Security solutions company eScan on Thursday in a 36-page report[1] alleged that Xiaomi's MIUI custom Android ROM has multiple flaws that affected the security of user data. Xiaomi[2] system apps such as the uninstall mechanism and Mi Mover were some of the flawed aspects of MIUI, the report stated. The Chinese smartphone company has refuted the allegations however, in a statement to Gadgets 360.
A Xiaomi spokesperson in an emailed statement told Gadgets 360 that all of eScan's data security concerns are valid only if a perpetrator gains physical access to an unlocked smartphone. Such a scenario already places user data at great risk, and Xiaomi also pointed to the addition of login layers that have been introduced in the user data migration app Mi Mover, as well as its recommendations for users to utilise a lockscreen security feature such as PINs, pattern locks, and the fingerprint sensor.
In its report, eScan claims "Xiaomi's system apps have unknowingly introduced multiple flaws into the functional working of most of the apps. The functional aspects of Anti-Theft security apps and Android for Work apps are affected by the uninstall procedure implemented by Xiaomi. Furthermore, the MI-Mover app which assists in user data migration also poses significant threats to the installed apps. Although, Xiaomi alone cannot be held responsible; the app developers are also equally responsible for not taking into consideration that there existed a huge possibility of their application's app-system-data getting cloned/ copied. This particular use-case existed since the day devices started getting rooted and app-system-storage was compromised. It's surprising that app developers never realized that the data which they are storing on app-system-storage is vulnerable on rooted phones. Although Xiaomi's MI Mover allows the users to copy all their data, it...