In the recent past, we witnessed quite a few acts of OEMs messing with devices to achieve various goals, such as increasing benchmark results. We also heard about manufacturers and carriers adding tracing software to their devices, in order to collect data about how the device performs, statistics about voice and data connectivity between the device and radio towers, or even battery runtime data (CarrierIQ are you listening?). Today, however, reports are coming in that users of certain devices by Indian phone manufacturer Micromax noticed apps being silently installed without their consent or permission.
It appears that even uninstalling these apps won’t help, as shortly after, they will simply re-appear again. Obviously, this is wrong on so many levels, but I’d like to point out a few key problems here anyway:
While these practices already sound terribly wrong on their own, it unfortunately doesn’t end there. In addition to downloading apps, these device also seem to display ads in the notification bar from time to time. A reddit user reports that 8-10 ads are displayed at once and upon looking up the responsible app for these disturbing notifications, he was presented with a system app called “Software Update”.
So at this point, it certainly sounds like Micromax added custom software that remotely installs apps and pushes ads to users’ devices. But we wouldn’t be here at XDA Developers if we stopped at assuming things and simply telling you about the story of someone claiming things on the internet. Thus, we decided to tear down said app and have a look at what’s inside.
When starting to tear down the application (which is actually called FWUpgrade.apk on your filesystem), the first thing you notice is that it’s a third-party application. A Chinese company named Adups developed it as a replacement for the stock Google OTA service. Apparently, Micromax decided to use it instead of the stock one. The first hurdle you need to take for further analysis is the byte code level obfuscation, and most of the sources are really not a pleasure to read. However, if you know what you’re looking for, the app can’t hide its true nature. The evidence presented here starts out with a bit of code that shows you the potential abilities of this app and closes off with something even more interesting.
Let’s start with the silently installed apps. To do this from within another app, you either need to use the Android PackageManager API directly, or issue the installation commands from a shell. The second case is true here, as the following pieces of code show (note: this is simplified java code, the actual code looks a bit different due to the obfuscation):
StringBuilder sb = new StringBuilder(“pm install -r “);
String cmd = sb.toString();
Here you can see a newly created StringBuilder containing the command pm install, followed by s2, which in this case is a string variable containing a file system path to a downloaded apk file. The finished string then gets passed to a new method doing something like this:
ProcessBuilder processbuilder = new ProcessBuilder(cmd);
Process process = processbuilder.start();
Here you can see that the string with the shell command is used to start-up a process which executes said command and in fact silently installs the apk file. At this point we can be fairly certain that the OTA check service in Micromax ROMs can not only download and flash system OTAs but also has the ability to silently install apps. This in itself doesn’t mean too much as it’s not necessarily a bad thing, but there’s more to come.
Inside the app I found a few references to the company’s website, including one that has an extensive feature list. Shall we have a look at the most interesting part?
There you have it, in the company’s own words. App push service. Device Data Mining. Mobile advertising. That matches pretty nicely the initial report on reddit, don’t you think? So, the bad guy here is in fact Micromax since these are official features of the app by Adups, and it’s more than likely that Micromax is getting revenue from the forced app installs and notification ads. They also chose to go with this provider and not use their own servers together with Google’s stock OTA service, so they were fully aware of what impact this would have on their users.
So now that we know that these unfortunate reports were true, let’s talk about how to get rid of this “functionality”. The first step of disabling said features, would be to head to the devices’ app settings to disable the rogue system app. However, this is not possible in this case, as Android allows OEMs to deactivate the disable button for certain apps. But do not fear, we have a solution readily available and will tell you how to disable the malicious code.
The first and most important step is to root your device. A rooted device allows you to do much more than your stock phone would allow, and is a critical step in all system modifications. Since there are quite a few different Micromax devices out there, I won’t link to any specific root exploits in this article. Instead, head over to XDA:India and search for a root exploit or guide for your device. Make sure to read everything thoroughly and follow the instructions precisely to not damage your device in the process. Also note that this will most likely void your warranty.
In order to continue, you’ll need to have a working ADB connection to your device. There are many guides on XDA that detail how to achieve exactly this, but for starters, here is a fairly up-to-date guide on how to download the necessary binaries and how to establish a connection to your device.
Now that you have gained root access and ADB is up and running, you can continue with disabling the dreaded application responsible for the silent installs and unwanted ads. All you need to do now is to fire up a command prompt, make sure the prompt is at the directory of your ADB binary, and execute the following command:
adb shell pm disable com.adups.fota
You can read more about the usage of this command in this tutorial about disabling apps with root access. Please be aware that this process will remove the ability for your device to search for software updates and might generate an error when trying to open the Phone update section in the settings. In case you need the app back (for example when a new update is ready) you can easily enable it again with this command:
adb shell pm enable com.adups.fota
It’s unfortunate to have learned that Micromax is indeed responsible for the unwanted app installs. We hope that the above tutorial on disabling the shady application will save you some headache on dealing with random apps and ads. Obviously, all of this won’t stop Micromax from continuing these shady practices, but maybe you will consider another OEM for your next device purchase.