Top 4 Best Antivirus for Android of 2019
Compare the best brands
Best Free Antivirus for Android. A few optional paid features. The free antivirus will be enough for most.
- Protection for Android 100% 100%
✓ 60-day money-back & 24/7 support
Read our full Norton Review
The Best Free
- Protection for Android 100% 100%
✓ 30-day money-back & 24/7 support
Read our full BitDefender Review
The Best Paid
- Protection for Android 99% 99%
✓ 30-day money-back & 24/7 support
Read our full McAfee Review
- Protection for Android 98% 98%
✓ 30-day money-back & 24/7 support
Read our full Avast Review
How We Test
Below we explain with factors go into the calculation of our editors’ rating, what each of these factors mean, and the data sources we use
How We Test
Buying the best antivirus software for Android is important.
So want to be as clear as possible about the method and data we use to determine the best software.
We analyze the antivirus tools for Android according to 6 factors. All of them matter, but not in equal amounts. Therefore, the impact each has on the final score varies. See the factors, and their impact, in the graph below:
- Protection from Malware 50% 50%
- Impact on Performance and Speed 15% 15%
- Devices and Features 10% 10%
- User Reviews 10% 10%
- Value for Money 10% 10%
- False Positives 5% 5%
The protection, impact and false positives data come from AV-Comparative and AV-Test. The two institutes are considered to have the best antivirus test facilities in the world.
The user review data comes from TrustPilot and the Google Play Store. TrustPilot specializes in the collection of verified user reviews from both consumers and business buyers, and the Google Play Store has one of the largest collection of software reviews in the world.
The value for money data is our own interpretation of the amount of value offered by the cybersecurity companies. We use the price, features, and protection level as data points, which come from the manufacturers.
The supported device’s data comes directly from the manufacturers and is the most straightforward of the factors.
Protection from Malware
Protection from malware makes up 50% of the total score
The core feature of cybersecurity products is protection from malware and other online threats.
Malware, which stands for malicious software, is a term that encompasses a wide range of digital threats. It includes the classic malware, such as adware, viruses, spyware, ransomware, and worms. But also the human-focused threats that not necessarily use specific software, such as phishing attacks, social engineering, spam, scams and cyberbullying.
Due to this wide range of threats the antivirus software must combat, the tools have grown increasingly sophisticated over the years. These days, the best antivirus software for Android use three different methods of keeping you safe, both online and offline.
Below we describe each of these in more detail.
Signature File Detection:
This is the classic form of antivirus protection and the reason why these programs are often called virus scanners. In this method, the antivirus programs scan systems, networks, and files for malicious code, called digital signatures.
These digital signatures are indicators, such as snippets of source code, that allow cybersecurity software to recognize malware. Much like a detective would use a fingerprint to recognize a criminal.
All these digital signatures are stored together in incredibly vast databases which contain hundreds of millions of malware samples. When a cybersecurity firm discovers a new type of malware, it uploads its digital signature to the database, allowing antivirus software to recognize it in the wild.
This method of detection is incredibly fast, scalable and reliable, but it is not perfect. The problem with this method is that it is always one step behind new attacks. After all, a new type of malware must first be discovered and uploaded to the database before the antivirus tools can recognize it.
This makes the software effectively blind against new threats. To combat this, the cybersecurity companies have evolved their methods of malware detection. Below we describe the next step in this evolutionary process.
Heuristic File Detection:
Heuristic file detection takes malware discovery to the next level. Rather than relying on a database of digital signatures, it is capable of discovering new malware threats that have never been seen before.
The key is to look for behavioral patterns instead of code snippets. Once a file is flagged as suspicious, the antivirus program uses one of two ways to continue its analysis:
File Emulation: During file emulation, also called “sandbox testing”, the antivirus software moves the suspicious file to a safe environment, often a virtual machine called the “sandbox”.
Here the file is studied for malicious behavioral patterns, such as rapid replication attempts and hiding or overwriting files. Whenever these behaviors are uncovered, the file is considered malware and will be eliminated.
Genetic Signature Detection: As the development of malware is a lot of hard work, its creators prefer to reuse the same malware as often as possible. To avoid signature-based detection, slight variations of the same malware are created.
The source code of these new variants, however, is often very similar to the original. And this is where genetic signature detection comes in. It analyzes the source of suspicious files and compares this with the source code of known malware samples in the database. When there is a significant overlap, the file is considered dangerous and will be eliminated.
