We review products independently, but we may earn commissions if you make a purchase using affiliate links on our website. Also note that we are not antivirus software; we only provide information about some products.

Independent Android security review · evidence checked July 14, 2026

DFNDR Security Review 2026: Active, but Lab-Test Gap

DFNDR is actively updated and bundles malware, scam and identity tools, but its last product-specific AV-TEST result is almost nine years old.

Platform: Android Updated: June 30, 2026 Latest lab result found: 2017 Editorial score: 6.1/10

Our verdict: DFNDR Security is a legitimate, actively maintained Android security app—not an abandoned “phone cleaner.” Google Play shows an update on June 30, 2026, and the current app combines installed-app/file scans, newly installed app checks, scam-link warnings, identity breach monitoring and cleanup tools. We still would not make it our first Android antivirus recommendation. The last product-specific independent result we found is AV-TEST's excellent test of dfndr security 5.0 from November 2017; DFNDR is absent from AV-Comparatives' 2025 tested Android set. The free edition is ad-supported, some notification controls require payment, Accessibility access is powerful, and PSafe's privacy policy permits broad advertising/analytics data flows. Use it if its anti-scam and identity bundle matches your risk and you accept those trade-offs; otherwise keep Play Protect enabled and choose a currently lab-tested alternative. Editorial score: 6.1/10.

Editorial rating6.1/10
Release statusActively updated
Current lab proofInsufficient
Best fitScam-prone Android user
What DFNDR gets right
  • Active June 2026 Google Play release
  • Installed-app and full file/SD-card scans
  • Checks newly installed apps
  • URL Checker / anti-phishing warnings
  • Optional identity breach monitoring
  • Free edition remains available
What limits the recommendation
  • No current product-specific lab result found
  • Last AV-TEST result is version 5.0 from 2017
  • Free app contains ads and frequent prompts
  • Powerful Accessibility permission is requested
  • Privacy policy includes advertising/analytics partners
  • Store copy and help disagree about removed anti-theft

DFNDR Security is still active on Google Play

The primary Android package is dfndr security: antivirus from PSafe, package ID `com.psafe.msuite`. Its Google Play listing was updated June 30, 2026. The release notes mention fewer crashes/ANRs, login and subscription changes, and URL Checker / Antiphishing coverage for 18+ content. That is current product activity, not an automatically refreshed marketing date.

The app is free to install, contains ads and offers in-app purchases. Google Play advertises a three-day trial for premium editions. The listing's current headline features are Full AV Scan, DFNDR Assistant, ID Theft Report and Quick Clean Up; it also describes real-time scam/fake-site warnings and privacy-risk scanning.

QuestionVerified answerMeaning
Is the Android app active?Yes; updated June 30, 2026Current maintenance is a genuine positive.
Free?Free with ads and IAPAd-Free, Pro and Ultra are optional subscriptions.
Current lab result?None foundDo not publish a 2026 detection percentage.
Latest AV-TEST result found?November 2017, version 5.0Useful history, not current efficacy proof.
Current anti-theft?PSafe help says removed on AndroidUse Google's Find Hub; ignore stale store wording.
Our current score?6.1/10, one editorActive useful bundle with evidence/privacy caveats.

We focus on Android because that is the verifiable current Google Play product and the independent test platform. PSafe help also refers to an iOS edition, but features, subscription transfer and security model differ. Do not use Android lab results to rate the iPhone app.

DFNDR adds useful layers, but cannot prove top-tier 2026 detection

DFNDR's best current case is broader than “scan for viruses.” Android already isolates apps and runs Play Protect. DFNDR adds a second vendor's app/file classification, newly installed app check, link/scam warnings, identity breach alerts, privacy/app tools and a guided assistant. That bundle can help someone who receives risky WhatsApp/SMS links, sideloads APKs or needs clearer prompts.

The missing piece is current external validation. A security app sees sensitive device state, requests special permissions and can influence which apps/links a user trusts. Active updates and a large install base show that the product is alive; they do not measure its miss rate, false positives, web protection or battery cost against current Android threats.

