If your phone is acting strangely, showing pop-ups, draining battery faster than usual, or installing changes you did not approve, it is natural to worry about malware. The good news is that you can scan an Android phone for viruses without losing data if you take a careful, step-by-step approach instead of jumping straight to a factory reset.
In this guide, you will learn how to check for signs of infection, run built-in and third-party scans, remove suspicious apps safely, and protect your files, photos, messages, and settings while cleaning up your device. The goal is simple: find the problem, remove it, and keep your data intact whenever possible.
Key Takeaways
- You can often scan an Android phone for viruses and remove malware without deleting your personal data.
- Start with safer steps first, such as Play Protect, Safe Mode, app reviews, and permission checks.
- Most Android malware problems come from malicious or risky apps, not from the phone itself.
- If one scan does not find anything, combine built-in tools with a reputable security app and manual checks.
- A factory reset should be the last resort, and only after you back up important data carefully.
Why people worry about Android malware
Common signs your phone may be infected
Not every glitch means malware, but some warning signs deserve attention. A phone that suddenly becomes slow, overheats when idle, shows aggressive ads, redirects your browser, or uses unusual amounts of battery and mobile data may have a malicious app installed.
Other signs include apps you do not remember installing, settings that keep changing back, or messages sent from your accounts without your knowledge. These symptoms can also come from buggy apps, so the goal is to verify before deleting anything important.
What “virus” usually means on Android
Many people search for how to scan an Android phone for viruses, but on Android the problem is more often malware, spyware, adware, banking trojans, or unwanted apps. In practical terms, the cleanup process is similar: identify suspicious software, scan the device, remove the threat, and secure the phone.
This matters because you are usually not fighting a traditional computer virus. You are more likely dealing with an app that abuses permissions, shows ads, steals data, or tries to control parts of the device.
Before you scan: protect your data first
Do a safe backup without spreading the problem
If you want to avoid losing data, back up the essentials before making major changes. Focus on photos, contacts, calendar items, notes, and documents using your normal cloud backup or a trusted computer.
Avoid backing up unknown APK files, recently downloaded apps from outside Google Play, or anything that already seems suspicious. If the issue turns out to be app-based, restoring infected apps later can bring the problem back.
Quick Tip: Back up personal files and synced account data first, but do not rush to back up every installed app. Reinstalling clean versions later is usually safer.
Disconnect risky connections
Before scanning, turn off Bluetooth if you are not using it and disconnect from public Wi-Fi. If you suspect active spyware or data theft, switching temporarily to airplane mode while you review the phone can limit ongoing communication from a malicious app.
You do not need to keep the phone offline forever, because some scans and updates require internet access. Just reduce unnecessary exposure while you work through the cleanup steps.
Use Android’s built-in tools first
Run Google Play Protect
Google Play Protect is the first place to start because it is built into many Android devices and checks installed apps for harmful behavior. Google provides instructions on how to review and enable scanning in its official help page on removing malware or unsafe software on Android.
Open the Google Play Store, tap your profile icon, and look for Play Protect. Run a scan and review any warnings carefully. If Play Protect flags an app, uninstall it unless you are completely sure it is a false positive.
Check device care tools from your phone maker
Some manufacturers include their own maintenance and security tools. For example, Samsung offers malware scanning guidance through Device Care and older Smart Manager tools in its support article on checking for malware or viruses on Samsung devices.
If your phone has a built-in security or device care section, use it. Manufacturer tools can sometimes spot suspicious behavior tied to battery, storage, or app activity that helps you narrow down the source.
How to scan an Android phone for viruses step by step
Review recently installed apps
Think back to when the problem started. If the symptoms began after installing a game, utility app, cleaner, keyboard, QR scanner, or APK from outside the Play Store, that app should be your first suspect.
Go through your app list and sort by recently installed if your phone allows it. Remove anything unfamiliar, unnecessary, or low-trust, especially apps asking for excessive permissions.
Boot into Safe Mode
Safe Mode temporarily loads Android with core system apps and disables most third-party apps. If the pop-ups, lag, or strange behavior stop in Safe Mode, there is a strong chance the issue is caused by an installed app rather than the operating system.
The exact method varies by device, but it usually involves holding the power button and then pressing and holding the power off option until Safe Mode appears. Once inside, review apps and uninstall suspicious ones.
Use a reputable mobile security app
If built-in tools do not find anything, a trusted anti-malware app from the Google Play Store can add another layer of scanning. Android Authority outlines the general process in its guide on how to scan an Android phone for malware.
Choose one well-known app, not several at once. Running multiple security apps can create conflicts, duplicate alerts, and make the phone harder to troubleshoot.
Check app permissions manually
Open your permissions settings and review which apps can access SMS, accessibility features, notifications, contacts, microphone, camera, location, and device admin controls. Malware often relies on broad permissions to monitor activity, display overlays, or intercept messages.
