«

»

Jan 15

Micromax accused of remotely installing unwanted apps, showing ads in notification bar

Micromax has been part of a lot of controversial conversations as of late, namely due to their role in the public fallout between CyanogenMod and OnePlus. But they’re less of an innocent bystander and more the accused instigator in these latest shenanigans: the company is reportedly remotely installing applications on users’ phones.

The revelation was first brought to light by Reddit user Redddc25, who’d found that his entry-level Micromax Canvas Fire (model number A093) has suddenly been loaded up with applications he didn’t install. Being that the device has very little internal storage — just 4GB — he quickly uninstalled them to save precious room.

micromax logo

And then they reappeared. Out of nowhere, apparently. Why? According to XDA, it’s due to a third-party OTA update service Micromax favors over the traditional route Google handles. The service’s app has code that makes it possible to automatically download and install applications without the user’s consent. Simply uninstalling them won’t help as, like we said above, they reappear after a short time.

To call this bloatware would be a bit of a long shot, while calling it spyware is borderline accurate. The difference between the two is that, in most cases in recent years, bloatware is typically pre-installed on the device and can either be disabled or completely uninstalled. We’ve always had a problem with bloatware, but it’s not shady — at least most companies are upfront about it.

But when you begin to abuse your power to influence a user’s device is when we begin to throw up the red flags. If a user is given the ability to uninstall an app, and they exercise their right to utilize that ability, they shouldn’t have to hear anymore of it. It should be gone, for good.

To make matters worse, the service doesn’t only install unwanted applications — it even litters your notification tray up with advertisements. You don’t begin to realize just how slimy it is until you hear the best part: the code reveals the website of the company who makes this OTA service, and they actually acknowledge the following “features”:

adups_evidence

That list is about as scary as any bit of Android malware we’ve ever heard of (especially that whole “device data mining” part). There’s nothing that says for sure Micromax knows what’s going on with this service, but the general feeling so far by everyone who has an opinion to voice is that they do.

We’ll want to get their side of the story before taking that as gospel, but in the meantime XDA has provided a quick tutorial for Micromax owners to disable this functionality the only way they can (as it’s baked into a system app which can’t be disabled or uninstalled without root):

  1. Root your device. Google should help you find some appropriate root guides for your specific device.
  2. Download and install ADB. You’ll need this to issue a command. Here’s an easy ADB toolkit you can use to accomplish this.
  3. Issue the following command:

adb shell pm disable com.adups.fota

What this does is disable the OTA app from working, which should effectively stop those rogue app installations dead in their tracks. The downside is that this also hinders your ability to receive OTA updates, but it can easily be re-enabled with a similar command:

adb shell pm enable com.adups.fota

And that’s what you’re going to have to do until Micromax hopefully eradicates this issue and does away with this awfulness. Other OEMs, feel free to take note: this is not how you treat a device once it’s in the hands of your users.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>