Security company, eScan warns Xiaomi users of multiple flaws in MIUI system apps which are capable of introducing unintentional vulnerabilities into end-user as well as security apps. Unlike other operating systems, MIUI OS by design has multiple security lapses. In particular, the MI-Mover App can override the application sandbox of the android OS thereby posing a significant threat to the installed apps.
Why it’s a concern for Xiaomi’s users?
In the research, eScan found the following security loopholes that need to be addressed:
- MI-Mover App overrides the application sandbox of the Android OS
- Any device-administrator app can be uninstalled without revoking its device-admin rights
- Unlike other smartphones, Xiaomi with MI-Mover can be cloned in few minutes without needing to root the device
- MIUI devices rather than deleting, hides the Work-Profile Admin app
- Not easy to delete the Work-Profile
- Workspace profiles cannot be differentiated from the personal profile posing a serious challenge from the security point of view in Enterprise Mobility Management
More details here.