Xiaomi has countered reports of major security leaks in its flagship OS MIUI after internet security service provider eScan reportedly found critical flaws in system apps.
What are the flaws?
The first flaw pertains to Mi-Mover, an in-built app used to transfer files, apps and settings from an Android device to a Xiaomi phone. Though the process is flawless when the file transfer is initiated between a Xiaomi device and an Android device manufactured by a different company, the issue arises when transferring files between two Xiaomi devices.
The app inadvertently transfers sensitive and confidential details such as passwords and payment info. This means that any Xiaomi user can easily get another Xiaomi user’s confidential details by just initiating a transfer.
The second flaw pointed out by the eScan report is that Xiaomi devices don’t ask for a password or even display a prompt when a user uninstalls an app from the phone. No other Android devices allows this.
So, if anybody can access your Xiaomi device, that person could easily uninstall the phone’s Device Manager. This effectively stops a person from tracking a lost device or remotely wiping the device using the Find Me service online.
Xiaomi’s counter argument
In a statement to Gadgets 360, Xiaomi was quick to clarify that such a situation will take place only if a perpetrator gains physical access to an unlocked smartphone. They further argue that such a situation already places a user’s data at high risk.
The company also pointed out at the presence of login layers which have been introduced in the app Mi Mover together with strongly recommending users to utilise the lockscreen security features such as PINs, pattern locks and the fingerprint sensor provided by the phone.