It seems all xiaomi.eu ROMs are signed with the default Android platform private key. This is a severe security flaw. Any arbitrary userland apps (installed by users using apk files) can gain System privilege by claiming android:sharedUserId="android.uid.system" in the manifest xml file.
Here...