Whats the difference between Android malware, spyware, adware and a virus?

These are all very different bad things that we hate equally

The terms malware, spyware and virus get thrown around a lot on the Internet. Usually, you'll find they get used interchangeably, and we all just nod in agreement because we understand that we're talking about things we don't want and would like to never see again. But the reality is that they are all very different animals.

We're talking a bit about Android antivirus apps (which really are designed to prevent malware and not viruses) this week, so we wanted to take a few minutes and talk about what each of these nasties really is.

There are no Android viruses

USB gonna get you

A virus is a bit of code — usually planted inside some other chunk of code that appears useful — that can spread itself with no user interaction. Think back to the more wild days of Microsoft Windows, where viruses could be placed on something like a USB thumb drive and infect your system just by being plugged in. Or go back even further when code could be injected by looking at an image on the Internet. These were viruses, as they did bad things and spread themselves around.

We all tend to use the word 'virus' for anything bad, even if it's not really accurate.

Android (and many other operating systems) uses the sandbox approach. Unless some exploit was used — like one to root your phone — applications must be approved before they are able to execute, and even then they have no access to any data from anywhere else without explicit permission. This means things can't propagate themselves no matter how hard they try on Android, and the cases where root exploits have been used are quite literally one in a million. In those cases Google has activated their internal security protocols and removed the apps responsible from the user's device, leaving behind a notification that explains what has happened.

Of course, there are plenty of smart people who are always trying to circumvent any and all security measures on our phones and tablets. One day, someone may figure a way around both the sandbox and the user-approved installation. But today, there are no viruses that affect Android.

Malware is another story

malware scanners

Malware sucks, but there really are cases in which Android is infected by it. Ignore all the folks who claim malware doesn't exist because they have installed over 9,000 apps from all sorts of websites without any issues. (And we've sung that tune once or twice as well.) They're wrong. Just know that while malware isn't the big scary issue some publications make it out to be, it really does exist.

The difference is that we as users at some point said it was OK for the malware to be installed. Repeat: It can't just install itself. Somewhere, at some point, we let it happen.

Malware is what you're more likely to run into.

Malware does horrible things. Things like send your personal data back to servers you don't recognize (or, more accurately, servers you're not expecting to have your data), or harvest your credit card numbers, or watch your keystrokes. Or even worse. But malware can only do the things we said it was OK for it to do. More often than not, this kind of thing is hidden from users by doing sneaky things like placing blue text on an identical blue background that asks for your permission to access data on your phone, and it's very hard to detect. If you install a wallpaper application that wants access to your address book, ask yourself why it needs this. If you don't find a good answer, don't install it. This is where Android permissions come in. If the app — the malware, really — says it needs access to your camera when there's no way it should ever need to take a picture, be wary. The downside is you're mostly left to your own devices to figure things out. And Android (and Google) doesn't do a very good job explaining things.

Also, malware is what these Android antivirus applications are looking for and uninstalling. Besides having a known database of malware instances, some of these apps can use heuristic rules (scanning for certain patterns or behaviors) to find infected files.

I've encountered malware on Android (some pay per message SMS deal) but I had to go looking for it. It's not as in-your-face as many want us to believe, due mostly to Google's constant scanning of the Play Store to remove apps that are published with these behaviors, but it exists and is easy to find if you go looking for it.

What about spyware or adware?

Spyware and adware are likely the things most Android users have seen, and have a problem with. They aren't malware in the true sense of the word because they are following the rules and not tricking you into installing something that does more than what's advertised on the tin. That doesn't mean spyware and adware is always something good, and in plenty of instances, it sucks, too.

Look at the smartphone in your hands. I don't care who makes it, or what OS it runs, there is spyware in it on some level. Reporting errors back to developers, giving your carrier location data or usage data, or even something more like one of the Carrier IQ replacements that all carriers use. The difference is how it is presented.

For example, we're typically fine with the way Google handles location services on Android. When you opt-in to using them, you're warned that data gets sent back to the mothership. Apple does the same on the iPhone. In fact, most phone manufacturers have realized that we don't mind sharing as long as we are given the chance to decide before it happens. This is usually part of the setup on your phone.

What we don't like to see is an app that sends back a ton of user data without explicitly telling us it is doing it. Sure, you can usually sort out what an app is going to do when (or if) you inspect the permissions, but many don't bother. It just feels wrong when an app harvests user data — even if we gave it permission to do so — in a sneaky way.

Spyware and adware are mostly designed to trick you.

Some apps that use ads also harvest and send location data (which can be a good thing as long as you're aware it's happening) to better target you with relevant ads. If I'm in front of Dick's Sporting Goods, an ad about a certain brand of outdoor clothing makes sense. The problem is that many of us don't realize this is going to be happening. When you install an app with ads, look at the permissions requested. If the app requests your location and you don't see a reason the app needs it, it's likely for the ads.

Carrier spyware is another story. The people who provide us with cellphone service like to keep track of where we are using it, what we're using it for, and how often we use it. If your phone has a carrier logo printed on it, chances are you have some extra-special software inside that assists them when keeping tabs on your phone. Even if you don't, they have access to any and all unencrypted data we send over their network. I don't want to dig out the tinfoil hat, and can't think of any instances where this data was used in a "foul" way, but we need to understand that it's being done. Your carrier then uses this data to help plan things like network upgrades and how to best use their infrastructure. Things we would probably be happy to assist them with if we knew more about the process.

Then there's adware. Avast recently spotted a few apps in Google Play that at first appear to be innocuous games but later spammed the hell out of a device with scary-looking "Your phone is slow!" or "You have a virus — download this app!" messages. These apps were in Google Play and had been downloaded millions of times before Google nuked them because the behavior was delayed and users unknowingly opted into this behavior. (Google also has the ability to remove malicious apps from your phone with a sparingly used kill switch.) That's adware. (It's worth mentioning that these apps were downloaded millions of times even with Avast selling a "pro" version of its app that might well not have caught the adware in the first place because adware be tricky like that.)

We don't like any of these things, especially if we're the ones affected. We're glad that there are ways to identify and remove them if you do get involved with one, and more importantly that there are ways for more tech-savvy users to avoid them altogether. But it's important to recognize the differences between them.

Apps that use the ad-supported model aren't necessarily bad apps. Nor are apps that collect some of your data in the hopes to make future products better. Weeding out the bad apples is important, and that begins by being able to identify them.

Jerry Hildenbrand
Senior Editor — Google Ecosystem

Jerry is an amateur woodworker and struggling shade tree mechanic. There's nothing he can't take apart, but many things he can't reassemble. You'll find him writing and speaking his loud opinion on Android Central and occasionally on Twitter.