Not all Android administrator apps are malicious and not all malicious apps are hidden or have admin rights, but it’s possible for fake apps, spyware, and other unwanted apps to be both.

What Do Hidden Admin Apps Do?

A hidden device admin app—another name for this malware—is an infected application that installs with administrator privileges. The app might hide away from all your other ones, so you have a hard time knowing if it’s even installed. Since you don’t see it on your home screen, you can’t easily remove it. What’s more is that an app with admin rights can’t be deleted the normal way, even if you do find it. You have to remove its administrative status before you can delete it. There’s a legitimate reason for such a restriction (e.g., an antivirus app might have admin rights so that malware can’t delete it), but the issue here is that there’s a malicious admin app installed. With administrator privileges, the malware obtains control of the device and can run any code that the app has embedded within it, including installing additional malware, stealing your passwords or files, participating in botnets, and mining cryptocurrency.

How to Find and Delete Hidden Administrator Apps

When the malware attempts to install, it will ask you to grant it elevated privileges. If you deny this request, the app will display frequent pop-up messages, often after you restart the device, asking again for those privileges. However, pop-up messages don’t necessarily mean it’s malicious. A better way to confirm if you have unwanted, hidden admin apps installed is to check a particular setting on your phone/tablet.

Use Your Device’s Settings

Unfortunately, this method won’t work for all variants of this malware since some hidden administrator apps can hide this deactivation option. You can find other installed apps through Settings > Apps & notifications > See all <#> apps, or Settings > Apps > All.

Apps > Special app access > Device admin appsApps & notifications > Advanced > Special app access > Device admin appsSecurity > Device admin appsSecurity & privacy > Device admin appsSecurity > Device AdministratorsLock Screen and Security > Other Security Settings > Phone Administrators.

If you’re not sure what you’re looking for but you suspect there’s a hidden Android administrator app installed, this might be a good time to delete any and all apps you don’t use anyway so that that only legitimate apps you recognize are left on your device.

Try a Third-Party App

Can’t find the hidden admin app? Malwarebytes should be helpful. From the menu, tap Privacy Checker, run the scan, and then select Act as a device administrator. Listed there are all the apps installed on your device that can take on an admin role. Select the menu next to one, and then tap Delete app.

Run a Virus Scanner

Malwarebytes includes a malware scanner, but there are other antivirus apps for Android that you could use instead of or in addition to it. A virus scanner should be helpful because the hidden admin app most likely includes signatures that match malware, in which case the AV app will be able to delete it.

How to Prevent Hidden Administrator Apps

Your best defense against hidden Android admin apps is caution when downloading and installing all apps. Follow these basic security best practices:

Other Kinds of Hidden Apps

Some Android apps aren’t hidden because they’re malicious but instead because they were purposefully hidden—there are several ways to hide Android apps. For example, a teen might be hiding images away from parents, or parents might be hiding apps from their children. Look through the list of apps on the device to see everything that’s installed, not just what’s visible on the home screen. Also look out for apps made specifically for hiding things. They might go by the name AppLock, App Defender, or Privacy Manager. In some cases, if it’s a vault app, the name could be cloaked to remain inconspicuous. Most privacy apps are probably password protected.