Our score therefore lands at 6.1/10: above obsolete or deceptive mobile products, below current lab-tested leaders. We would test DFNDR only after checking whether its anti-scam/identity value is worth ads, notifications, permissions and data processing for the specific user.

The perfect AV-TEST result is real—and from November 2017

AV-TEST evaluated dfndr security 5.0 on Android 6.0.1 in November 2017. It detected 100% of 3,436 latest Android malware samples in real time and 100% of 2,643 samples discovered during the previous four weeks. It earned 6/6 for Protection and 6/6 for Usability.

The usability result was also clean: no false warnings across 1,809 legitimate Google Play apps and 828 legitimate third-party-store apps. AV-TEST reported no excessive battery, normal-use slowdown or traffic problem under that test.

EvidenceResultHow to use it in 2026
AV-TEST Nov. 2017 real-time set100% of 3,436Strong historical engine result for v5.0.
AV-TEST Nov. 2017 four-week set100% of 2,643Strong historical result; not a current percentage.
AV-TEST false warnings0 of 1,809 Play + 0 of 828 third-party appsHistorical usability evidence.
AV-TEST current Android setsNo current DFNDR result foundCurrent protection/performance remain unverified.
AV-Comparatives Mobile 2025DFNDR not in ten tested productsNo result can be inferred from participants.

Nearly nine years separate that test from the current app. Android versions, permission limits, package formats, Play policies, phishing delivery, commercial stalkerware and the DFNDR feature set changed. Version 5.0's 100% is not “DFNDR detects 100% in 2026.”

AV-Comparatives' 2025 mobile report tested ten products on Android 15, including Avast, AVG, Avira, Bitdefender, ESET, G DATA, Google, Kaspersky, Norton and Securion. DFNDR was not included. Absence is not a fail; it means the report supplies no DFNDR score.

Android already provides a sandbox, Play Protect and Find Hub

Android is not an unprotected desktop waiting for an antivirus. The Android application sandbox gives each app a unique Linux user ID and normally isolates its process/data from other apps and the operating system. Permissions, SELinux, verified boot and monthly/OEM patches add layers.

Google Play Protect automatically scans installed apps, including sideloaded and enterprise-installed apps, performs periodic safety checks, and can warn/remove potentially harmful applications. Keep it enabled even if you install DFNDR; a second scanner should add visibility, not disable platform protection.

Google's Find Hub supplies the current lost-device path. It can locate supported devices through encrypted recent locations/the network and can secure or erase a lost phone when set up correctly. PSafe's own help says its Android Anti-Theft feature was removed because Google's function overlapped and caused conflict.

These built-in controls are not perfect. A user can grant Accessibility/admin permissions to a malicious app, install a zero-day, enter credentials on a convincing phishing page or use an unpatched handset. DFNDR's incremental value is link/scam guidance, identity monitoring and a second app/file opinion—not a replacement for Android updates and cautious permission decisions.

DFNDR can scan installed apps, files and an SD card

PSafe documents two manual scan paths. “Antivirus App Scan” checks installed applications; “Complete Antivirus” checks files on the phone and SD card. If the app identifies malware, the user can select “Fix problems” to remove the detected item or resolve the issue.

Automatic options include Anti-hacking protection, checking newly installed apps and Daily Phone Checkup. These are more useful than repeatedly tapping a generic “boost” button: new APK inspection and scheduled status checks map to real exposure moments.

Android security apps cannot inspect every other app's private sandbox as if they had root access. Detection uses package/APK metadata, accessible files, local/cloud reputation, URLs and allowed system signals. That is normal platform isolation. A clean scan means “nothing detected with this engine and access,” not proof that accounts or firmware are uncompromised.

If you sideload, keep the original APK URL/hash and run Play Protect as well. Do not install the same APK repeatedly after two security tools warn because a forum comment says it is safe. Verify the developer signature and distribution source.

Anti-hacking and URL Checker target the threat users actually face

Modern Android loss often starts with a link: fake delivery/payment pages, WhatsApp account-takeover prompts, banking overlays or credential forms. Google Play's June 2026 notes say DFNDR improved URL Checker / Antiphishing and added protection against 18+ content.

