Xiaomi is presently one of the top 5 Android smartphone makers in the world, having more than 6% of the market share. Millions of users across the world own Xiaomi devices. Therefore, both the company and the consumers must take note of the latest security flaws found in Xiaomi MIUI.
EScan Antivirus, the India-based security firm, has found vulnerabilities in terms of security regarding the Mi Mover app. The app enables you to transfer data and settings from any Android phone to your Xiaomi device. It overrides the sandbox protection of Android in the process.
During the transfer between two Xiaomi MIUI phones, system data and confidential info such as payment details are swept aside. The user needs to provide a password for the Mi Mover app within the transferring activity. This helps in keeping all transferring information secure.
The security firm’s research revealed that the app didn’t ask for any kind of password. The Xiaomi MIUI devices included in the research were Mi Max 2 and Redmi 4A. This will open up possibilities for anyone to clone your app data and system with ease. All they need is to gain access to your unlocked Xiaomi phone.
Furthermore, the Xiaomi devices do not have any fallback protection from their respective systems. Another security issue is regarding the device-administrator apps. Given that your device falls into the wrong hands, the security app asks for Android’s administrator’s permission before wiping off your device. This also requires a password, which did not pop up while uninstalling the Cerberus anti-theft app in the Mi Max 2.