User-Focused Protection Features:
As malware and anti-malware co-evolve, the creation of new and smarter malware becomes increasingly more difficult. It, therefore, makes sense that many cybercriminals direct their attention to a different strategy: Tricking users into handing over sensitive data.
Phishing scams, in which users are convinced to provide personal information to seemingly trustworthy sources such as their bank or PayPal, have become very common. Although these attacks do not fall under classical malware, they are still a big part of cybersecurity.
In order to protect you from these forms of cybercrime, the best antivirus software have developed a third weapon in their protection arsenal: A wide range of user-focused protection features.
Among these are:
Web advisors that flag websites you should not visit.
Wifi advisors recommend avoiding certain public WiFi without a VPN.
Password managers help in the generation and storing of highly secure and unique passwords.
Payment browsers automatically open when you visit your online bank and provide an additional layer of security.
Impact on Performance and Speed
Performance impact makes up 15% of the total score
This factor measures the slow down of a device due to the installation of antivirus software. Each antivirus program requires some resources to operate, impacting the operating speed. However, some use considerably more resources than others.
For the Android category, the testing facilities did not provide performance data. We, therefore, have not taken this factor into consideration to select the best antivirus for Android.
Devices and Features
Supported devices makes up 10% of the total score
In the Devices and Features category, we analyze the operating software which the antivirus support, and the features they offer for each. Frequently, antivirus software are fully equipped for Windows, but less so for Mac and Android.
A note on iOS:
All cybersecurity companies featured on SoftwareLab produce products for Windows, Mac, and Android. Not all do so for iOS, the operating software of iPhones and iPads.
While it is true that iOS is a safer operating system than the others, users are still at risk, even on iOS. This might not be because of the threat of malware, but rather due to risky behavior on the users’ part.
As people still use unsafe passwords, fall into phishing scams, visit insecure websites, and surf unencrypted wifi networks, most users could benefit from a cybersecurity product offering protection features for these instances.
User Reviews make up 10% of the total score
User reviews are an incredibly important resource in product research, as they reflect product quality, customer support, and the overall purchasing experience.
Over time, however, user reviews have turned into a powerful market tool, which is often abused by product manufacturers and comparison websites alike. Making it difficult to know which user reviews to trust.
To rely only on the most objective and trustworthy source of user reviews, we use the data provided by TrustPilot and the Google Play Store. These two websites are specialized in the collection of real reviews from verified users.
Value For Money
Value for Money makes up 10% of the total score
Malware can cause incredible harm, both emotionally and financially. Purchasing an antivirus product solely on the basis of its price is therefore not recommended.
That being said price does play an important role of course. Especially considering the fact that many of the antivirus software providers offer very similar products and protection.
To research this, we have analyzed the price, protection level and features offered by the various security providers.
False Positives makes up 5% of the total score
False positives are events in which antivirus tools flag a clean file as malware. It is nothing dramatic but can be annoying. When it comes to antivirus for Android, it seems that false positives are a thing of the past. All antivirus providers, except Avast, have scored a perfect score in this department.
AV-Test is a German cybersecurity research and test firm that has been active since 2003. It runs in-depth antivirus analysis for both consumer and corporate grade cybersecurity products. It has become a global brand known for accurate testing and credible results. We consult the findings of AV-Test for the protection and performance scores.
AV-Comparatives is the second, globally recognized, cybersecurity research and test firm. They have been active since 1999 and are known for their ability to create real-world simulations in which all aspects of the antivirus software can be tested. Like AV-Test, we consult the findings of AV-Comparatives for the protection and performance scores.
TrustPilot specializes in the collection of verified user reviews from consumers. It is one of the largest platforms of its kind, featuring over 45 million reviews covering 200.000 businesses worldwide.
The Google Play Store is the app store for Android, the most used mobile operating system in the world. The Google Play Store has one of the largest software review databases in the world.
Tech enthusiast and founder of SoftwareLab. He has degrees in Engineering and Business, and has been active in the analysis of software, electronics and digital services since 2013.
Frequently Asked Questions
Below we have summed up the most commonly asked questions surrounding the topic of cybersecurity and the best antivirus software for Android.
Antivirus software protects you from malware in all its forms, whether viruses, spyware, adware, ransomware or phishing scams. It does this not only by scanning your system for existing malware and deleting any that it finds. But also by helping you avoid new threats, both online and offline.
