for on-demand Android checks. The Trojan Scanner knowledge base explains first scans, reports, quarantine, and settings.
11. Install updates. Apply Android security updates, Google Play system updates, browser updates, and app updates. Old Android versions and outdated apps are easier to abuse.
12. Factory reset only when symptoms continue. Reset if suspicious apps return, security settings keep changing, Play Protect cannot complete, or banking/account abuse continues after cleanup. Back up photos and contacts, but do not restore unknown APKs or suspicious app backups.

How to check a suspicious APK before installing it

If someone sends you an APK link, pause before opening it. Android malware often arrives through fake game mods, “premium unlocked” apps, streaming apps, crypto tools, job or dating scams, fake updates, and fake security apps. Treat APK files like executable downloads: the source matters, the permissions matter, and the behavior after installation matters.

• Prefer Google Play or the developer’s official website.
• Do not install APKs pushed by pop-ups, SMS messages, Telegram groups, “support agents”, or fake browser warnings.
• Check whether the app asks for Accessibility, SMS, contacts, overlay, VPN, or Device Admin permissions without a clear reason.
• Scan the installed app or downloaded file before trusting it.
• Delete APK files from Downloads after you decide not to use them.

For Windows files or suspicious downloads outside Android, use Gridinsoft’s online virus scanner or desktop cleanup tools instead. Android cleanup should focus on installed apps, APKs, permissions, browser notifications, and account safety.

What to do after cleanup

• Change passwords for Google, email, banking, crypto, social, and shopping accounts from a clean device.
• Enable two-factor authentication where possible.
• Review Google Account security events and remove unknown devices or sessions.
• Check payment apps and carrier billing for suspicious subscriptions.
• Review app permissions again after a day; malware-like apps sometimes ask for permissions in stages.
• Keep Play Protect on and leave “install unknown apps” disabled for browsers and messengers.

Security updates are also part of Android malware prevention. For example, the June 2026 Android security bulletin included CVE-2025-48595, an Android Framework flaw Google said may be under limited targeted exploitation.

FAQ

References

1. Google for Developers. “Potentially Harmful Applications (PHAs).” Google Play Protect, updated October 31, 2024, accessed June 11, 2026. https://developers.google.com/android/play-protect/potentially-harmful-applications
2. Google Chrome Help. “Remove unwanted ads, pop-ups & malware – Android.” Google, accessed June 11, 2026. https://support.google.com/chrome/answer/2765944
3. Google Play Help. “Use Google Play Protect to help keep your apps safe & your data private.” Google, accessed June 11, 2026. https://support.google.com/googleplay/answer/2812853