Xiaomi has progressed into one of the leading smartphone manufacturers across the global markets with its strong presence felt in many countries outside China.
Recently, Xiaomi's MIUI 9 is hitting the headlines as the Global Beta ROM is being rolled out to select devices starting with the company's flagship Mi 6 and Redmi Note 4/4X. In the meantime, eScan, an Indian security company that provides Enterprise Security has highlighted the security flaws in the MIUI interface. The report claims that there are unintentional vulnerabilities in the MIUI apps. The MIUi system apps are said to be responsible for many vulnerabilities.
One of the major vulnerabilities is said to be around the Mi Mover app. This MIUI app helps in transferring settings and other data from any Android device to a Xiaomi device. The India-based security firm claims that this app overrides the Sandbox protection of Android that ensures the security of data.
Notably, when the transfer between two Xiaomi devices happens, even sensitive data such as payment related information will be transferred. The Mi Mover app will prompt the user for the password before transferring confidential information. However, eScan Antivirus claims that while transferring data between Mi Max 2 and Redmi 4A, the app did not ask for any password, biometric authentication or pattern.
The other major flaw with Xiaomi's MIUI is believed to lie with the device administrator setting. Usually, the security apps use the inbuilt admin permission of the Android platform to wipe the device in case it is lost. The user needs to provide a password or pattern in order to wipe the data. But it the report claims that the anti-theft app on the Mi Max 2 was easily uninstalled without any authentication.