Security in MIUI


N

netexploit

I like MIUI very much because of the user experience it gives you and the look and feel - it is a really fancy flavour of android. But there is a lot of negative news from the past about xiaomi and the spyware they had put on their phones.
Some say xiaomi isn't collecting more information of the users then other companies do. But there is still the fact that they have to corporate with the chinese government.
So please don't hate or post dumb comments, i just want to start an informative discussion about MIUIs security and if we can trust it at least as much as we trust western companies and their mobile operating systems.
It would be cool if the developers of the xiaomi.eu Roms could tell a bit about their experiences and knowledge in this kind of topic.
 
  • Like
Reactions: Frits28 and lex490
There's a lot of information sent back and forth to Xiaomi servers, and disabling that would break the features. What Xiaomi does with that information, or whether it's even stored on their servers at all, is not information that we have.
 
There's a lot of information sent back and forth to Xiaomi servers, and disabling that would break the features. What Xiaomi does with that information, or whether it's even stored on their servers at all, is not information that we have.

Thanks for your fast reply and your insider information.
I maybe want to support the project in that kind of security aspect.
At least collect and provide informations with this question/topic/discussion.

But do you know for sure that these data are no sensitive data like passwords encrypted or decrypted?

Or what kind of data is that in general?

Are there ideas of working around those needs of data transfers or tries to minimize them in the xiamoi.eu roms to get at least a more secure OS then the original Xiaomi global rom?
 
No, we don't interfere with Xiaomi online services. I'm not aware of any passwords being transfered. However, IMEI is being commonly sent to Xiaomi servers.
Most of Xiaomi Analytics stuff is disabled for international users.
 
You can install a firewall app like Netguard, which let's you selectively enable network access for apps, even system apps.

You can even see which apps contact which ip adresses, and selectively restrict even these, if I recall correctly.

If you restrict the wrong things, you might be able to brick your phone, so be careful.
 
You can install a firewall app like Netguard, which let's you selectively enable network access for apps, even system apps.

You can even see which apps contact which ip adresses, and selectively restrict even these, if I recall correctly.

If you restrict the wrong things, you might be able to brick your phone, so be careful.

Where can I find information about which restrictions are harmless. I don't have any idea.
 
Where can I find information about which restrictions are harmless. I don't have any idea.

That's the main problem.

I tried this a few years ago on an old retired Doogee phone running Android 5.

Nothing bad happened, various things stopped working of course, depending on what I turned off.

One Google system app could access my mobile data even when it was turned off.

After that I realized what Android actually is.

MIUI is significantly more complicated, you have the Mi Account, etc.

I've never tried this full bore on a Xiaomi phone, just work with obfuscation, etc.

If you want maximum security, move to some open source AOSP rom, or buy a secured "feature phone", there are companies that specialize in these I think.
 
Last edited:
  • Like
Reactions: Frits28
Thank you for your answer.
One more question. There are some modules in magisk. Do you have any experience with those?
 
Thank you for your answer.
One more question. There are some modules in magisk. Do you have any experience with those?

No experience with Magisk.

Magisk is otherwise interesting, run entirely by one colledge student if I recall correctly.
But I see no reason to root my android phones, for now.
 
Thanks again for answering.
I'm using magisk for adaway and Titanium. Especially Titanium is a useful app.
Anyone else having experience with the magisk tools?
 
I use Adways host file, but installed via TWRP (which has root access), without installing Adaway, no root.