PSafe calls the layer Anti-hacking in its help. It needs Accessibility to observe relevant interactions and warn when the user clicks a malicious link. This can add value across apps where a browser-only safe-browsing list may not see the initial tap.

No filter recognizes every newly registered or compromised domain. Read the destination, use a password manager/passkey as a phishing signal, open payment/bank apps directly rather than through messages, and confirm urgent requests through another channel. A DFNDR warning is a reason to stop; no warning is not approval.

“Fake news” and 18+ filtering are content-classification features, not malware detection. They may be useful to a family but can make the interface noisier. Evaluate them separately from antivirus efficacy.

Accessibility can power link protection—and expands trust

Google Play explicitly says DFNDR uses Android's Accessibility permission to help users install apps safely and warn when they click malicious links. PSafe's troubleshooting guide says Anti-hacking needs the service to remain active and may also benefit from notification access/battery-optimization exceptions.

Accessibility services can observe UI content and perform actions depending on their declared/configured capabilities. That is why Android shows a prominent warning. It does not make DFNDR malware, but it makes the vendor, update channel and exact feature purpose part of the security boundary.

AccessDocumented purposeDecision check
AccessibilityInstall/link scam protectionEnable only for Anti-hacking; review after updates.
Notification accessKeep protection/alerts working; some account alertsIt can expose notification content; grant deliberately.
LocationOptional location/legacy anti-theft contextsAndroid Anti-Theft is removed; deny unless a current feature explains need.
Files/mediaComplete scan, cleanup and duplicate-file toolsPreview deletions; do not grant for link checking alone.
Email/accountIdentity Theft MonitoringRequires Ultra; use a monitored address you intend to submit.
Device admin (legacy)Old anti-theft/uninstall preventionDisable before uninstall if still enabled.

If Anti-hacking keeps disabling, do not blindly grant every special access. Check that the app came from Google Play, is current, and that an OEM battery manager—not another suspicious app—is stopping it. If the protection requires exceptions you are uncomfortable with, use browser/Play Protect controls or another current security app.

Identity Theft Monitoring is useful after a breach, not identity-theft prevention

DFNDR can monitor registered email addresses for known breach exposure, send real-time alerts and weekly status reports, and provide response guidance. PSafe's current help says the monitoring feature requires an Ultra subscription.

A breach hit means that an address or associated data appeared in a dataset known to the service. It does not prove that the phone has malware, and changing the email address alone does not fix reused credentials. Change the affected password from a clean device, make every site password unique, revoke active sessions and enable passkeys or strong MFA.

The service needs the email address being monitored. PSafe's privacy policy explicitly lists it for Identity Theft Report. Decide whether centralizing that address with another monitoring provider is worth the alerting benefit; many password managers, browsers and paid identity suites provide overlapping breach notices.

DFNDR cannot prevent a merchant from being breached or guarantee removal of data from criminal forums. The feature is monitoring and response assistance.

Anti-theft, VPN and several booster tools are no longer core DFNDR features

Current product reviews often copy old lists. PSafe's help provides the lifecycle corrections. Android Anti-Theft was removed in favor of Google's Find My Device (now Find Hub). DFNDR's VPN feature left the security app on June 10, 2022; PSafe directed users to a separate DFNDR VPN app.

Starting with version 10.3.0, Play Store policy changes reduced or affected Charge Booster, Memory Booster, Internet Booster, Game Booster, Battery Saver, CPU Cooler and Data Control. A current review should not sell these as a live “20+ feature” advantage.

FeatureCurrent statusUse instead / caveat
App and complete antivirus scansCurrent help documents themUseful, but current lab rate unknown.
URL Checker / Anti-hackingActively updated June 2026Needs Accessibility.
Identity monitoringCurrent; UltraMonitoring, not prevention/recovery insurance.
Android Anti-TheftRemovedConfigure Google Find Hub.
Built-in VPNRemoved June 2022Separate VPN product; do not count in plan.
Memory/CPU/battery/game boostersAffected/reduced from v10.3.0Android manages processes/thermal/battery state.

