Safe Browsing Check.
SAFE BROWSING CHECK · ANDROID SECURITY Malware doesn’t pick the lock. It gets invited. The app you chose and the permissions you granted are the doors. Two decisions, both yours. Both take minutes to take back.

On Android, Malware Comes Through the Door You Open

By Marta Lane · Updated June 7, 2026 · 6 min read

The risk is real. Most of it sits in two decisions you control: where an app comes from, and what you let it touch.

The offer usually looks like a favor. A paid app, free, on some website, shared by a helpful stranger who says it's been unlocked. The download works. The app runs. And in the same package, code you never agreed to starts running too.

That is the shape of most Android malware. It does not break into the phone. It is carried in — inside an app you chose, with permissions you granted. Both of those decisions are yours. That is the encouraging part: a decision can be changed this afternoon.

How big the risk really is

Google's own count from last year draws the map. Play Protect, the scanner built into nearly every Android phone, checks more than 350 billion apps a day. In 2025 it flagged more than 27 million new malicious apps from outside the Google Play Store. Inside the store, an app faces more than 10,000 safety checks before it is published, and Google stopped 1.75 million rule-breaking apps from being published last year. Bad apps still slip through some years; no screen catches everything. But the map is plain. The dangerous route is the website download and the link in a chat message.

Keep the number in its place, though. If your apps come from the store and your permissions are sane, you are not who those 27 million were built to catch. A phone that turns hot or slow is usually saying something ordinary, like full storage or a worn battery. We've taken that panic apart symptom by symptom. And the most common attack on any phone is still the scam text and the fake warning page. The FBI's 2025 internet-crime report counted 191,561 phishing and spoofing complaints, more than any other crime type it tracks. None of them needed malware to work.

Door one: where the app came from

Two routes onto your phone. One is screened. A new app your choice From a website link no review before it lands From the Play Store screened: 10,000+ checks Either way, afterward Play Protect + your scan The unscreened route is where malware rides in. That door is yours.
App-screening and Play Protect figures: Google, 2025 Play & Android safety report.

The lure has not changed in a decade: a premium app, free. Researchers at ESET take such packages apart and keep finding the same construction. The promised app is inside, and it genuinely works. That is the design. A working app buys silence while the extra cargo reads along.

Google now keeps a tripwire on this exact door. An app that arrives from a browser or a messaging app and asks for a sensitive permission can be blocked on the spot. That one rule stopped 266 million risky installation attempts in 2025 and kept users away from 872,000 unique high-risk apps. The pattern barely varies: outside source, big appetite.

Door two: what you let it touch

A permission is a key. Contacts, messages, microphone, location: each Allow hands one over, and the app keeps it until you take it back. Malware leans on those keys harder than on any clever code. A stolen contact list seeds the next round of scam texts. An app with SMS access can read the login codes your bank texts you. A flashlight app that wants your contact list is shopping.

The review takes about two minutes:

  1. Open Settings, then Security & privacy → Privacy → Permission manager.
  2. Start with four lists: SMS, Contacts, Microphone, Location.
  3. For each app there, ask whether its job needs that key. A photo editor has no business in your call log.
  4. Anything that fails the question: tap it and choose Don't allow.

An app that asks for more than its job needs has already told you what it is. Believe it.

Why we told iPhone owners the opposite

We told iPhone owners their phone probably isn't infected. We also said that an app promising to scan an iPhone for viruses sells a service iOS won't let it perform. Both halves were true on that platform. Apple seals every app in its own room, and the seal locks out viruses and scanners alike.

Android struck a different bargain. You may install from anywhere, and to balance that freedom the system lets a real security app examine the apps and files on the device. A virus scan on Android is a working tool. Independent testing shows how well it works.

AV-TEST, a German security lab, ran eleven Android scanners against more than 18,000 infected apps from July through December 2025. Nearly half of the samples were brand-new. Google's built-in Play Protect caught 99.6 percent of the new ones and 99.7 percent of the known ones. That still placed it last of the eleven. Total Antivirus, listed in the test as TotalAV, caught at least 99.8 percent of the new samples and 99.9 percent of the known set. It raised no false alarm across roughly 11,000 clean apps and finished with the test's maximum score of 18 points.

Play Protect is good, and you should leave it on. What a dedicated scanner buys is the margin at the edges. New malware is born at the edges, in packages no store ever reviewed.

Can an app really scan your phone? Same word, two platforms — only one lets a scanner work. iPhone (iOS) · sealed sandbox every app in its own locked room Banking Photos “Scanner” also sealed Can't read the other apps A “virus scan” app can't truly scan. → Use a content blocker instead. Android · open by design a security app may examine the device Banking Photos Security scans Reads the apps & files for real A real security app genuinely scans. → Run a free scan. Illustration — a schematic of how each platform isolates apps, not real screens. The platforms differ. The honest advice differs with them.

If apps have reached your phone from outside the store, or you simply don't know the phone's full history, looking beats wondering:

Scan your Android free and see what's already on it →

Think of the scan as the backstop behind the two doors. The discipline at the doors still comes first. And if the phone's specific complaint is a flood of ad pop-ups, that is a cleanup job with its own order of operations.

Five habits that keep the doors shut

None of these costs anything:

Most Android malware needs you to open the door. Turn down the flattering download, take back the keys your apps don't need, and you have done the heavier half of the job yourself. The scanner exists for the lighter half: catching whatever talked its way in anyway.

Run the free scan and settle what slipped through →

Prefer a different name on the scanner? Surfshark Antivirus does the same device-level scanning job on Android.

You might also like