Hidden Android Administrator Apps

Android
Google Inc.
Was this page helpful?

Android devices have been under attack for quite some time. Some are easier to spot but some are hidden away and hard to spot at first glance.

Jay-Z’s Magna Carta Holy Grail Fake App, for example, hides within a pirated copy of the Jay-Z app. If you had this fake application installed on your Samsung device, you suddenly had your background wallpaper image changed to an image of President Barack Obama on July 4.

We also heard of another threat called Master Key that affects all Android users. Master Key allows an attacker to turn any legitimate application into a malicious Trojan horse. The hacker accomplishes this by modifying the APK code without modifying the application’s cryptographic signature.

Another malware threat known as hidden administrator apps has targeted Android users. Hidden administrator apps is not an actual name for the malware but should be viewed more of a category of malware with characteristics that include stealth implementation and elevated user privileges.

A Hidden Device Admin app is an infected application that installs itself with administrator privileges. The app hides itself and you have no means of knowing it was even installed on your device. You can’t easily remove it because you simply can’t see it on your screen and you don’t know that it’s there.

With administrator privileges, the malware takes complete control of your device and can enable the attacker to utilize it.

How Are Hidden Administrator Apps Installed?

When the malware attempts to install on your device, it will ask you to grant it the elevated privileges. If you’re attentive and deny this request, the malware displays frequent pop-up messages once the device restarts.

If you install the infected app, you can attempt to uninstall it by deactivating its administrator privileges through a setting like Security > Device Administrators.

You can find that path in the Settings app, but depending on your phone it might instead be Settings > Lock Screen and Security > Other Security Settings > Phone Administrators.

However, this technique might not work all the time because variants of the malware will hide this deactivation option.

You can find other installed apps through the Settings > Apps > All menu.

How to Prevent or Remove Hidden Administrator Apps

You should always be cautious about the apps you download and install on your device. The malware payload can cause damage to your mobile device, as well as intrude on your privacy and personal information.

You can take the following preventive measures for installing hidden admin apps:

  • Only download from a reputable app store, like Google Play or Amazon Appstore.
  • Glance at app reviews before downloading the app. Users will often rate an infected app poorly and warn others to avoid the app.
  • Avoid downloading unofficial or pirated apps. It's always much safer to install official apps from an official app store since the apps have to comply with strict rules before being released.
  • Keep your mobile device up-to-date to help keep holes and glitches to a minimum that a hidden admin app could penetrate.

    If your device is infected with a hidden administrator app, you can search Google Play for utilities that can detect the hidden administrator app and remove its elevated privileges., which will then let you delete the app.

    McAfee Mobile Security is a solid solution since one of its many features is hidden administrator app detection.

    Other Kinds of Hidden Apps

    Some Android apps aren't hidden because they're malicious but instead because they were purposefully hidden. For example, a teen might try to hide images, videos, or other apps away from her parents.

    Look through the All menu on the device to find all the apps and not just the ones shown on the home screen.

    Also be sure to look out for apps made specifically for hiding things. They might go by the name AppLock, App Defender, Privacy Manager, or others. Note that most privacy apps are probably password protected.