Xiaomi has a pre-installed backdoor on every device
Previously, Nasi Lemak Tech discovered that some Xiaomi devices have adware built into MIUI. Now, Thijs Broenink has reverse engineered AnalyticsCore.apk, an app found on all Xiaomi devices. It seems like the app has access to information regarding your device, like the IMEI and even the apps you have on your device. This information is sent to Xiaomi’s servers.
The official statement is that it allows Xiaomi to update the device to improve your user experience, all while collecting data on your usage. Xiaomi receives this data every 24 hours, which is pretty frequent for “user experience improvement”. What’s even more worrying is that Xiaomi has the ability to “update” the apps on your device with their own version. While the aim is pretty noble, it does leave the door open for exploits from unsavory individuals.
On the MIUI forums, users have reported that the app reinstalls itself even after being deleted, and also consumes battery in the background. To ease your mind, Xiaomi’s spokesperson said: “Any APK without an official signature will fail to install. As AnalyticsCore is key to ensuring better user experience, it supports a self-upgrade feature. Starting from MIUI V7.3 released in April/May, HTTPS was enabled to further secure data transfer, to prevent any man-in-the-middle attacks.” Maybe it means less risk of hackers gaining access to your Xiaomi smartphone, but Xiaomi has full access to the apps on your device, and has the ability to install anything they want on your device.
Will this bit of news turn you away from Xiaomi devices, or is the great value for money too nice to ignore?
Pokdepinion: I have stopped recommending Xiaomi devices to my friends and family, and this is all the more reason to avoid them.