Xiaomi smartphones can be installed on any program without the owners' knowledge
Android / / December 19, 2019
Xiaomi smartphones company known not only great value for money, but also branded MIUI operating system. However, recently there have discovered a serious vulnerability.
At the time, MIUI started as a simple add-on Android. It gradually overgrown with all new programs, settings and functions, so that today it can be argued that it is an independent operating system, although it has at its core Android.
Among the numerous "corporate" software available in MIUI, a computer security researcher Thijs Brunink (Thijs Broenink) drew attention to the unremarkable program AnalyticsCore.apk, which is constantly working background. The main suspect was the fact that this utility has appeared again and again on your smartphone even after careful removal.
In response to a query about the purpose of this file Xiaomi company decided to get rid of dull silence. Then Theis decompiled code and saw that the program every 24 hours sent to the server manufacturer's identification data, including IMEI, Device Model, MAC-address, and much more. In addition, the program checks for new version on the server and in case of its detection automatically downloads and installs it. The user, of course, remain completely unaware of the secret life of your device.
The most unpleasant is that AnalyticsCore.apk application does not check the authenticity of a downloaded file. This means that the company Xiaomi has the ability to install any program on your device under the guise AnalyticsCore.apk. The same loophole hackers can use, for connection to the server is performed by Xiaomi insecure protocol and can easily be compromised.
So far as I know, the company did not comment on the vulnerabilities found. However, MIUI forum users rose present storm.
That's why I always advise to use instead of MIUI some pure Android. Hail to AOSP, CyanogenMod and their derivatives!