Hidden Android Administrator Apps

How to find hidden apps and delete the ones you don't need to keep your phone secure

Hidden administrator apps are a type of malware that target Android devices. These threats are characterized by stealth implementation and elevated user privileges, so you don't easily see them, and they can do more than a regular app can.

Not all Android administrator apps are malicious and not all malicious apps are hidden or have admin rights, but it's possible for fake apps, spyware, and other unwanted apps to be both.

What Do Hidden Admin Apps Do?

A hidden device admin app—another name for this malware—is an infected application that installs with administrator privileges. The app might hide away from all your other ones, so you have a hard time knowing if it's even installed. Since you don't see it on your home screen, you can't easily remove it.

What's more is that an app with admin rights can't be deleted the normal way, even if you do find it. You have to remove its administrative status before you can delete it. There's a legitimate reason for such a restriction (e.g., an antivirus app might have admin rights so that malware can't delete it), but the issue here is that there's a malicious admin app installed.

With administrator privileges, the malware obtains control of the device and can run any code that the app has embedded within it, including installing additional malware, stealing your passwords or files, participating in botnets, and mining cryptocurrency.

How to Find and Delete Hidden Administrator Apps

When the malware attempts to install, it will ask you to grant it elevated privileges. If you deny this request, the app will display frequent pop-up messages, often after you restart the device, asking again for those privileges.

However, pop-up messages don't necessarily mean it's malicious. A better way to confirm if you have unwanted, hidden admin apps installed is to check a particular setting on your device.

Use Your Device's Settings

In the settings is a list of apps that have admin privileges.

  1. Open the Settings app to see the list of admin apps. This is the common way to list them, but the path to get there depends on your Android version:

    • Apps > Special app access > Device admin apps
    • Apps & notifications > Advanced > Special app access > Device admin apps
    • Security > Device admin apps
    • Security & privacy > Device admin apps
    • Security > Device Administrators
    • Lock Screen and Security > Other Security Settings > Phone Administrators.
    Android phone with the Security & Privacy and Device admin apps settings items highlighted
  2. Once you've accessed the list of device admin apps, disable admin rights by tapping the option to the right of the app. This will remove the check mark, or toggle the button to the off position.

  3. Now you can delete the app normally. On some devices, you can tap the app right there in the admin apps list and then use the Uninstall app link to remove it immediately.

Unfortunately, this method won't work for all variants of this malware since some hidden administrator apps can hide this deactivation option. You can find other installed apps through Settings > Apps.

Apps & notifications and "see all apps" settings options on an Android phone

If you're not sure what you're looking for but you suspect there's a hidden Android administrator app installed, this might be a good time to delete any and all apps you don't use anyway so that that only legitimate apps you recognize are left on your device.

Try a Third-Party App

Can't find the hidden admin app? Malwarebytes should be helpful.

From the menu, tap Privacy Checker, run the scan, and then select Act as a device administrator. Listed there are all the apps installed on your device that can take on an admin role. Select the menu next to one, and then tap Delete app.

Android admin apps listed in Malwarebytes

Run a Virus Scanner

Malwarebytes includes a malware scanner, but there are other antivirus apps for Android that you could use instead of or in addition to it.

A virus scanner should be helpful because the hidden admin app most likely includes signatures that match malware, in which case the AV app will be able to delete it.

How to Prevent Hidden Administrator Apps

Your best defense against hidden Android admin apps is caution when downloading and installing all apps.

Follow these basic security best practices:

  • Pay close attention to where you found the app. Only download from a reputable app store, like Google Play or Amazon Appstore, avoiding pirated and unofficial sources.
  • Read app reviews before downloading. Users often rate an infected app poorly and warn others to avoid it.
  • See who's releasing the app. If it's not the name of the company that made it, or it's a name you don't recognize, do some research and visit their website to get a full understanding of who they are and why they offer that app.
  • Be aware of the prompts you see on your device. If an app is requesting admin rights, ask yourself if it's really necessary. It makes sense for legitimate security-related apps to request such permissions so the screen can be locked by the app or data can be erased remotely, but other ones don't usually need those rights, like a calculator, messaging app, bank app, etc.
  • Keep the Android OS updated to address security flaws that a hidden admin app could access.

Other Kinds of Hidden Apps

Some Android apps aren't hidden because they're malicious, but instead because they were purposefully hidden—there are several ways to hide Android apps. For example, a teen might be hiding photos on their phone, or texts, and parents might be hiding apps from their children.

Look through the list of apps on the device to see everything that's installed, not just what's visible on the home screen. Also look out for apps made specifically for hiding things. They might go by the name AppLock, App Defender, or Privacy Manager. In some cases, if it's a so-called vault app, the name could be cloaked to remain inconspicuous. Most privacy apps are probably password protected.

Was this page helpful?