Micromax Accused of Covertly Installing Third Party Apps
Smartphone OEMs have long been criticized for placing bloatware on their handsets. But those set of applications are typically shipped with the handset and do not get installed after you have purchased the device. Indian smartphone manufacturer Micromax, however, is now being accused of covertly installing third party apps on users’ handsets. A reddit user Redddc25 has revealed that his entry level handset Canvas Fire (model number A093) was suddenly loaded with applications he didn’t install.
The user notes that he deleted all the new apps, only to find them back in the phone a few hours later. A blog post on XDA offers some explanation. A user named Diamondback has mentioned that the handset uses third-party OTA update service over the traditional Google service. The said service — as seen in its code — ostensibly enables the phone to redownload the apps without the user’s consent.
Shipping handsets with bloatware on them is one thing, and remotely installing anything without users’ consent is whole another. The company isn’t even providing users the ability to disable or uninstall these apps as they crop up back later.
If that wasn’t enough, as the user notes, the third-party service is also pushing ads to the notification tray. The third-party service in question advertises this as a “feature”. They also offer “device data mining,” “unique package checking,” and “mobile advertising.”
This is a violation of user’s privacy and a security threat. The app could be tapping conversation, snooping on phone’s logs, and other sensitive data. Last month, a security firm had revealed that select handsets from Karbonn Mobiles, Xolo, and Gionee were shipping with malware pre-installed on them.
The problem arises when handset vendors outsource the software to external parties and hence don’t have much control over what goes on in the background.
“We have asked the product team to check into this. Will share an update as soon as the team has checked the reports, and we have an official statement to share on the same,” Micromax’s PR team wrote in a statement to BGR India.
In the meantime, the good folks at XDA have put up a small and handy tutorial to get rid of this malware.
Root your device. If you’re not sure about the right tools, and don’t know how to root a phone, look for it here.
Download and install ADB.
Execute the following command: “adb shell pm disable com.adups.fota” (without the quotes.)
Do note that by doing this, you will also stop receiving updates, and perhaps not be able to download any apps from the Play Store.