Last Updated on September 8, 2018 by Dave Farquhar
Is there a virus on my phone? Or your phone? I can’t know for certain, but probably not. Here’s what to do if your phone says it has a virus and wants you to visit a web page or pay someone money.
I’ll tell you what you really need to do, and I’ll even show you a neat trick so you’ll see fewer of these messages. And none of this will cost you anything, either.
Can phones even get viruses?
In theory, of course a phone can get a virus. It’s a computer. In practice, phones aren’t a friendly environment for viruses. There aren’t a ton of ways for a virus to get on them in the first place, and the devices themselves tend to be too different to make creating a general-purpose virus that works reliably very practical. Android malware most commonly comes from side-loading applications. Get your apps from a reputable, official app store to avoid that.
Writing a successful virus that works on all Android devices is impractical. Instead, a person has to pick a specific popular model. That will work, but as that phone loses popularity, the virus will die out along with the phone. Android viruses have to deal with a harsher ecosystem than PC viruses.
Apple iOS introduces some additional challenges. Even though the hardware and the operating system are much more monolithic, the way the system is designed makes virus-like behavior difficult, as long as you only load apps from the official app store.
In short, if you’re not engaging in risky behavior, the likelihood your phone has a virus is pretty slim.
Best practices for mobile security
The most important thing to do to keep your phone virus-free and secure is to not load apps from anything other than your phone’s official app store. Side-loading apps is asking for trouble. Side-loading pirated copies of apps you normally have to pay for is really asking for trouble.
When you load mobile apps through official stores, you’re getting apps that have gone through some degree of vetting, receive updates when necessary, and can be revoked if it turns out they are doing something they shouldn’t be doing.
And if you don’t really need an app, don’t install it. The app you never installed can’t hurt you. Uninstall unwanted apps too, for the same reason.
Finally, when you install an app, your phone tells you what permissions the app wants. If an app seems to be asking for excessive permissions, just say no and then uninstall the app. For example, I installed an app created by a former employer recently. It asked for permission to access, and even change my contacts. There is no reason whatsoever for me to grant some random application permission to access or change my contacts. I denied the permission and uninstalled the app. I don’t think a company I trusted enough to once work for would do something malicious to my contacts. But there’s no reason for me to take that chance. I absolutely wouldn’t allow a company I know very little about access to my contacts.
If you don’t want a virus on your phone, it pays to be a little paranoid. Besides, we keep so much of our lives on those devices. They deserve some respect.
If you have an Android phone, you can get antivirus for it. Your employer may even provide it. If you want to be safe, get a reputable product from a company who also makes reputable antivirus for computers,and get it from the Google Play store. On Apple phones, antivirus isn’t an option. Having a reputable antivirus product makes the question “is there a virus on my phone?” irrelevant. The only safe way to remove a virus from an Android phone is to use a trustworthy third-party antivirus product–not a random popup from a web page.
But I got this warning. Is there a virus on my phone?
Probably if you’re reading this, you got a warning on your phone saying it has a virus. Or maybe several viruses. It’s a scam. Not unlike those phone calls claiming to be from Microsoft, or some “computer maintenance department.”
Fake antivirus messages are profitable. People are scared of viruses, so it’s an easy way to scare people into giving them money. Phone viruses are rare. Infinitely more rare than virus warnings that pop up on phones.
And here’s the other thing. If there was a virus on your phone, your web browser wouldn’t have a way to know anyway.
The safest thing to do when you get this kind of a warning is to close your web browser, or, better yet, turn your phone off and back on.
How to prevent fake virus on phone messages
There isn’t a lot you can do to prevent fake virus on phone messages, but one thing you can do is reconfigure your router. If you know how to reconfigure your router, change the DNS addresses it uses to 126.96.36.199 and 188.8.131.52. These two DNS servers block a lot of scammy web pages, including fake virus on phone pages. I don’t guarantee they block everything, but they block more than any other servers I’ve found. When you use those two for DNS, you’ll get a lot fewer messages like these. It won’t protect you on the road, but it can protect you at home, at least.
It will also protect your computer from similar messages and other problems.
You can also hard-code DNS on your phone if you can’t configure it on your router. Note that you have to do this for any wifi network you use, whether you use Apple or Android phones.
On Apple smartphones and tablets, go to Settings > Wi-Fi and tap on your Wi-Fi network. Scroll down to DNS, tap configure DNS and choose Manual. Tap Add server and enter 184.108.40.206. Then tap Add server and enter 220.127.116.11. Then tap the – sign next to the other DNS servers and then tap Delete.
On Android, open the Settings on the device. Select Wi-Fi. Long press your current network, then select Modify network. Check the Show advanced options check box. Change IP settings to Static. Enter 18.104.22.168 for DNS 1 and 22.214.171.124 for DNS 2.
Is there a virus on my phone? Not on mine. Probably not on yours either. And after you make that DNS change, you’ll probably make that warning go away for good.
David Farquhar is a computer security professional, entrepreneur, and author. He started his career as a part-time computer technician in 1994, worked his way up to system administrator by 1997, and has specialized in vulnerability management since 2013. He invests in real estate on the side and his hobbies include O gauge trains, baseball cards, and retro computers and video games. A University of Missouri graduate, he holds CISSP and Security+ certifications. He lives in St. Louis with his family.