Xiaomi Backdoor Accusations Continue; Can The Company Really Install Apps Without The User’s Knowledge?

Accusations continue that Xiaomi can allegedly install apps without the user's knowledge. A student from the Netherlands has said that an app running in the background could potentially be used as spyware.

Broenink is a Computer Science student from the Netherlands, and he has found that an app running in the background of some Xiaomi smartphones, such as the Xiomi Mi4, could be harmful. The app is AnalyticsCore.apk and it runs in the background of some Xiaomi phones, according to Android Headlines. The app doesn't seem to go away and would reappear even if deleted.

The app is said to check for updates every 24 hours and sends information to Xiaomi's servers. It also automatically installs updates to phones even if the user isn't aware of it. Xiaomi has responded by saying that the app in question is part of the MIUI system component. Its purpose is for data analysis aimed at improving customer experience.

Xiaomi also says that before an app or update is installed the MIUI system would check for the app's signature if it is an official install. If it is not, then the app would not install it on the device. Xiaomi has said that the AnalyticsCore.apk has a self-upgrade feature.

However, some are worried that the app could be used by those with malicious intent to gain entry by using it. WCCFTech says that an attacker could replace the app with its own version and with the same name and even function.

Broenink says that no validation system has been implemented by Xiaomi to check apps being installed in Xiaomi smartphones. Using the app is key to this as it can act as a Trojan horse by an attacker. Broenink also says that even Xiaomi itself can install apps into user phones without them knowing.

For those who might have worries about such intrusions on their Xiaomi smartphones, it has been suggested to download a firewall app to minimize any chance of attacks.

© 2021 iTech Post All rights reserved. Do not reproduce without permission.

More from iTechPost