How to Remove Malware from Android (Step-by-Step, 2026)
Quick answer: Most Android malware can be removed without a factory reset. Reboot into Safe Mode so third-party apps stop running, uninstall the suspicious app (revoking its device admin rights first if it won’t delete), clean up your browser, then run Google Play Protect and a reputable scanner. Keep a factory reset as the last resort. Work through the steps below in order.
Android malware is usually not a dramatic “virus” — it’s adware, fake apps and aggressive ad-SDKs that arrive through apps installed outside the Play Store, cracked APKs, or a malicious link. They bombard you with pop-ups, redirect your browser, and quietly drain battery and data. The good news: because Android lets you boot without third-party apps and manage permissions directly, most infections come off by hand.
Signs your Android may be infected
- Pop-up ads appear outside any app — on your home screen or lock screen — or full-screen ads with no obvious source.
- The browser keeps redirecting to pages you didn’t ask for, or your homepage/search engine changed by itself.
- Battery drains and mobile data usage spike with no change in how you use the phone.
- Apps you don’t remember installing appear in the app drawer, sometimes with blank or generic icons.
- The phone feels hot or sluggish even when idle, or an app keeps reappearing after you delete it.
Any one of these can be innocent, but several together usually mean adware or a malicious app is running.
Step 1 — Restart in Safe Mode
Safe Mode boots Android with only the apps that shipped with the phone, so any malware you installed is temporarily disabled — making it safe to investigate and uninstall.
- Press and hold the power button (or power + volume on newer phones).
- Touch and hold “Power off” until a “Reboot to safe mode” prompt appears, then confirm.
- The phone restarts with “Safe mode” shown in a corner of the screen.
If the pop-ups and slowdowns stop in Safe Mode, a downloaded app is almost certainly the cause.
Step 2 — Uninstall suspicious apps
In Safe Mode, open Settings → Apps (or “Apps & notifications”). Sort or scroll to find apps you don’t recognize, and pay attention to anything installed around the time the problems started.
- Tap the suspect app, then Uninstall.
- Remove fake “cleaner”, “battery saver”, “QR scanner” or “system update” apps with generic names.
- If you’re unsure about an app, search its exact name before removing it.
Step 3 — Can’t uninstall it? Revoke device admin rights
Some malicious apps register themselves as a device administrator so the Uninstall button is greyed out. Take that permission away first:
- Open Settings and search for Device admin apps (sometimes under Security → Device admin apps).
- Find the suspect app in the list and turn off its device-admin toggle.
- Return to Settings → Apps, open the app, and you’ll now be able to Uninstall it.
If an app asks for accessibility permissions or to be a device admin for no good reason, that’s a red flag.
Step 4 — Clean up your browser
Adware often lives in the browser rather than a separate app. In Chrome (or whichever browser you use):
- Open Settings → Site settings → Notifications and block any site that’s been spamming you with pop-up notifications.
- Clear cache and cookies (Settings → Privacy and security → Clear browsing data).
- Reset your homepage and default search engine if they changed.
- Remove any browser extensions or unknown search apps you didn’t install.
Step 5 — Run Google Play Protect and a reputable scanner
Reboot normally, then let Android’s built-in scanner do a pass:
- Open the Google Play Store, tap your profile icon, and choose Play Protect.
- Tap Scan to check installed apps, and turn on “Scan apps with Play Protect” so it keeps watching.
For a second opinion, install a well-known anti-malware app from the Play Store only (such as Malwarebytes or Bitdefender), run a full scan, and remove whatever it flags. Stick to reputable names with millions of installs — many “antivirus” apps are themselves adware.
Step 6 — Last resort: back up, then factory reset
If pop-ups keep returning, an app reinstalls itself, or scans keep flagging the same threat, a factory reset wipes the phone back to a clean state.
- First back up photos, contacts and important files to your Google account or a computer — but don’t restore a backup of the infected app itself.
- Then go to Settings → System → Reset options → Erase all data (factory reset).
- When setting the phone up again, reinstall apps one at a time from the Play Store, not from a full app-restore that could bring the malware back.
How to stop it coming back
| Habit | Why it matters |
|---|---|
| Install only from the Play Store | Side-loaded APKs are the most common source of Android malware. |
| Check permissions before installing | A flashlight app asking for SMS or contacts is a red flag. |
| Keep Play Protect turned on | It scans new and existing apps automatically. |
| Install system and app updates | Updates patch the holes malware uses to get in. |
| Avoid “device admin” / accessibility requests | Grant them only to apps that genuinely need them. |
Keeping these habits closes the doors most Android malware relies on.
FAQ
Does Android need an antivirus app? Not necessarily — Google Play Protect is built in and scans apps automatically. A reputable on-demand scanner is a useful second opinion if you side-load apps or already suspect an infection.
Will a factory reset remove all malware? A factory reset removes apps and data you installed, which clears the vast majority of Android malware. Restoring a backup that includes the malicious app can bring it back, so reinstall apps individually from the Play Store.
Can I get malware just from visiting a website? A website can’t silently install an app, but it can show fake “your phone is infected” pop-ups or trick you into downloading an APK. Don’t install anything a web page pushes you to download.
Why is the Uninstall button greyed out? The app has likely been granted device administrator rights. Revoke them under Settings → Device admin apps, then you can uninstall the app normally.