Micromax revealed to be remotely installing bloatware

By JC Torres/Jan. 15, 2015 7:10 am EST

Smartphone users are no strangers to bloatware, unwanted software installed by manufacturers or carriers on devices, be they laptops, tablets, or, most especially, smartphones. While some have resigned themselves to these as a fact of life, it seems that in other places, they have become more than just a simple nuisance. Indian OEM Micromax has been reported to not only install bloatware, it also installs these remotely without the user's knowledge nor consent, making this particular implementation border on being malware.

Acting on the initial report on Reddit, XDA dug deeper on the supposed bloatware incursion in some of Micromax's smartphones, and the results are pretty shocking almost to the point of disbelief. Micromax has apparently replaced the default Android firmware OTA upgrader with a custom app that moonlights as a bloatware installer in the background. Not only that, it also pops up almost a dozen ads from time to time. Aside from the potential security risk and nuisance, this particular implementation also eats up storage space as well as mobile data bandwidth, two things that are at a premium in that particular market.

The method used to install these bloatware is pretty worrying. For an app, such as this third party FOTA upgrader, to be able to install another app, it must either use Android's package management or use the command line. Since the package manager method would alert users to such activity, the software uses the command line instead. This, however, presents security and privacy risks. Micromax has practically left a backdoor open for the sake of profits and data mining.

The software is provided by a Chinese company called Adups, but it certainly isn't the only one in this line of work. Last month, we reported on a similar product from Digital Turbine that seeks to give carriers the same advantage of deploying bloatware with an equally frightening disregard for the user's security. One subtle difference is that Adups' software replaces a core part of the Android OS, probably to block users from disabling the "feature". Yes, there is a way out of this mess, but it does require rooting your Micromax device and being left out of firmware updates.

Micromax is becoming a rising star in the mobile market, especially with somewhat of an endorsement by Google when it was chosen to be one of three to first bear Android One. Its popularity, however, isn't exactly spotless. Recently, it has been, and still is, embroiled in a dispute against OnePlus over the right to distribute Cyanogen devices in India. And now, this revelation could very well shed more negative light on the OEM. But as they say in show biz, bad publicity is still publicity. One can only hope Micromax doesn't continue to rely on that to boost its name.

SOURCE: XDA