Xiaomi's Miui is regarded as the best Operating System layered on top of Android platform. The huge success of Xiaomi smartphones is mainly attributed to the award-winning MIUI. However, the latest report issued by a popular security company eScan points out several major security flaws in the Xiaomi MIUI. The report reveals that there are unintentional vulnerabilities in the user apps including security related apps.

Vulnerable system apps

The report further mentions that the system apps included with the MIUI are mainly responsible for vulnerabilities.

According to the report, nearly 13 percent of users with Xiaomi smartphones based in India are at a significant threat. Moreover, the platform has several security lapses by design. It is not possible for the users to change the behavior because the Lei Jun-owned company has designed the platform to prevent user modifications.

According to eScan, the core problem is with the Mi Mover app, which is used to migrate data from an old device to a new phone. The app overrides the sandbox included with the core Android platform for the security of the data.

Clone possibility

The report states that any device administrator app can be easily uninstalled without revoking the admin rights. The report issued by eScan reveals that Mi Mover app can also clone a Xiaomi-branded smartphone within few minutes without performing rooting of the smartphone.

Moreover, the MIUI hides the Work-Profile admin app making it difficult to distinguish between Workspace and Personal profiles.

This mechanism prevents administrators in the enterprise setting to locate and verify the profile that is being removed as part of the Enterprise Mobility Management. The end result can be disastrous since the administrators could remove the work profile instead of personal profile.

Meanwhile, Sachin Raste, research analyst at eScan also said that it is not easy to remove the work profile due to the complexities involved.

Xiaomi declines allegations

Commenting on the report, Xiaomi disclosed that privacy of users is important for the company. The Chinese-based company also strongly disagrees with the allegations about the operating platform in the report.

The company said that eScan report has been prepared with the impression that users make use of an unlocked device without setting any password, PIN, pattern or fingerprint sensor.

Steps to prevent

To prevent unauthorized access, Xiaomi urges users to make use of any one of the above authorization methods. The fingerprint scanner enables users to protect the privacy to a large extent since only the relevant user can unlock the device.

Responding to the allegations over the Mi Mover app, Xiaomi said that users need to make use of a password to initiate the transfer process alongside any one of the unlock measures. Hence, there is a double layer of protection in a bid to protect privacy.

Xiaomi added that if a smartphone is in the unlocked state, it is liable for threats since any one can access the content without permission. Hence, the company has recommended users to employ any of the security measures to protect themselves from hackers and possible misuse.