This does not mean the product is shrinking without reason. Removing redundant or policy-sensitive tools can reduce attack surface, battery work and misleading optimization claims. It does mean old screenshots, review tables and subscription descriptions must be ignored.

Cleanup and App Lock are conveniences, not malware proof

Quick Cleanup can identify cache, residual/temporary and navigation data. Duplicate-photo/video and WhatsApp-media tools can free space. Always review the selection before deletion; a security label does not make an automated file recommendation a backup.

Android's Storage settings and Files by Google/OEM tools already handle much of this. Clearing cache can temporarily slow apps or sign out sessions, and deleting media can remove the only local copy. Back up important photos/documents before bulk cleanup.

App Lock adds a PIN/pattern gate around selected apps. It helps against casual access when someone borrows an unlocked phone, but it is weaker than locking the entire device with a strong PIN and biometric convenience. If an attacker knows the device PIN or has a compromised/rooted environment, an overlay is not a secure enclave.

Notification Manager can hide alerts and has its own support article for accidentally suppressing desired notifications. Treat it cautiously: missing a bank, authenticator or account-security alert can be worse than notification clutter.

Free, Ad-Free, Pro and Ultra are sold inside the app

The free app uses advertising. PSafe's current help names Ad-Free, Pro and Ultra subscription choices. The Play listing advertises a three-day premium trial; identity monitoring help says that function requires Ultra. Paid tiers can remove ads and change notification controls/features.

We do not publish a fixed price. Google Play in-app pricing varies by country, currency, billing period, promotion and account. Open the plan screen on the device and record the exact first charge, renewal cadence, renewal price, trial end and included features before accepting.

A three-day trial is short. Set a calendar reminder before it ends, and verify the subscription in Google Play → Payments & subscriptions → Subscriptions. Do not rely on an in-app badge alone.

Paying does not solve the current lab-test gap. It removes advertising/adds features; it does not turn the 2017 result into a current detection measurement. Compare the live annual/monthly cost with lab-tested Android products and any multi-device suite you already own.

The free security model includes advertising and broad data processing

Google Play's developer-declared Data Safety section says the app may share device or other IDs with third parties and may collect location, personal information and four other data categories. It says data is encrypted in transit and deletion can be requested.

PSafe's June 12, 2025 Privacy Policy v3.0 describes technical data, usage, online identifiers, internet/network information, profile information, location/geolocation and inferences. It also describes advertising/analytics partners using SDKs or tracking technologies for measurement and ad targeting.

Feature-specific data includes email addresses for Identity Theft Report and optional location for anti-theft contexts. Wi-Fi Security can process network/device names, IP/inferred geolocation and connected-device information; the policy says that Wi-Fi feature information is stored locally for the function. Read the current in-app permission prompt because the Android Anti-Theft help says the feature is removed.

This is not evidence that DFNDR sells passwords or is malicious. It is evidence that “free security” has a data/advertising trade-off. Privacy-sensitive users should prefer a paid no-ad product with a narrower, product-specific telemetry explanation—or rely on platform controls if the extra service is not needed.

Notification pressure may matter more than scan speed

We found no current standardized DFNDR battery/performance result, so we do not invent one. The 2017 AV-TEST reported no excessive battery, slowdown or traffic, but the app, Android and test device have changed. Google Play's June 2026 notes specifically mention reduced crashes/ANRs and performance optimization, showing that stability remains active work.

PSafe calls many free-edition notifications security/performance reminders. Its help says Premium users can disable or customize notification types, implying less control for free users. Frequent alerts can train users to dismiss a real warning.

After installation, check Settings → Battery → app usage over several days; observe background data, wake time, scan duration and notification value. Do not disable Android battery management globally unless Anti-hacking genuinely stops and you accept the cost. Re-evaluate after every major update.

Remove dashboard/floating/notification-bar shortcuts you do not use. An always-visible “assistant” is not protection by itself.

