AI+ Phone Under the Microscope: Is India's 'Sovereign' Smartphone Secretly Sending Data Abroad?
A phone marketed as India's privacy champion has triggered investigations, court battles, and alarming questions. We examine the evidence — and what is still missing.
- AI+ launched in July 2025 as India's first "fully sovereign smartphone" — and immediately sparked controversy.
- Reviewers found pre-installed Chinese-built apps with renamed package names designed to appear native.
- The privacy policy of a bundled app explicitly names China-based Sprocomm Technologies as a service provider.
- Hardware appears sourced from Chinese ODMs; the Nova Flip shares specs with a ZTE model.
- AI+ secured a Delhi High Court injunction blocking critical YouTube videos — escalating a product dispute into a free-speech debate.
- No verified technical evidence currently exists that user data is routed to Pakistan-Occupied Kashmir (PoK).
Why This Controversy Matters
India is the world's second-largest smartphone market, home to more than 700 million mobile users. For years, the conversation has been dominated by Chinese brands — Xiaomi, Vivo, Oppo — raising persistent concerns about data sovereignty in a country locked in an ongoing geopolitical tension with Beijing.
Into that atmosphere stepped AI+, a startup promising something different: a genuinely Indian phone with data stored on Indian servers, built without the ties to Chinese infrastructure that have made consumers and policymakers uneasy. The pitch resonated. National pride, privacy, and affordability are a potent combination.
Then the reviews started arriving. And the story cracked open.
What followed has become one of the most watched technology controversies in India's recent history — combining questions about Chinese software, hardware origins, misleading marketing, and a dramatic legal offensive against critics. This investigation examines the claims, weighs the evidence, and clearly separates what is verified from what remains unproven.
Background: What Is AI+?
- Full legal name
- NxtQuantum Shift Technologies India Pvt. Ltd.
- Founded / Launch
- July 2025
- Founder & CEO
- Madhav Sheth (ex-CEO, Realme India)
- Operating system
- NxtQuantum OS (Android-based)
- Manufacturing claim
- United Telelinks facility, Noida, India
- Cloud infrastructure claim
- MeitY-approved Google Cloud India regions
- Core positioning
- "India's first fully sovereign smartphone"
- Key devices
- AI+ Pulse, Pulse 2, Nova Flip
AI+ was launched by Madhav Sheth, a recognisable face in Indian smartphone retail after co-founding Realme India in 2018. The brand's central promise was data sovereignty — the idea that not a single byte of Indian user data would leave the country's borders. Advertising went so far as to use cartoon depictions of data threats from Chinese entities, positioning AI+ as the safe, patriotic alternative.
The operating system, NxtQuantum OS, is based on Android's open-source core. Devices were promoted as engineered and manufactured in India, with cloud services running on Google Cloud infrastructure within Indian data centre regions — a setup the company says meets MeitY (Ministry of Electronics and Information Technology) guidelines.
The Allegations: What Critics Are Claiming
The controversy ignited in stages. Indian tech reviewers were first to raise questions, followed by a landmark investigation by Arun Maini — better known globally as Mrwhosetheboss — whose video "I Investigated India's Biggest Smartphone Controversy" brought the story to an international audience.
Allegation 1 — Chinese Software Pre-Installed and Concealed
Reviewer Gyan Therapy was among the first to audit AI+ devices and uncovered three pre-installed applications that could not be removed by ordinary users: Clean Assistant, Phone Clone, and Mobile Butler. An Android researcher who examined the extracted application files concluded the apps were built in China and had been given new package names designed to make them appear as native components of NxtQuantum OS.
More critically, the embedded privacy policy of the Phone Clone app explicitly names Sprocomm Technologies — a China-based company — as the direct service provider, and states that it may collect personal information provided directly, automatically, or from third-party sources.
Allegation 2 — Hardware from Chinese ODMs
Hardware comparisons carried out by Mrwhosetheboss and channel TechBar found striking similarities between AI+ devices and existing Chinese smartphone models. The AI+ Nova Flip was found to share an identical battery capacity, processor, and camera specifications with a ZTE-linked device. AI+ wearables were similarly compared to products by a Chinese company called AI Power, whose branding bore a notable resemblance to the AI+ logo.
Sourcing hardware from Original Design Manufacturers (ODMs) — including Chinese ones — is common across the global smartphone industry. The specific concern here is that AI+ did not disclose this, while simultaneously running marketing built around the claim of Indian engineering.
Allegation 3 — Data Routing to PoK
Allegation 4 — Privacy Policy Contradictions
Independent analysis of AI+'s own published privacy policy surfaced language that sat uneasily beside its messaging. At one point, the policy stated that users consented to being contacted by third parties such as credit bureaus through SMS, messaging apps, calls, and email — and an archived version reportedly referenced personal loans. This language echoed the very kind of data-harvesting AI+'s own advertisements had used to warn consumers about Chinese phones.
