Skip to main content

Whats the difference between Android malware, spyware, adware and a virus?

These are all very different bad things that we hate equally

The terms malware, spyware and virus get thrown around a lot on the Internet. Usually, you'll find they get used interchangeably, and we all just nod in agreement because we understand that we're talking about things we don't want and would like to never see again. But the reality is that they are all very different animals.

We're talking a bit about Android antivirus apps (which really are designed to prevent malware and not viruses) this week, so we wanted to take a few minutes and talk about what each of these nasties really is.

There are no Android viruses

USB gonna get you

A virus is a bit of code — usually planted inside some other chunk of code that appears useful — that can spread itself with no user interaction. Think back to the more wild days of Microsoft Windows, where viruses could be placed on something like a USB thumb drive and infect your system just by being plugged in. Or go back even further when code could be injected by looking at an image on the Internet. These were viruses, as they did bad things and spread themselves around.

We all tend to use the word 'virus' for anything bad, even if it's not really accurate.

Android (and many other operating systems) uses the sandbox approach. Unless some exploit was used — like one to root your phone — applications must be approved before they are able to execute, and even then they have no access to any data from anywhere else without explicit permission. This means things can't propagate themselves no matter how hard they try on Android, and the cases where root exploits have been used are quite literally one in a million. In those cases Google has activated their internal security protocols and removed the apps responsible from the user's device, leaving behind a notification that explains what has happened.

Of course, there are plenty of smart people who are always trying to circumvent any and all security measures on our phones and tablets. One day, someone may figure a way around both the sandbox and the user-approved installation. But today, there are no viruses that affect Android.

Malware is another story

malware scanners

Malware sucks, but there really are cases in which Android is infected by it. Ignore all the folks who claim malware doesn't exist because they have installed over 9,000 apps from all sorts of websites without any issues. (And we've sung that tune once or twice as well.) They're wrong. Just know that while malware isn't the big scary issue some publications make it out to be, it really does exist.

The difference is that we as users at some point said it was OK for the malware to be installed. Repeat: It can't just install itself. Somewhere, at some point, we let it happen.

Malware is what you're more likely to run into.

Malware does horrible things. Things like send your personal data back to servers you don't recognize (or, more accurately, servers you're not expecting to have your data), or harvest your credit card numbers, or watch your keystrokes. Or even worse. But malware can only do the things we said it was OK for it to do. More often than not, this kind of thing is hidden from users by doing sneaky things like placing blue text on an identical blue background that asks for your permission to access data on your phone, and it's very hard to detect. If you install a wallpaper application that wants access to your address book, ask yourself why it needs this. If you don't find a good answer, don't install it. This is where Android permissions come in. If the app — the malware, really — says it needs access to your camera when there's no way it should ever need to take a picture, be wary. The downside is you're mostly left to your own devices to figure things out. And Android (and Google) doesn't do a very good job explaining things.

Also, malware is what these Android antivirus applications are looking for and uninstalling. Besides having a known database of malware instances, some of these apps can use heuristic rules (scanning for certain patterns or behaviors) to find infected files.

I've encountered malware on Android (some pay per message SMS deal) but I had to go looking for it. It's not as in-your-face as many want us to believe, due mostly to Google's constant scanning of the Play Store to remove apps that are published with these behaviors, but it exists and is easy to find if you go looking for it.

What about spyware or adware?

Spyware and adware are likely the things most Android users have seen, and have a problem with. They aren't malware in the true sense of the word because they are following the rules and not tricking you into installing something that does more than what's advertised on the tin. That doesn't mean spyware and adware is always something good, and in plenty of instances, it sucks, too.

Look at the smartphone in your hands. I don't care who makes it, or what OS it runs, there is spyware in it on some level. Reporting errors back to developers, giving your carrier location data or usage data, or even something more like one of the Carrier IQ replacements that all carriers use. The difference is how it is presented.

For example, we're typically fine with the way Google handles location services on Android. When you opt-in to using them, you're warned that data gets sent back to the mothership. Apple does the same on the iPhone. In fact, most phone manufacturers have realized that we don't mind sharing as long as we are given the chance to decide before it happens. This is usually part of the setup on your phone.

What we don't like to see is an app that sends back a ton of user data without explicitly telling us it is doing it. Sure, you can usually sort out what an app is going to do when (or if) you inspect the permissions, but many don't bother. It just feels wrong when an app harvests user data — even if we gave it permission to do so — in a sneaky way.

Spyware and adware are mostly designed to trick you.

Some apps that use ads also harvest and send location data (which can be a good thing as long as you're aware it's happening) to better target you with relevant ads. If I'm in front of Dick's Sporting Goods, an ad about a certain brand of outdoor clothing makes sense. The problem is that many of us don't realize this is going to be happening. When you install an app with ads, look at the permissions requested. If the app requests your location and you don't see a reason the app needs it, it's likely for the ads.

