Why Does My Phone Download Apps by Itself? The Real Reasons Explained
You pick up your phone one morning, scroll through your apps, and stop. There's something new sitting there that you definitely didn't install. A game you've never heard of. A shopping app. Some random utility with a generic icon. You didn't download it. You didn't ask for it. But there it is.
This happens to a lot of people, and most of them don't know why. Some assume they must have accidentally clicked something. Others wonder if they've been hacked. A few just delete the app and move on without thinking twice.
Here's the thing: in most cases, you weren't hacked. But the reasons behind it are worth understanding, because some of them are genuinely invasive, and some require action beyond just deleting the app.
There are several distinct reasons why your phone installs apps without your explicit input. The most common culprits include malware, adware, app permission abuse, backup restoration, and carrier or manufacturer auto-downloads . Each one works differently, and the fix for one doesn't apply to the others. Let's go through them properly.
The Business Deal You Never Knew You Agreed To
This is the most common cause, and it's the one people find most surprising when they first learn about it.
When you buy a phone through a carrier, AT&T, Verizon, T-Mobile, or any other network provider, there's almost always fine print in the purchase agreement that grants them the right to install apps on your device. It happens to be in the agreement that you sign with the carrier that they can install apps at their discretion . Most people don't read that section. Most people don't even know it exists.
The apps that arrive this way are called bloatware. Bloatware refers to unwanted software that a manufacturer, carrier, or operating system developer pre-installs on a new device. These applications are often unnecessary for core functionality and serve promotional or commercial purposes rather than user benefit .
The motivation is straightforward money. Carriers receive payments, placement fees, or revenue-share deals from app vendors and content providers in exchange for pre-installation or prominent placement on your device . Budget Android phones tend to have more of it because the manufacturer is subsidizing the device cost by selling your home screen real estate to the highest bidder.
The specific mechanism carriers use for this varies. Verizon, for example, uses an app called Verizon App Manager, which runs silently in the background. App developers, brands, and telecom companies use Digital Turbine to grow their apps via monetization and automatic app installs. Carriers like Verizon use this to push their exclusive apps onto your device . You might have disabled everything in your settings that you thought controlled this, and still find new apps appearing. That's because the carrier's installer app operates with system-level permissions that override user preferences.
As one MakeUseOf analysis of Android bloatware put it : "The worst offender when it comes to pre-installing bloatware isn't your phone manufacturer, it's your cellular carrier. You might see more bloatware downloaded automatically on an Android carrier model, which is frustrating." On a carrier-branded Galaxy device, the same piece of reporting found pre-installed apps for account management, device help, and a selection of mediocre games the reviewer never would have installed voluntarily, including Monopoly Go, Candy Crush, and others.
Samsung adds its own layer on top of carrier bloatware. The Galaxy Store can install apps separately from the Google Play Store, and it can do so without the same prompts you'd normally see. On top of that, Samsung has manufacturer partnerships with companies like Microsoft, resulting in apps like LinkedIn, Microsoft 365, and Copilot arriving pre-installed on Galaxy devices as part of bundled commercial agreements .
This is the category where the app you found isn't dangerous. It's just commercially motivated and placed there without your meaningful consent.
When It's an App You Already Have, Acting Without Your Knowledge
Sometimes the mystery isn't a completely new app. It's a permission granted to an existing app that lets it pull in more software on its own behalf.
Granting overly broad permissions to apps can allow them to perform actions beyond their intended purpose, including installing other apps . On Android specifically, there's a permission called "Install Unknown Apps" that controls which apps are allowed to push new installs onto your device without going through the Play Store. If any app on your phone has this permission enabled, it can effectively act as its own app store.
This is how some game apps install companion apps, how ad networks push promotional installs, and how certain utility apps expand their footprint over time. The original app you installed might have seemed harmless, but buried in its permissions was the ability to bring more software along. In-game ads have evolved to the point where simply dismissing an ad can trigger an automatic installation if the right permissions are in place . You hit the X to close the ad, your finger lands slightly off target, and something starts downloading.
The fix here is specific. On Android, go to Settings, then Apps, then the three-dot menu or Special App Access, then Install Unknown Apps. Review which apps have this permission enabled. Anything that doesn't genuinely need it, a game, a shopping app, a browser you barely use, should have it disabled immediately.
On iPhone, iOS handles this more tightly. Apple requires explicit user confirmation for app installs, and third-party apps cannot push installs directly the way Android allows. That doesn't make iPhones immune to every issue on this list, but it does make this particular category much rarer on iOS.
Your Old Phone Is Restoring Itself Onto Your New One
This one confuses a lot of people because it feels like the phone is acting on its own, but it's actually doing exactly what you configured it to do at some point.
When you set up a new Android phone and sign in with your Google account, one of the setup options is to restore your previous phone's apps and settings. If you tap through quickly during setup, which most people do, you may not realize you've selected a full restore. The phone then begins re-downloading every app that was on your previous device, including ones you had stopped using or forgotten about entirely.
To stop an Android phone from downloading apps by itself after a switch, you can disable automatic restore before switching. This allows you to manually select the apps that should be downloaded to the new device . If you've already set the phone up and it's still pulling in apps, go to Google Play Store, tap your profile icon, go to Settings, then Manage Apps and Device, and check what's queued for download.
On iPhone, the same thing happens when you restore from an iCloud backup or use the Quick Start migration feature. Apps that were on your old device get transferred to the new one. Some of them, like Apple's own apps bundled with iOS updates, appear without going through the App Store at all. Several iPhone users on Apple's discussion forums have reported seeing apps appear that they didn't install, only to realize they were Apple's own apps bundled with an iOS update or transferred during device setup . It's alarming the first time it happens, but in most cases it's a benign transfer rather than an intrusion.
