Is Micromax Stealing Your Data?

Pin It

Who remembers the past allegations against Xiaomi for sending device data back to China? I’m sure quite a few of you do. But this time it’s not the Chinese. It’s an Indian company. Infact a well known Indian company who might be stealing our data and doing other intrusive things to our smartphones. It’s Micromax. And the allegations against them are quite serious. Let’s have a look at them, shall we(with help from XDA)?

Edit: They took down their website but they put up a new one and this is even more damning. New Website appended with links and photograph.


The several complaints are listed below:

  • Remotely installing apps without the users permission
  • Filling up the already crammed internal memory with more bloatware app
  • Downloading apps using the cellular data network and using up expensive cellular data
  • Pushing up to 8 to 10 notifications in the notification bar.A reddit user reports that looking up the responsible app for these disturbing notifications, he was presented with a system app called “Software Update”.

Now these sound absolutely horrible, don’t they? Thus, we decided to tear down said app and have a look at what’s inside. Onwards with our investigation.

APK Teardown

FWUpgrade.apk. Yes this is the name of the app. This app has been developed by Adups. Micromax uses this app instead of the stock Google Update. Fishy eh? Well it gets better from here.

This app has been silently installing apps according to the allegations. To do this from within another app, you either need to use the Android PackageManager API directly, or issue the installation commands from a shell. The second case is true here, as the following pieces of code show (note: this is simplified java code, the actual code looks a bit different due to the various efforts at hiding the true cause by obstrufication )

StringBuilder sb = new StringBuilder(“pm install -r “);
String cmd = sb.toString();

Here you can see a newly created StringBuilder intent containing the command pm install, followed by s2, which is a string variable containing a file system path to a downloaded apk file. The finished string then gets passed to a new method doing something like this:

ProcessBuilder processbuilder = new ProcessBuilder(cmd);
Process process = processbuilder.start();

Here a shell command is used to start-up a process which opens up the string command intent that can silently installs the apk file. Now from this we can fairly ascertain that the OTA service from Micromax can install apks silently and without user consent.

Digging further in we find references to this website(linked below). Shall we have a look at their feature set? Click on this link to see them for yourself (They took this website down but we dug around even more)


These are their features and I quote “App push service. Device Data Mining. Mobile advertising.” That seems to coincide with the initial report on reddit. These are official features of the app by Adups, and it’s more than likely that Micromax is getting revenue from the forced app installs and notification ads. What is interesting to note is the fact that Micromax presumably knew this, and just to get some more money choose to bundle this app instead of the original one from Google. So it would seem Micromax intentionally put their users at risk

Edit: This is their new site.


The Temporary Solution

So how do we stop this alleged takeover of our device by Micromax. After all our privacy and our data plans are at stake.

Step 1

Root your device. Our website has an extensive guide for Micromax devices from where you can choose and root your device. This is important because disabling this app doesn’t work as it will auto start (system apps can do that)

Step 2

Next up, you will have to install ADB. Read how to in this link.

Step 3

Get ADB set up and execute the following command:

adb shell pm disable com.adups.fota

You can read more about the usage of this command in this tutorial about disabling apps with root access.  In case you need the app back (for example when a new update is ready) you can easily enable it again with this command:

adb shell pm enable com.adups.fota


This is indeed a very unfortunate situation where we seem to find ourselves at this point of time. It seems that the one doing the spying is not really Xiaomi but the so called “indian company” Micromax. I’m sure you people have plenty to say. Please feel free to voice off in the comments below

Subscribe To Get Latest Rooting Guides

Subscribe us to get all latest rooting guides and custom ROMs directly in your inbox.

Android VPN


  1. Aditya Thakker says

    I think it is Wrong to say that “Micromax steals you Data” or it can install things without permission. This is done by all the company’s. Have you ever updated you Google Play Store or Samsung Apps or Micromax’s In-Built App. The service you mentioned earlier in this post are for such purposes. For those apps which are not available from store. They are only made available from/by the Company.

    Samsung has it’s own Apps Store. This App Store is used update other things or other Samsung Apps. Then tell me, who will update the App Store itself, if there is bug or new Feature. There has to be a third party installer which can update an system app directly by the company.

    This, doesn’t mean that Samsung is accessing “MY DATA”.
    This is mean’t to be how it should be.

    Aditya Thakker

  2. Raj says

    I’ve Micromax Unite 2, and I did face this problem regarding “Software Update”, initially it loaded up snapdeal and amazon apps even within the low storage! So, I rooted using KingTools and uninstalled it! Although till now, no tension as it’s seems to be having least chances of getting an update! But if it gets an update, can you tell me what should I do?

    Can I use the Google’s official one? If yes, then how to do it?

    • Amartya says

      If you get an update, you can use the MTK flash tool to flash the new ROM.
      Unfortunately no you cannot use Google’s official update with this device.

Leave a Reply

Your email address will not be published. Required fields are marked *

CommentLuv badge