Malwarebytes permission functions on Android device

Document created by jgolomb Employee on Dec 18, 2018Last modified by fgil on Mar 20, 2019
Version 19Show Document
  • View in full screen mode

Malwarebytes on Android devices offers several protection layers which require user permission to function. Below are descriptions for each different permission and how Malwarebytes uses them.


Device Administrator

This setting gives Malwarebytes full permissions on your device. This allows us to protect you from ransomware, to enable Real-Time Protection features and to safeguard against the possibility of malware uninstalling Malwarebytes. This setting is only available to Premium and Trial users. Note that Malwarebytes for Android is not capable of performing some of the actions listed in the Android confirmation prompt, such as wiping your phone without notice.


Usage Access

This permission provides additional meta-information on Apps installed which may require this information, such as Real-Time protection or Your apps screen.



This permission is required for monitoring all HTTP/HTTPS calls as part of the Safe Browsing feature. When activated, Safe Browsing Service monitors text on screen, paying special attention to web URLs and email links. When it finds a potentially malicious link, it scans the link against known phishing URLs to find a match and block. The user is notified if anything suspicious is found.


Access Storage

Malwarebytes' Real-Time Protection requires Storage access to perform any manual or scheduled scanning operations.


Draw Over Other Apps

Malwarebytes for Android requires this permission to display anti-ransomware recovery steps. In case ransomware manages to block a user's screen the user can still bring up ransomware recovery instructions on top of the screen using this volume button combination. 



Before it will work, start volume control by tapping any of the buttons up or down, followed by the combination.

Draw over other apps is required to overcome block of the screen which could have been made by ransomware.



Additional information