How to Remove Upgradesys from Android Devices
Upgradesys and Adups Belong to the Same Company
Android users need to listen up. There is a new suspicious application that should not be ignored, and it is known by the name “Upgradesys.” This strange application is not a regular app that can be removed or even disabled, and that is because it comes pre-installed on devices. It was discovered that the app comes from the same China-based company that stood behind Adups, another suspicious app that was found to work in a malicious manner. The package name of this app was “com.adups.fota,” and a backdoor was found to be hidden within it. The backdoor was used to collect serial numbers, phone numbers, SMS messages, phone hardware data, and other sensitive information. It was reported by Kryptowire that 700 million devices worldwide were affected by this malware. Adups app came into the spotlight back in 2016, and although the company fixed the issue and eliminated the backdoor, it was recently found that a different app by the same company was overlooked. The good news is that we finally have information about it. The bad news is that removing Upgradesys might be impossible.
Where Does Upgradesys Come From?
Just like Adups, Upgradesys is a pre-installed app, which means that users purchase mobile devices with this potentially unwanted application (PUA) already installed. The infamous Adups was believed to come packaged with low-budget devices mostly sold on the Internet. However, Nathan Collier at Malwarebytes informs that Upgradesys has been found to be pre-installed on devices sold by legitimate carriers in UK and other countries too. The package names of the suspicious Android app are “com.adups.fota.sysoper” and “com.fw.upgrade.sysoper,” and the file of the app is “FWUpgradeProvider.apk”. The user of a device carrying this PUA is unlikely to notice these components unless they are looking for them specifically or if an anti-virus tool detects and warns about them. Since this app appears to be classified as a threat, naturally, many users believe it to be an alien app that forced its way into the system. That is not the case, and, what is most disconcerting, disabling the app is not possible either. While pre-installed apps cannot be deleted, normally, they can be disabled. That is not the case with Upgradesys, as the “Disable” button appears to be invalid.
Is Upgradesys Dangerous and Should You Delete It?
This suspicious application is classified as a PUA because it does not exactly work as a malicious threat; at least, not at the moment. It was discovered that this app has the privileges to install and update apps, but, at the moment, there is no further information regarding malware being installed or updated by it. All in all, it appears that the app could be used to install something without the user’s knowledge, which is why ignoring it is not recommended. That being said, at the moment, it is not the kind of PUA that is classified as a critical threat. Of course, it is monitored by malware researchers closely, and if you use a reliable anti-virus tool, you will be informed if any threats invade your operating system. Unfortunately, at the moment, monitoring Upgradesys closely is about the only thing that can be done. Hopefully, the creator of the questionable app will fix the issue themselves just like they did with Adups.
How to Delete Upgradesys
Unfortunately, you cannot delete or even disable Upgradesys. It appears that you would have to root your devices to get rid of this application, but that is risky business, and you could easily create more problems. There is a tool called “Debloater” that might help you get rid of the PUA, but some victims report that this does not work for them. As discussed in the report, for now, it is best to just monitor the PUA with the help of a reputable mobile security tool. We will keep researching this strange app as well, and if anything new is discovered, we will update the report as soon as possible. If you have further questions about the removal of Upgradesys or the app itself, use the comments section below.
Collier, N. December 18, 2017. Mobile Menace Monday: upping the ante on Adups. Malwarebytes Labs.
Kryptowire. November 15, 2016. KRYPTOWIRE DISCOVERS MOBILE PHONE FIRMWARE THAT TRANSMITTED PERSONALLY IDENTIFIABLE INFORMATION (PII) WITHOUT USER CONSENT OR DISCLOSURE. Kryptowire, LLC.