Set up DFNDR with the minimum permissions your features need

  1. Install only the PSafe package from Google Play and confirm `com.psafe.msuite` / developer details.
  2. Update Android, Google Play system components and every app first; enable Play Protect.
  3. Run the initial installed-app scan. Grant file/media access only if you intend to run Complete Antivirus or cleanup.
  4. Enable newly installed app checks and Daily Phone Checkup if you want the second-opinion layer.
  5. Grant Accessibility only if you want Anti-hacking/URL warnings and the prompt describes that purpose.
  6. Deny location/device admin unless a current, needed feature can justify it; use Google Find Hub for loss/theft.
  7. Review notification categories, ads/personalization/privacy choices and subscription terms.
  8. Test a known-safe app install/link workflow; never test live malware on a personal phone.

A child/relative's phone needs education as much as configuration: do not install “updates” from messages, do not share screen/remote-control access with unsolicited support, and do not transfer money after an urgent chat request without a voice confirmation.

If DFNDR finds malware, preserve evidence before tapping everything

For an untrusted installed APK, note the app name/package/source and take a screenshot of the detection. Remove device-admin/Accessibility privileges from the suspect app if necessary, uninstall it, update Android/Play services and run both DFNDR and Play Protect again.

If you entered a password or card data into a malicious page, removing an app is not enough. From a known-clean device, change affected credentials, revoke sessions, contact the bank/payment provider and enable strong MFA/passkeys. Check email forwarding rules, messaging linked devices and account recovery methods.

For persistent pop-ups, Accessibility abuse, unknown admin apps, rooted-device warnings or repeated reinstallations, back up only essential documents/photos, preserve authentication recovery codes, then consider a factory reset and clean reinstall. Do not restore the suspicious APK or a full backup that recreates the problem.

A false positive should be verified with publisher/signature/source and submitted to PSafe support. Do not upload confidential APKs or company software to public multi-scanners without authorization.

Uninstalling DFNDR does not cancel its Google Play subscription

Google's current subscription guidance is explicit: uninstalling an app does not cancel billing. Open Google Play → profile → Payments & subscriptions → Subscriptions → DFNDR → Cancel subscription. You normally retain paid access until the current period ends.

If an old DFNDR installation enabled Device Administrator, PSafe says to disable it under Android Security/Device Admin Apps before uninstalling. Then use Settings → Apps → DFNDR → Uninstall. On current Android, also review Accessibility, notification access, VPN/device-admin and Files/media permissions for remnants.

Google says purchases within 48 hours may be eligible for a refund depending on details; after 48 hours, contact the developer, subject to policy and law. Keep the Google Play receipt and cancellation confirmation.

After removal, confirm Play Protect is on, Google Find Hub is configured, and no essential app was left unprotected by an accidentally disabled platform setting.

Millions of reviews show reach, not a current malware score

Google Play displays a large install/review footprint and a high average rating. Those signals help answer whether the product is widely used and supported. They cannot establish detection rate: reviews mix scanner, cleanup, ads, billing, phone performance and support experiences across versions and countries.

Current community discussions about Android antivirus split between “Play Protect is enough” and “sideloading/scam exposure justifies another layer.” Both can be rational. A patched Pixel that only uses Google Play differs from an old handset receiving APKs through social media.

We use community reports to prioritize notification, billing, battery and permission questions. We do not copy named quotes, infer prevalence from one complaint or put the Play rating into our schema. Our 6.1 is one editorial judgment based on current product state and evidence coverage.

Who should use DFNDR Security?

ScenarioRecommendationWhy
Updated phone, Play Store only, careful userOptionalPlay Protect/sandbox cover basics; extra alerts may add clutter.
Frequent WhatsApp/SMS scam linksWorth testingURL/Anti-hacking layer targets the exposure.
Regular APK sideloadingHelpful second opinion, not permission to trust APKsNew-app scans add a layer; current detection rate unknown.
Privacy-sensitive userPrefer a no-ad alternativeBroad ad/analytics data model and special permissions.
User wanting phone recoveryUse Google Find HubPSafe says Android Anti-Theft was removed.
Business/regulated deviceUse managed mobile securityNeeds admin policy, support, telemetry and current validation.

