Virustotal for Android scans all apps for malicious contents

Martin Brinkmann
Sep 15, 2013
Updated • Dec 10, 2018
Antivirus, Google Android

Apps are without doubt one of the core features that helped Google and Apple gain traction in the mobile phone market so quickly. When you browse the Android store nowadays, you get a selection of hundreds of thousands of applications for all kinds of purposes, from gaming to better navigation, social networking or Internet browsing.

While that is great, there is always the danger that apps may load malicious contents on the device. While they are checked by Google before they are published in the official store, it does not protect against malicious apps 100%. Plus, Android users can download and install apps from third party sources as well.

It may sometimes be necessary to install an app from a third party source, for instance if Google does not allow apps of its kind in the official store.

Update: Google removed the official Virustotal application on Google Play; it is no longer available. Android users can scan APK files directly on Virustotal, but there is no option available anymore to scan files using an application. End

The Virustotal application for Android has been created by the makers of the popular online virus scanning service. What makes Virustotal great is that it scans files using about 40 different antivirus engines. The idea here is that malicious code can be identified better if multiple engines are used.

Virustotal for Android

That's exactly what the Virustotal app for Android offers, but instead of providing you with the means to scan individual apk files or other files that you have stored on your Android device, it scans all installed apps automatically on start.

virustotal for android

The scan itself may take some time depending on how many apps are installed on the device at that time.  Note that the app will compute hashes and compare them to the Virustotal database, and that both user apps and system apps are scanned by it.

The results are divided into two tabs that you can switch between, with the user apps listing displayed to you by default. Each app is listed with its name and icon, and a rating. A green rating indicates that nothing malicious has been found during a scan, while red means that at least one of the scanners picked up a malicious signature.

This can be a false positive of course, and the likelihood that this is the case is rather large if only one or two of the scanners picked something up while the remaining 40 did not.

You can tap on any application listed here to display detailed scan information. This screen is divided into two tabs as well. The first highlights how many scanners have identified the application as potentially malicious, while the second displays the list of scanners and their findings individually.

malicious android app

You may notice that some apps are displayed in blue. This indicates that they have not been found in the database yet. You can have them scanned by Virustotal, but need an account at the service for that.


The Virustotal application is not a realtime protection app for Android. One could say that damage may have already been done if a scan finds malicious apps running on the system. It is however still better to know about it then to be indifferent about it. Running the app can be reassuring that all user and system apps are clean.

software image
Author Rating
no rating based on 0 votes
Software Name
VirusTotal for Android
Operating System
Software Category

Tutorials & Tips

Previous Post: «
Next Post: «


  1. Declan said on March 29, 2014 at 2:21 pm

    Martin, Thanks for that explanation, that was happeneing to me as well.
    And forgive me if I’m piggy-backing here … but do you or any of your readers know of an encryption app where you can encrypt just a singular file? The applications you mentioned above will create a virtual drive or volume to encrypt it, or maybe a virtual folder, but I’d love to be able to encrypt just a file and park it anywhere on my hard drive or thumb drive and know it’s secure.
    Thanks again for your great website.

    1. Martin Brinkmann said on March 29, 2014 at 2:25 pm

      You can use a program like Datalocker for that, or zip software such as 7-Zip.

  2. PhoneyVirus said on March 30, 2014 at 3:18 am

    Had to remove the beta, because I having problems with Real-time protection. I did like the layout, but everything was pretty much the same. Looking forward to the stable version when it releases, when ever that maybe. Also like the ideal of them supporting TrueCrypt because I use it. There’s one thing that I hate about Malwarebytes and that is, it never remembers the last window size when closing it. Kinda annoyance when using it on a smaller screen, say like a Netbook.

  3. Declan said on March 30, 2014 at 5:46 am

    Thanks, Martin. I’ll give it a try.

  4. [email protected] said on March 30, 2014 at 4:19 pm

    Scanning your hard drive for Adware Tracking Cookies is unnecessary. It will wear out your hard drive sooner and wastes your time. Keep the following folder in Windows Explorer emptied out. I check mine once a day. Add the folder to your Windows Explorer Favorites.


  5. chesscanoe said on March 31, 2014 at 3:54 pm
    Reply has a MalwareBytes User Guide you can click on to read in your Chrome Browser (at least). You then can get directions to exclude files and folders individually. Wouldn’t this circumvent the encrypted files problem? ( I don’t have any to test).

    1. Martin Brinkmann said on March 31, 2014 at 3:57 pm

      It is not a problem of encrypted files, but of encrypted hard drives and partitions.

  6. Joe C said on December 27, 2014 at 7:54 pm

    I’m getting the same ‘can not load Rootkit driver (error 20025) on a 13 year old Win XP system after an upgrading to 2.0) yes, I know I need a new PC and am accepting donations HAHA) I’m running the stock program configuration because I haven’t figured out how to change anything (I’m visually impaired and the current UI makes this difficult) OR amake this error go away. I have no encrypted drives that I know of. I WANT to do a rootkit scan so the prompt to run the scan without it is useless. I’m running Zonealarm and Avast, AAV’s scan completes with no issues. In spite of these I’m pretty sure I have a rootkit and am trying a Shotgun approach, most AntiRootkit tools find no issues. Please, guys, I’m going bald from tearing my hair out over this one. Perhaps MWBAM is choking on an older stsyem? The other AntiRootkit utilities (RootkitBuster, Kapersky, Combofix, can’t find that much but run just fine. I’m NOT running in Safe Mode, I’ll try that later. If that’s the fix, maybe MWB will include specific instructions to that effect — or write a truly automatic program. Now that Microsoft has cut us adrift we are at the mercy of wind and weather, we have no other course to chart. Thanks for any bearings, Joe C

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.