Malware comes in all shapes and sizes, and can range from being a mild inconvenience to an exfiltration tool that can steal your money and identity, or turn your device into a zombie crypto miner.
While you probably rely on Google to keep your Android device free from unwanted and malicious programs, turning off your phone every day may be one of the things you can do to protect yourself too.
How Does Malware Get Onto Your Android Phone?
Malware typically makes its way onto your phone as part of a larger package. It may come embedded with a common or useful app such as a spirit level, a calculator, or a flashlight app.
These apps are usually fairly useful, quite innocuous, and the kind of tool you might need in a hurry without caring too much about the source. Occasionally, they are some of the most popular apps on Android.
Malware distributors could either buy the app outright, or pay developers a small sum to add a few lines of innocent-looking code to their app.
The malware is seldom included in the app itself; instead, the extra code is used to download yet more code from a remote server.
This can be something which runs in isolation on your device and will occasionally phone home to developers with, for instance, a log of your keystrokes, or the malware can be directly controlled by a remote operator who can add modules and functionality on the fly.
Once criminals have your login details, they can access your other online accounts, and may even be able to use them to break into your home network, or that of your employers.
A sign that an app may be malware is if it demands access to phone functions irrelevant to its purpose. A spirit level doesn't need access to your keyboard, and a calculator has no business listening to your microphone. You should at least check the permissions of all your installed Android apps.
How Turning Your Phone Off Helps Keep You Safe
To start with, if your phone isn't turned on, and can't execute code, malware can't run at all. However, it's rather pointless having a communications device which doesn't communicate!
Instead, experts suggest that you should reboot your device on a regular basis, usually once per day or once per week—the exact frequency doesn't matter, so long as you power down your phone on a regular basis.
If malware is embedded in an app which you've left running in the background, this will force it to close and reset connections.
In many cases, if you don't manually start the app again, you're safe from attack: it won't be able to phone home and it won't be able to pass your data to criminals over the internet.
Does Turning Your Phone Off Always Keep You Safe From Malware?
In short, no. Certain apps start running on your phone as soon as it starts up. On Android phones, these include all the Google suite of apps such as Google Drive, Google Photos, your default dialer, and SMS app.
Other third party apps also have this privilege.
If an app which has no legitimate need to launch when your phone reboots does have this privilege, it may be home to malware.
To check what apps launch immediately after your Android phone boots, enable developer mode, close all running apps, then reboot your device From within the developer mode menu, click on Running Services, and look for apps which shouldn't be running at that point.
Consider whether your calculator needs to load in the background at boot time...
Android Phones Aren't the Only Devices Vulnerable to Malware
Although your Android phone is the device you use most regularly, it probably isn't the only computer you use.
Desktop PCs are often targeted by criminals, so make sure you have a powerful and up-to-date antivirus suite to combat any cyber threats that try to infect your network.