Carrier spyware is another story. The people who provide us with cellphone service like to keep track of where we are using it, what we're using it for, and how often we use it. If your phone has a carrier logo printed on it, chances are you have some extra-special software inside that assists them when keeping tabs on your phone. Even if you don't, they have access to any and all unencrypted data we send over their network. I don't want to dig out the tinfoil hat, and can't think of any instances where this data was used in a "foul" way, but we need to understand that it's being done. Your carrier then uses this data to help plan things like network upgrades and how to best use their infrastructure. Things we would probably be happy to assist them with if we knew more about the process.

Then there's adware. Avast recently spotted a few apps in Google Play that at first appear to be innocuous games but later spammed the hell out of a device with scary-looking "Your phone is slow!" or "You have a virus — download this app!" messages. These apps were in Google Play and had been downloaded millions of times before Google nuked them because the behavior was delayed and users unknowingly opted into this behavior. (Google also has the ability to remove malicious apps from your phone with a sparingly used kill switch.) That's adware. (It's worth mentioning that these apps were downloaded millions of times even with Avast selling a "pro" version of its app that might well not have caught the adware in the first place because adware be tricky like that.)

We don't like any of these things, especially if we're the ones affected. We're glad that there are ways to identify and remove them if you do get involved with one, and more importantly that there are ways for more tech-savvy users to avoid them altogether. But it's important to recognize the differences between them.

Apps that use the ad-supported model aren't necessarily bad apps. Nor are apps that collect some of your data in the hopes to make future products better. Weeding out the bad apples is important, and that begins by being able to identify them.

Jerry Hildenbrand
Jerry Hildenbrand

Jerry is an amateur woodworker and struggling shade tree mechanic. There's nothing he can't take apart, but many things he can't reassemble. You'll find him writing and speaking his loud opinion on Android Central and occasionally on Twitter.