If an app’s permissions do not match its purpose, revoke access and consider uninstalling it. A flashlight app, for example, should not need accessibility access or permission to read notifications.
Safe removal methods that do not erase your files
Uninstall suspicious apps in the right order
Some malicious apps resist removal by using admin privileges or accessibility permissions. If uninstall fails, first remove special access in your settings, then try again.
- Open Settings and review Device Admin Apps or similar options.
- Disable admin access for the suspicious app.
- Check Accessibility and remove any unusual enabled service.
- Return to Apps and uninstall the app.
Restart the phone after removal and run another scan. This helps confirm whether the threat is gone.
Clear browser abuse and malicious notifications
Not all threats are full malware infections. Sometimes the issue is a browser permission, spam notification subscription, or harmful site data that creates constant pop-ups.
Clear browser cache, remove suspicious site notification permissions, and reset your default search engine and homepage if they changed without your consent. This can solve many “virus” complaints without touching personal data.
| Problem | Likely cause | Best first fix |
|---|---|---|
| Pop-up ads everywhere | Adware app or browser notifications | Remove suspicious apps and clear browser permissions |
| Battery drain and overheating | Background malware or abusive app | Check battery usage, Safe Mode, and run a scan |
| Settings keep changing | App with admin or accessibility access | Revoke special permissions and uninstall |
| Strange texts or account activity | Spyware or account compromise | Remove suspicious apps and change passwords from a clean device |
What to do if the scan finds nothing but the phone still feels compromised
Look for account-level problems
Sometimes the phone is not infected, but one of your accounts is compromised. If you see strange emails, messages, or login alerts, change your passwords from a different trusted device and enable two-factor authentication where possible.
Also review account recovery options, connected devices, and recent sign-in activity. This is especially important if the symptoms involve email, social media, cloud storage, or banking apps.
Check for fake system apps and sideloaded software
Advanced threats may disguise themselves with generic names such as Update Service, Device Health, or System Utility. Be cautious, though: some real system apps have plain names too.
If you are unsure, compare the app’s install source, permissions, data usage, and battery consumption. Apps installed from outside the Play Store deserve extra scrutiny, especially if you do not remember approving them.
Quick Tip: If an app cannot be found in the Play Store listing, has no clear publisher identity, and asks for unusual permissions, treat it as high risk.
When a factory reset is necessary and how to avoid data loss
Use reset only as a last resort
If malware keeps returning, blocks removal, or survives repeated scans and app cleanup, a factory reset may be the safest option. This is the strongest cleanup method, but it should come after you have tried less destructive steps.
Before resetting, back up personal data carefully and make a list of essential apps to reinstall manually later. Avoid restoring from a backup that includes suspicious apps or unknown APK files.
What to restore after cleanup
After a reset, sign back in to your Google account, install pending system updates, and restore only trusted data such as contacts, photos, calendar items, and documents. Reinstall apps one by one from official sources so you can spot the moment a problem returns.
This slower approach protects your data while reducing the chance of reintroducing malware. It is less convenient, but much safer than restoring everything blindly.
How to prevent malware on Android in the future
Safer habits that make a big difference
- Install apps only from trusted sources, ideally the Google Play Store.
- Read permission requests before tapping allow.
- Keep Android and your apps updated.
- Avoid “cleaner,” “booster,” and cracked app downloads from unknown sites.
- Do not tap links in unexpected texts, emails, or direct messages.
Most Android infections can be avoided with a few consistent habits. You do not need to become a security expert, but you do need to stay cautious about what you install and what access you grant.
Know when professional help is worth it
If your phone contains sensitive work data, banking access, or signs of stalking or spyware, consider getting help from your device maker, carrier, or a trusted local technician. In serious cases, especially where personal safety is a concern, documenting the issue and seeking specialist advice may be more important than trying random fixes.
Frequently Asked Questions
Can I scan an Android phone for viruses without losing photos and contacts?
Yes. In many cases, you can remove malicious apps, clear browser abuse, and run security scans without deleting personal files. Back up important data first so you are protected if stronger action becomes necessary.
Does Android have a built-in virus scanner?
Many Android devices use Google Play Protect as a built-in app scanning feature, and some manufacturers also provide device care or security tools. These are good starting points, but they may not catch every unwanted app or risky permission setup.
Should I install more than one antivirus app on Android?
Usually no. One reputable security app is enough for most users. Multiple antivirus apps can slow the phone, create duplicate alerts, and make troubleshooting harder.
What if malware keeps coming back after I remove it?
Check for special permissions such as device admin or accessibility access, review sideloaded apps, and change important account passwords from a clean device. If the problem still returns, back up personal data carefully and perform a factory reset as a last resort.