If you want control over what lands on a new device, the answer is to be deliberate during setup. Both Android and iOS allow you to choose what you restore rather than accepting the default of restoring everything.
When It Actually Is Malware
Let's talk about the version that's genuinely concerning. Because while carrier bloatware is annoying and permission abuse is invasive, actual malware installing apps on your phone is a different category of problem.
In rare cases, malware or malicious apps can infiltrate your device and initiate unauthorized app downloads. A Kaspersky mobile threat report found that attacks on Android smartphones surged 29% in the first half of 2025, with mobile banking trojans detected at nearly four times the previous year's rate . These aren't just nuisance apps. Banking trojans specifically are designed to overlay fake screens on top of your real banking apps, capturing your credentials as you type them.
The signal that separates malware from the other causes on this list is behavior. Malware-installed apps tend to arrive in clusters, show up alongside battery drain or overheating that wasn't there before, generate unusual mobile data usage at odd hours, and sometimes disable your security settings. If you've only noticed one unknown app and your phone otherwise feels normal, the cause is probably one of the more benign categories above. If you're seeing multiple unexplained apps alongside other performance changes, that's worth treating as a security concern.
Google's 2025 Android security report shows that Google Play Protect identified more than 27 million new malicious apps from outside the Play Store and blocked 266 million risky sideloading installation attempts, underscoring how widespread the threat of unauthorized downloads has become . The volume of that number matters: 266 million blocked attempts means the threat is active and constant. Play Protect catches a lot of it. It doesn't catch everything, especially apps installed from outside the Play Store entirely.
If you sideload apps, meaning you install apps by downloading APK files outside the Play Store, you take on significantly more risk. The Play Store is imperfect, but it runs safety checks. Google's AI-powered app review process blocked 1.75 million policy-violating apps from reaching the Play Store in 2025 and now runs over 10,000 safety checks on every published app . There's no equivalent protection for APKs downloaded directly from websites.
How to Check What's Actually Happening on Your Phone
Before you delete everything you don't recognize, take a few minutes to diagnose which category you're actually dealing with. The approach matters.
Navigate to Settings, then Apps, and review all installed applications. Apps you don't recognize or haven't installed manually should either be researched before dismissing or disabled and uninstalled . Don't just check the visible app drawer. System apps are often hidden from the main list. On Android, tap the three-dot menu in the app settings screen and select "Show System" to see everything installed, including pre-loaded carrier and manufacturer apps.
Check your data usage by going to Settings, then Network and Internet (or Connections on Samsung devices), then Data Usage. Sort by consumption and look for apps generating significant background data that you don't recognize. A legitimate app you've never opened shouldn't be sending or receiving data. One that is, especially outside of normal hours, is worth investigating.
Check which apps have the "Install Unknown Apps" permission enabled . On Android, go to Settings, then Apps, then the three-dot or gear icon, then Special App Access, then Install Unknown Apps. Disable this for anything that doesn't genuinely need it.
Check your Google account sync settings too. Go to Settings, then Accounts, find your Google account, and review what's being synced. If app data sync is enabled and you've signed into this account on another device with different apps installed, you might be getting apps pulled in from that device's history.
For iPhone users, go to Settings, then your Apple ID at the top, then iCloud. Under Apps Using iCloud, you can see what's syncing. Also check Settings, then App Store, and review whether Automatic Downloads are enabled for App Updates or Purchased apps from other devices.
If you suspect malware specifically, run a scan. Malwarebytes for Android is free and handles behavioral detection well. Google Play Protect runs automatically, but you can trigger a manual scan by going to the Play Store, tapping your profile icon, and selecting Play Protect, then Scan.
How to Stop It Going Forward
For carrier bloatware that keeps coming back, disabling the carrier's app manager is the most effective step. On Verizon devices, find Verizon App Manager in your app settings and disable it. Deactivating Verizon App Manager doesn't negatively affect your device. It is a bloatware app that is unnecessary for the proper functioning of your phone . Other carriers have equivalent apps under different names. A quick search for your carrier's name plus "app manager" will surface what to look for.
For Samsung's Galaxy Store specifically, open it, tap the menu or settings icon, find Auto Update Apps, and set it to Never. This stops the Galaxy Store from silently updating or installing apps in the background without prompting you.
For Google Play auto-installs, open the Play Store, tap your profile icon, go to Settings, then Network Preferences, then Auto-update Apps, and choose Don't Auto-Update Apps. This prevents previously installed apps from pulling in bundled updates that include new apps.
For the longer term, buying an unlocked phone directly from the manufacturer rather than through a carrier removes the carrier's ability to pre-install apps at all. Unlocked devices are not associated with any carrier, so they don't come with carrier bloatware. Similarly, buying from a carrier's prepaid subsidiary or an MVNO often results in fewer pre-installs . Pixel phones from Google are frequently cited as having minimal bloatware. Google Pixel phones are widely praised for their clean, near-stock Android experience with minimal pre-installed apps apart from Google's own suite .
Review app permissions regularly, not just when you first install something. Apps can receive permission updates silently through their own updates. The guide on how to find apps that are secretly accessing your data walks through that audit in detail, and it's directly relevant here since apps with excessive permissions are often the ones pulling in unauthorized installs.
If you're concerned about the broader security picture on your device, especially if you're using your phone for work or remote job applications, the article on how to check if a website is safe before clicking is worth reading alongside this. A lot of malware delivery starts with a link, not an app store, and understanding how that chain works helps you avoid the first step.
And if you manage team tasks remotely or use productivity tools on your phone, keeping your device clean from background-running apps matters more than most people realize. Unexpected installs eat storage, consume background data, and drain battery. The guide on tools to manage team tasks remotely is relevant context if device performance is part of your day-to-day work setup.