  • I wouldn't know the difference. I have not had any of those and I have been using Android devices since 2010. Posted via the Android Central App
  • sofo varsimashvili Posted via the Android Central App
  • ....and we also hate bloatware carriers. We really do. Seriously.
  • And we really, really hate people who post comments that have nothing to do with the column they are commenting on...really we do. Seriously. Posted from my Droid Turbo, Kelly and Ozone
  • My comment is technically more related than your response. Just felt like spreading some hate today? That's fine.
  • Neither comment is related at all. Not even a little.
    But mine is better. Posted from my Droid Turbo, Kelly and Ozone
  • Sorry, no time to spell it out for you.....and you remind me of one of those people who replies to all saying "please stop replying to all". If you can't see how that's related, I don't have time to explain that one either.
  • tdizzel has problems. Posted via my Samsung Galaxy Note 4.
  • I won't deny that. Doesn't mean I'm not right. Posted from my Droid Turbo, Kelly and Ozone
  • It's ok because there's nothing to spell out. Your comment had no place here. Period.
    You remind me of one of those people who think 1+1=4 and when someone points out that they're wrong they say they're not going to explain the history of math and walk away holding back their tears. Posted from my Droid Turbo, Kelly and Ozone
  • You do realize that this is a opinion board, right? That is the whole purpose of them. Posted via my Samsung Galaxy Note 4.
  • Yes. Posted from my Droid Turbo, Kelly and Ozone
  • Sort of like your comment, tdizzle? Has nothing to do with the topic. Posted via my Samsung Galaxy Note 4.
  • Yeah, i already said that.
    Illiterate much? Posted from my Droid Turbo, Kelly and Ozone
  • Illogical much?
  • Sometimes...but not now Posted from my Droid Turbo, Kelly and Ozone
  • You have mental issues, troll. Posted via my Samsung Galaxy Note 4.
  • Pointing out that someone is wrong does not make one a troll. You might want to learn the meaning of that word. Posted from my Droid Turbo, Kelly and Ozone
  • You're right. I was wrong, and so was everyone else on the internet that has had to endure your crass responses based on your narrow-minded opinions. We're all very sorry we don't agree with you.
  • No, not everyone on the internet is wrong, but you are wrong about this. And i am very open minded, but you seem to think that everyone should think like you. That's not cool.
    Edit: i may be wrong but i doubt you can actually speak for everyone, so you probably shouldn't be apologizing for everyone. And most people don't even need to apologize. Posted from my Droid Turbo, Kelly and Ozone
  • My first post was a pun on all the "wares" that "we" (the general android community) hate. I related that to "bloat-WARE" because most of us hate that too. You said the two were unrelated. I'm not wrong at all about this.....if you even remember what you're saying I'm wrong about. You should check out your first reply to my comment and notice that you spoke for everyone yourself. Quit trolling AC man. Your rudeness isn't impressive.
  • Ahh..gotcha. I guess I should Spam the comments with posts bout Tupperware since its "related" too. And the talk about Viruses should be removed because its not virusware. And whenever there's an article about the Galaxy Note, I should Spam about love notes or doctor's notes since they are "related. And in articles about the Moto X, I'll Spam about the X games. More "related" garbage. And yes, if I'm trolling, you're spamming.
    And about my initial post using "we"...yep, you got me there. I shouldn't have done it.
  • Uh, the original poster wasn't wrong about anything. That is why I'm
    calling you out on it. Most of the bloatware programs that have advertisements built into them don't get updated often. Which leads to malware. It's 100 percent relevant to the article. Now go seek help for your mental issues. Posted via my Samsung Galaxy Note 4.
  • And you just completely contradicted your buddy up there that you were trying to back. Congrats.
  • sofo varsimashvili Posted via the Android Central App
  • Great, simply explained article. Posted via Android Central App
  • Well written as always, Jerry. I love seeing your articles--you break it down in a no-nonsense way and tell it like it is "(It's worth mentioning that these apps were download millions of times even with Avast selling a "pro" version of its app that might well not have caught the adware in the first place, because adware be tricky like that.)"
  • Yeah, Jerry. That was a great line. ;)
  • Thanks Jerry as your articles are well written! Posted via Android Central App on Nexus 7 (2013)
  • Great article as usual JH.
    Can I call you JH? Posted from my Droid Turbo, Kelly and Ozone
  • I answer to anything :)
  • Are we still, talking about this really. Posted via the Android Central App
  • Obviously, you haven't been on BGR in the last two days. lol.
  • Been looking about this topic age ago! Thanks for posting Posted via Android Central App
  • Is that a Palm USB cable? :D
  • Really like the picture of the HP/Palm USB cable.
  • Thanks for posting this article. It is very informative and explains things in a manner that is easily understood.
  • I've got a question, does malware that logs keystrokes work just as well with swipe typing? Posted via the Android Central App
  • Probably. It just grabs the text input, which should be the same regardless of how the user entered it.
  • I wanna hear those first few respondents argue back and forth some more! :) Posted via the Android Central App
  • I had to laugh too (-: Posted via the Android Central App
  • Now seriously, Webview has me more tthan a little worried,because I have watched a few videos of the guy who published the exploit. Rapid 7 ,I forget his name just now. But he was able to completely take over a phone thru the Maxathon browser that was on the target phone. He had access to everything,and I mean any and all information on that phone. He accessed the camera on the phone and took a picture of the reporter from his laptop. He could have used the vidio function too. All it takes is to access a website controlled by a bad guy,and be using a browser that has the Webview vulnerability. There are several popular browsers,Like the one mentioned above. On his blog he listed them.This is the vulnerability for any os less than kitkat 4.4 ,so jellybeen on down. You definitely don't want to be using the native browser. All the security blogs recommend disabling it. Chrome and Firefox are safe,and I don't know of any others at this time. So if you have a browser other than the last two,then do some research. One security blog I read has already seen this being exploited in the wild,thanks to the idiot who tried to force Google to patch it. This is not malware per say,but a "man-in-the-middle-attack" But the end result is just as bad. Posted via the Android Central App
  • So what affects our phones that make them run slow or freezes the screen?
  • Garbage, trash, renegade programs that we authorize because we want something now and don't think about the consequences until we notice something wrong or someone says something that they would have only gotten off your phone. It's the reality of it, these bigger geekz are right, there is no "private" anymore. I just want to figure out how to root my phones like I had in the service so they are clean, I can see when something is trying to access a program, sleek, bare bones, down and dirty, with some fun stuff for my daughter and I. I would like to find someone to pay for this service, however, it is increasingly frowned upon, like I said, their is no true private, but coming from a comsec geek, line you favorite carrier, jacket pocket, keep a spare (watch your card) because low level emp's are starting to be deployed more and more by those who wish to keep you in the dark, events, rallies, riots, on site, real-time footage, especially of authority figures abusing their power is changing, La Crosse, WI (look up what a monstrous town this is) has 2nd to London on video surveillance....why? poverty stricken but we know where you all are. The bags, like those that electronic circuit boards, pacemaker equipment, etc. come in...might want to start thinking about how to link up...don't tell me you believe there is only one level of a broadband internet and not a series of multilayer cascades of information pouring into a very cold facility, with you Rob and you Mr. Hildenbrand. Just like those pretty white lines of clouds are just harmless bits of moisture and not titanium dioxide, aluminum dioxide, prozak or stuff to prep the ground for another ionospheric shakeup. Anyway, is there a site that I can remove most of or does someone want to share their lockout software so I can have a couple of secure lines. I just don't like the garbage and yes, I was naive and ignorant, just thought I was serving and now I know so I want better for mine and I'm tired of getting pinged for saying 10 or more key works when I am talking...not that tough to see if someone is listening is too far for me now, my specialties lay elsewhere. Help, barter, pay, friendship, it's all about the connections we make and the connections we choose to keep.
  • Thanks for the overview! Most of my information on spyware and adware center around PCs, so the Android and mobile side is fascinating. It also raises questions about where we draw the line between ad-supported software and straight-up adware. Fascinating stuff!
  • Hi all I do get the virus pop up once in a while, not too frequent. I am sure majority Android users would have at least seen it once. All I do is just either press back or close the whole page. Is that enough? I do not download anything.
    Any advice is much appreciated.