Technical Investigation: What the Data Shows
App-Level Analysis
The most technically grounded findings in the public record come from two sources: Gyan Therapy's initial software audit and TechWiser's ADB (Android Debug Bridge) analysis, in which reviewer Pratik Rai connected an AI+ Pulse 2 to a laptop and ran developer-mode commands to inspect running processes invisible to ordinary users.
ADB testing found Chinese-origin application code present in the system. The package renaming technique used — replacing Chinese developer identifiers with names suggesting Indian origin — is a known obfuscation method, but it does not by itself prove live data exfiltration. It does, however, directly contradict the brand's claim that its software stack is Indian-built.
Privacy Policy Analysis
AI+'s own privacy policy is a public document, and its contents were widely cited during the controversy. The specific passage naming Sprocomm Technologies as a service provider within Phone Clone's embedded policy represents the strongest documented link to China-based data handling — because it is the company's own disclosure, not an external allegation.
DNS Records, Server Locations, CDN Infrastructure
No independent published network traffic analysis from a verified cybersecurity researcher or CERT has, at the time of this writing, documented AI+ device traffic being routed to servers outside India — including to China or PoK. The company maintains that user data is stored within Google Cloud India regions. Until a credible independent audit contradicts this with captured packet data, this claim remains neither verified nor refuted by external evidence.
Hardware Identifiers (IMEI / ODM Tracing)
Hardware identifier comparisons carried out by reviewers identified shared specifications between AI+ devices and Chinese ODM products. The Nova Flip's battery, processor, and camera configuration matched a known ZTE-family device. This does not mean the final phones are identical — ODMs routinely supply the same chipsets and components to multiple brands — but it directly undermines claims of in-house Indian engineering.
What Cybersecurity Experts Say
"Renaming package names to conceal Chinese origins is a straightforward obfuscation technique. It does not by itself prove data is leaving India — but it destroys the credibility of a company claiming transparent Indian engineering." — Android Researcher cited in Mrwhosetheboss investigation, 2026
Digital privacy researchers have consistently made two distinct observations about the AI+ case. The first is that the presence of Chinese-built software, even with renamed packages, raises legitimate questions about data handling that cannot be dismissed without independent auditing. The second is that the absence of published network forensics means the most alarming allegations — data actually leaving India for China or PoK — remain unverified speculation.
Privacy advocates have also noted that AI+'s privacy policy language around credit bureaus and third-party contact is more permissive than most users would expect from a self-described privacy-first device. Whether such clauses are ever enforced is a separate question from whether they should appear in a sovereign privacy product's legal documentation.
The broader expert consensus is that any privacy claim on a consumer device should be verifiable through independent technical audit — not just corporate assurance. AI+ has not published, nor invited, such an independent audit as of this writing.
Official Company Response
AI+ CEO Madhav Sheth engaged directly with Mrwhosetheboss in two video calls documented in the investigator's report. Sheth's key responses to the main allegations were:
- On Chinese apps: Sheth claimed that devices containing the Chinese-linked apps (Phone Clone, Clean Assistant) were pre-production or test units, not final retail devices available to consumers.
- On manufacturing: Sheth maintained that devices are assembled at the United Telelinks facility in Noida, and defended the use of international component suppliers as standard industry practice.
- On data sovereignty: The company reiterated that user data is stored within MeitY-approved Google Cloud India infrastructure and is not transmitted outside the country.
Critics, including Mrwhosetheboss, found the responses to contain inconsistencies, particularly regarding which devices were affected by the Chinese app findings and when those apps would be removed. AI+ has continued to defend its overall vision and mission but has not released independent technical documentation or audit results to substantiate its data sovereignty claims.
Government & Regulatory Response
As of the time of this publication, no official statement, formal investigation, or advisory notice has been issued by the Indian government, CERT-In (Indian Computer Emergency Response Team), or any other regulatory body specifically addressing the AI+ controversy.
The case has been watched closely by India's wider technology sector, given its intersection with national manufacturing ambitions under initiatives such as Make in India and PLI (Production Linked Incentive) schemes for electronics. The absence of government comment may reflect the early stage of any regulatory interest, or the political sensitivity of scrutinising a brand that frames itself around national pride.
Fact Check Table
| Claim | Evidence Available | Verdict |
|---|---|---|
| User data is sent to servers in China | Chinese-built apps found; Sprocomm named in embedded privacy policy as service provider. No live network capture of data exfiltration published by verified researchers. | Needs More Evidence |
| Data is routed through Pakistan-Occupied Kashmir (PoK) | No credible technical documentation, packet capture, DNS trace, or WHOIS record supports this claim. Appears to originate from social media speculation. | Unverified |
| AI+ has Chinese ownership or investment | No documented Chinese corporate ownership. Founder Madhav Sheth is Indian. Sprocomm Technologies is a Chinese ODM partner, not an owner. No regulatory filing indicates Chinese equity stake. | Unverified / No Evidence |
| Pre-installed apps were built in China with renamed packages | Confirmed by Android researcher cited by Mrwhosetheboss. App code analysis showed Chinese developer signatures under renamed package identifiers. | Verified |
| Hardware sourced from Chinese ODMs (e.g., Sprocomm, ZTE-linked) | Spec comparisons between Nova Flip and ZTE-family devices show matching battery, processor, and camera configs. AI+ has not disputed use of ODM hardware. | Verified (Partial) |
| Marketing claim "Made in India / Engineered in India" is accurate | Assembly occurs at Noida facility per company. Core hardware and key software components appear sourced externally, including from China. "Engineered in India" is disputed. | Misleading |
| Privacy policy contains concerning third-party data-sharing clauses | Policy text referencing credit bureaus, personal loans, and third-party contact confirmed in archived and live versions of AI+ privacy documentation. | Verified |
| AI+ obtained court orders to silence critics | Delhi High Court granted an ex parte injunction against TechWiser and TechBar; critical videos were geo-blocked or removed. Court record is public. | Verified |
Privacy Risks: What Should Users Know?