The term malware is used to describe any form of malicious software designed to cause harm to you or your devices. Common forms include ransomware, spyware, adware or viruses. These days, however, it is loosely used for a broader range of digital crime, including DDoS attacks and phishing, as well as the classical malware examples.
Types of Malware
Below we list and describe many forms of malware, including a range of surrounding terms that are not considered classical malware but are still important to be aware of. The list is ordered alphabetically.
Malware designed to show ads or perform unwanted market research is called AdWare. It is often harmless and solely responsible for annoying pop-ups or toolbars. Sometimes though, it tracks your online surfing behavior, stores your browsing history or records your keystrokes.
When a large group of devices can be controlled remotely by a hacker, we call it a botnet, or robot network. These devices are infected by specific malware called rootkits that give the hacker administrative access to them. Usually, a botnet is used to stage DDoS attacks.
New software releases or updates often come with security flaws. When a hacker hijacks a system abusing one of the security flaws, it is called a computer exploit, or a vulnerability exploit.
A computer virus is software that finds its way into your device without your permission and knowledge and seeks to replicate itself onto other devices and networks. Computer viruses range from being merely annoying to highly intrusive.
Computer worms are pieces of malware that self-replicate across devices and networks. When your computer loses an incredible amount of operating speed, it is often infected by a computer worm.
Hacking is the manipulation of computers or networks to steal data from them, lock them or overtake them entirely. This is done through the use of malware such as ransomware, trojans, spyware, and others.
Any form of crime executed online can be considered cybercrime. It ranges from minor malware attacks to large-scale ransomware operations. It is the fastest growing and most scalable form of crime in the world.
DDoS stands for Distributed Denial of Service. A DDoS attack is designed to take down websites or networks by overloading them with visits. These visits are generated by the thousands from a network of malware-infected devices, called a botnet, that is controlled remotely by a hacker.
Whenever a cybercriminal steals personal data from someone it is called identity theft. This data can be PayPal login details, social security information, or credit card numbers. Usually this information is used to pay for products or services, or to open up new accounts such as phone contracts.
Keyloggers are a subset of spyware. It is software that is secretly installed on your device and tracks your keystrokes in the hope to uncover passwords, bank accounts or other personal information.
Phishing scams are fairly common these days. Often in the form of emails that seem to come from trustworthy sources, such as PayPal, your bank or the tax authorities. When clicking on a link in the email, you are redirected to a fake website, where you are requested to fill in personal information such as passwords, credit card information or bank details. This information is then sent straight to the cybercriminals.
Ransomware, sometimes referred to as scareware, is designed to encrypt and lock your device, after which a ransom is demanded to unlock it. In recent years, various ransomware such as WannaCry have spread rapidly across the world, causing incredible amounts of damage.
A Rootkit is a piece of malware installed on your device that gives a hacker remote access to it. As rootkits are often hidden deep within the operating software, they are difficult to uncover. When the same rootkit is used on a large number of devices, the hacker can create a network of remotely controlled devices called a botnet.
Social engineering scams are designed to manipulate people into giving up sensitive data such as online banking details or passwords. As people are the target, rather than their devices, even the best antivirus for Android can’t defend against social engineering.
Spam messages are unwanted emails arriving in your inbox or spam folder. Often sent in bulk to thousands of people, these messages have little to offer outside of advertisements. The best antivirus software and email clients have clever filters that keep spam out of your inbox.
When you receive a message that seems to come from a legitimate organization such as your bank, but actually comes from a criminal, this message is “spoofed”. Is the activity of making phishing messages seem to come from a trustworthy source.
Spyware is malware that spies on you. It attempts to steal your financial or personal information, such as credit card details and social security data. A common form of spyware is a keylogger, which tracks and records your keystrokes.
SQL stands for Structured Query Language, and is the programming language used to communicate with the database of a website. Hackers sometimes use SQL injection to alter the database of a website, allowing them access to it.
As in the Greek story, a digital Trojan Horse pretends to be something it is not. It might be disguised as an email attachment or fun video, but as soon as you interact with it, it will start downloading malware onto your system.
Software vendors frequently release new products or products updates. When such a product or update contains a cybersecurity vulnerability, that neither the software vendor nor the cybersecurity companies know off, we speak of a zero-day vulnerability. A zero-day exploit means someone taking advantage of this vulnerability.
Below you can find all the sources we have used in our analysis