An Indian Anti-virus firm, eScan, has slammed Xiaomi’s MIUI for its severe security vulnerabilities and flaws. The firm released a report which says that MIUI poses a significant threat for apps and user data on phones.
While Xiaomi has denied these accusations, eScan in its report have severely criticized various MIUI features like their uninstall process, Smart-locking feature, and Mi Mover app. Interestingly, the report doesn’t just stop at Xiaomi but, also blames app developers for ignoring such security concerns.
eScan blames MIUI Features
According to eScan, MIUI lacks an authentic app uninstall process. Their report read that “the process of uninstall of security apps like the antivirus, implemented in MIUI poses a significant security threat since the authentication process implemented by the app is bypassed.”
The report also reflected some of the flaws with Mi Mover app, which is Xiaomi’s ideal app for cloning your device. eScan says that while cloning with Mi Mover, it copies everything including logged-in credentials for apps, history, wallets and conducted operations, which poses a significant security threat.
The point eScan is making is that on the new Xiaomi phones, apps have to ask for re-authentication, which doesn’t happen if these are being set-up via Mi Mover.
Responding to the above allegation, Xiaomi said “Mi Mover is designed to be a convenient tool for our users to move their data from an old smartphone to a new phone. In order for Mi Mover to initiate this process, a password is required. More importantly, in order to use Mi Mover, the smartphone has to be unlocked. Thus, there are two layers of protection for the user – phone lock and a Mi Mover password that are necessary.”
The eScan’s report also warned Xiaomi users from using Xiaomi’s “Smart-Locking” option, as it can automatically unlock the devices without any pin, pattern or other security option.
The statement adds, “Any perpetrator who gains physical access to an unlocked phone, is capable of malicious activity and an unlocked phone is greatly at risk of user data being stolen. This is why, we at Xiaomi encourage our users to be more aware of guarding their private data using PIN, Pattern locks, or the onboard fingerprint sensor available on most of our smartphones. In fact, prompting users to enable fingerprint lock is a standard step when setting up a Xiaomi smartphone for first use.”