App Permissions to Watch
| Permission | What It Accesses | Risk Level | Common on Android? |
|---|---|---|---|
| READ_CONTACTS | Full contact list | HIGH | Common, but should be optional |
| READ_CALL_LOG | Call history and duration | HIGH | Limited to specific apps |
| ACCESS_FINE_LOCATION | Precise GPS coordinates | HIGH | Common but sensitive |
| READ_SMS | SMS content and OTPs | HIGH | Rarely justified in system apps |
| CAMERA / MICROPHONE | Live audio and video | MEDIUM | Common; requires user grant |
| READ_EXTERNAL_STORAGE | Photos, files, documents | MEDIUM | Common; scope varies |
| INTERNET | Network communication | LOW | Universal — every app requires this |
What You Should Do Before Using Any New Device
- Audit pre-installed apps. Use Settings → Apps → All Apps to see everything installed. Research any app you do not recognise before enabling permissions.
- Run ADB from a computer. Developer mode (enabled via Settings → About Phone → tap Build Number 7 times) allows you to see running packages and disable system apps via ADB commands.
- Read the privacy policy. Look specifically for sections on data sharing with third parties, data transfer outside India, and credit or financial service referrals.
- Use a network monitoring app. Tools like NetGuard (Android, open-source) can monitor which apps are making outbound connections and to which IP ranges.
- Check for unusual battery or data usage. Background data transmission by undisclosed apps often shows up as unexplained mobile data consumption.
- Keep software updated. If a company issues updates that remove flagged apps or patch policy issues, apply them promptly — and verify the changelog publicly.
Most-Asked Questions About the AI+ Phone Controversy
What is verified: Chinese-built system apps with renamed packages were found on AI+ devices. Sprocomm Technologies, a Chinese company, is named in AI+'s own app privacy documentation. Hardware appears sourced from Chinese ODMs. AI+'s marketing claims of Indian engineering are at minimum misleading. The company pursued legal suppression of critical content rather than releasing independent audit results.
What is not verified: Live data exfiltration to China has not been confirmed by independent network-level analysis. The PoK data-routing claim has no credible technical evidence supporting it. Chinese ownership of AI+ has not been established through any corporate filing or documentation.
Our assessment: AI+ presents a documented gap between its marketing claims and its technical reality. That gap is serious and warrants consumer caution and regulatory scrutiny. However, responsible journalism requires distinguishing between proven wrongdoing and unverified allegations. The worst accusations — live data sent to China or PoK — remain unproven as of this writing. The proven problems — Chinese-origin software, misleading "Made in India" claims, and legal suppression of criticism — are serious enough on their own merits to demand answers.
What needs to happen: An independent, published cybersecurity audit of AI+ network traffic, app behaviour, and data storage architecture. Until that audit exists, users should treat AI+'s privacy promises as unsubstantiated, and regulators should consider whether a brand that markets itself on data sovereignty owes its consumers verifiable proof of that claim.
Conclusion: Trust Cannot Be Asserted, Only Demonstrated
The AI+ controversy is, at its core, a story about the weight of promises. A smartphone brand chose to make data privacy and Indian sovereignty the foundation of its entire identity. That was an ambitious choice — and it created a correspondingly high standard that every line of code, every hardware partnership, and every legal response would be judged against.
By the evidence currently available, AI+ has not met that standard. Chinese-built software in renamed packages contradicts sovereign software claims. Hardware that mirrors Chinese ODM products contradicts sovereign engineering claims. A privacy policy that mentions third-party financial data sharing contradicts the brand's own advertising against exactly such practices. And using the courts to silence criticism, rather than releasing auditable technical documentation, contradicts the spirit of transparency that privacy-first branding demands.
None of this means the most alarming allegations are proven true. The claim that data goes to PoK specifically is, as of this investigation, without verifiable technical foundation. The claim that data actively flows to China in real time remains unconfirmed by independent network analysis.
What is confirmed is a serious mismatch between marketing and reality — and a response to criticism that has, paradoxically, made every unanswered question louder. In the smartphone market, trust is the product. AI+ built its brand on that product, and the burden of proof now rests entirely with them.