Hidden Android Administrator Apps

Android
Google Inc.

A type of malware threat known as hidden administrator apps targets Android users. They represent a category of malware with characteristics that include stealth implementation and elevated user privileges.

What Do These Apps Do?

A hidden device admin app—another name for this category—is an infected application that installs itself with administrator privileges. The app hides itself and you have no means of knowing it was even installed on your device. You can’t easily remove it because you simply can’t see it on your screen and you don’t know that it’s there.

With administrator privileges, the malware obtains control of your device and can run any code that the app had embedded within it, including installing additional malware, compromising security files, participating in botnets and even mining cryptocurrecy.

Identifying Hidden Administrator Apps

When the malware attempts to install on your device, it will ask you to grant it the elevated privileges. If you’re attentive and deny this request, the malware displays frequent pop-up messages after the device restarts, to try to wear you down into granting the requested privileges.

If you install the infected app, you can attempt to uninstall it by deactivating its administrator privileges through a setting like Security > Device Administrators. You can find that path in the Settings app, but depending on your phone it might instead be Settings > Lock Screen and Security > Other Security Settings > Phone Administrators. Specific settings will vary based on your device's version of Android.

However, this technique might not work all the time because variants of the malware will hide this deactivation option.

You can find other installed apps through the Settings > Apps > All menu, or its equivalent.

How to Prevent Hidden Administrator Apps

Remain cautious about the apps you download and install on your device. The malware payload can cause damage to your mobile device, as well as intrude on your privacy.

Follow basic security best practices for installing apps on your mobile devices:

  • Only download from a reputable app store, like Google Play or Amazon Appstore.
  • Glance at app reviews before downloading the app. Users will often rate an infected app poorly and warn others to avoid the app.
  • Avoid downloading unofficial or pirated apps. It's always much safer to install official apps from an official app store because the apps have to comply with strict rules before being released. In particular, look at the name of the vendor: If it's not the name of the company that made the app, think twice before installing it.
  • Keep your mobile device up-to-date to address security flaws that a hidden admin app could penetrate.

Removing Hard-to-Purge Hidden Admin Apps

If your device is infected with a hidden administrator app that resists removal through the Device Administrators setting, search Google Play Store for utilities that detect the hidden administrator app and remove its elevated privileges, which will then let you delete the app. McAfee Mobile Security is a solid solution since one of its many features is hidden administrator app detection.

Other Kinds of Hidden Apps

Some Android apps aren't hidden because they're malicious but instead because they were purposefully hidden. For example, a teen might try to hide images, videos or other apps away from her parents.

Look through the All menu on the device to find all the apps and not just the ones shown on the home screen. Also be sure to look out for apps made specifically for hiding things. They might go by the name AppLock, App Defender, Privacy Manager, or others. Note that most privacy apps are probably password protected.