Current lab-tested Android alternatives are easier to validate

Start with our Android antivirus guide and verify each product's current test/version before installing. Bitdefender offers a focused mobile security app with recent lab participation and a quieter paid model. Norton can make sense when its Android protection is already included in a multi-device plan.

ESET provides Android anti-phishing, application/security tools and more configurable protection with current mobile testing. Avast, AVG and Avira have free/ad-supported trade-offs but appeared in AV-Comparatives' 2025 mobile report.

For a low-risk current Android user, Play Protect + browser safe browsing + Google Find Hub + prompt OS/app updates may be the best minimal setup. Add a third-party app only when its link, identity, privacy or family features solve a real gap.

Frequently asked questions

Is DFNDR Security safe to use in 2026?

DFNDR is a legitimate, actively maintained PSafe app on Google Play, updated June 30, 2026. It can be safe when installed from the official listing and granted only needed permissions. Our caution is evidence/privacy based: no current product-specific lab result was found, and the free app uses ads, analytics and powerful Accessibility access for link protection.

Does DFNDR Security detect 100% of Android malware?

No current 100% claim is justified. AV-TEST measured 100% in two sets for dfndr security 5.0 in November 2017, with 6/6 Protection and Usability. That excellent historical test is nearly nine years old and cannot be transferred to the current app or modern Android threats.

Is DFNDR Security free?

Yes, the Android app can be used free with advertising and in-app purchases. PSafe also lists Ad-Free, Pro and Ultra subscriptions, and Google Play advertises a three-day premium trial. Prices vary by country, billing period and promotion, so read the live plan screen and renewal terms.

Why does DFNDR need Accessibility permission?

Google Play says DFNDR uses Accessibility to help users install apps safely and warn when they click malicious links; PSafe calls this Anti-hacking. Accessibility is powerful, so enable it only for that feature, install from Google Play, review the permission after updates and remove it if you stop using link protection.

Does DFNDR still include anti-theft and a VPN?

Not as old reviews describe. PSafe's current help says Android Anti-Theft was removed in favor of Google's Find My Device/Find Hub. The VPN was removed from DFNDR Security on June 10, 2022 and moved to a separate app. Do not buy a plan based on stale feature tables.

Do I need DFNDR if Google Play Protect is enabled?

Not necessarily. Play Protect scans installed and sideloaded apps, while Android sandboxes apps. DFNDR adds a second scanner plus scam-link, identity and cleanup tools. It is most useful when those extras match your exposure; it does not replace Android updates, Play Protect or careful permission choices.

How do I cancel a DFNDR subscription?

Open Google Play, select your profile, Payments & subscriptions, Subscriptions, DFNDR and Cancel. Uninstalling the app does not stop billing. Keep the confirmation; refund eligibility depends on timing, purchase details, Google Play policy, developer terms and applicable law.

How do I completely uninstall DFNDR Security?

Cancel any subscription separately. If an old install uses Device Administrator, disable it first; remove DFNDR from Accessibility and special access, then uninstall from Android Settings → Apps. Restart if needed and confirm Play Protect and Google Find Hub remain enabled.

Final verdict: useful Android extras, weak current verification

DFNDR deserves credit for being active, clear about its Accessibility purpose on Google Play and focused on current scam/identity problems rather than only a manual virus button. App/file scans, new-install checks and breach alerts can help a higher-risk Android user.

Its evidence deficit prevents a stronger recommendation. The perfect AV-TEST result belongs to version 5.0 in November 2017; DFNDR is not in AV-Comparatives' 2025 tested set. Meanwhile the free business model asks users to accept ads, notification pressure, broad privacy terms and special access. Current help also has to correct stale store/review claims about anti-theft, VPN and boosters.

Our editorial score is 6.1/10. Test the free app only if URL/identity tools solve a real problem and review every permission. For the simplest defensible setup, keep Play Protect/Find Hub active and choose a currently lab-tested mobile product—or no extra antivirus on a low-risk, fully updated phone.

Remove All
Choose one more item to compare.