MIUIdaemon - why not removing by xiaomi.eu


Conus

Members
Feb 5, 2019
81
30
Deleting this app is no good idea because of strange issues (see link below).

On my phone MIUIdaemon app is frozen - I didn't find any visible impact, only some complaints in logcat about missing performance measuring service.

Freezing this app can be done with eg. TitaniumBackup, Link2SD or simply by ADB or in a root terminal:

pm disable com.miui.daemon


With tcpdump I found that MIUIdaemon never tries to connect to one of its built-in addresses.
Code:
https://port.sec.miui.com/
https://port.sec.miui.com/data/
https://port.sec.miui.com/data/appLifeUpload
https://port.sec.miui.com/data/bluetoothUpload
https://port.sec.miui.com/data/bootEventUpload
https://port.sec.miui.com/data/emmcLifeUpload
https://port.sec.miui.com/data/fidoUpload
https://port.sec.miui.com/data/hardwareInfoUpload
https://port.sec.miui.com/data/hwInfoUpload
https://port.sec.miui.com/data/hwinfoCommonUpload
https://port.sec.miui.com/data/identifyResUpload
https://port.sec.miui.com/data/killProcessUpload
https://port.sec.miui.com/data/matrixUpload
https://port.sec.miui.com/data/mqsasUpload
https://port.sec.miui.com/data/ringerModeUpload
https://port.sec.miui.com/data/screenOnUpload
https://port.sec.miui.com/data/sensorUpload
https://port.sec.miui.com/data/storageUpload
https://port.sec.miui.com/data/sysopt/coldStartUpload
https://port.sec.miui.com/data/wcnsUpload
https://port.sec.miui.com/mqsas/exception/callBack
https://port.sec.miui.com/mqsas/fileUpload
https://port.sec.miui.com/mqsas/fileUpload?r=
https://port.sec.miui.com/mqsas/reachLimit
Possibly these addresses will be connected only within China??

More background information is in an article from a German Android forum (2017, translated): https://translate.google.com/translate?sl=auto&tl=en&u=https://www.android-hilfe.de/forum/xiaomi-allgemein.1692/miuidaemon-ist-eine-schnueffel-app.858028.html
 

Lecterr

Members
Apr 6, 2018
24
15
Deleting this app is no good idea because of strange issues (see link below).
You must read the full story - it is safe to delete the hole app! I do this since three years of xiaomi.eu use! Globe-ROM does it,too! So it is time for xiaomi.eu to do this, too!
 

Igor Eisberg

Developer
Staff member
Oct 6, 2016
4,034
322
You must read the full story - it is safe to delete the hole app! I do this since three years of xiaomi.eu use! Globe-ROM does it,too! So it is time for xiaomi.eu to do this, too!
You did not provide any recorded evidence that this app does anything malicious. Most of this app's reporting functionality seems to be dormant.
 

Igor Eisberg

Developer
Staff member
Oct 6, 2016
4,034
322
so it could just be deleted as well, couldn't it?
Maybe it's possible to remove the APK, but there's still the /system/xbin/mqsasd which cannot be removed safely (you won't be able to boot).
The mqsas service is integrated in framework.jar and boot.img as well.
We don't have time for this merely based on paranoia.
 

Conus

Members
Feb 5, 2019
81
30
You must read the full story - it is safe to delete the hole app! I do this since three years of xiaomi.eu use! Globe-ROM does it,too! So it is time for xiaomi.eu to do this, too!
Sure? The user of posting #22 has got (re)boot issues after deleting MiUIdaemon:

https://translate.googleusercontent.com/translate_c?depth=2&rurl=translate.google.com&sl=auto&sp=nmt4&tl=en&u=https://www.android-hilfe.de/forum/xiaomi-allgemein.1692/miuidaemon-ist-eine-schnueffel-app.858028-page-2.html&xid=17259,15700019,15700186,15700191,15700248,15700253&usg=ALkJrhi5ZOn5VJ_019oMHq1DsBP3gfxQYg#post-10805493

BTW. You will lose Google Pay/SafetyNet certificaction when touching system-partition. Freezing doesn't hurt and is reversible.
 

Lecterr

Members
Apr 6, 2018
24
15
I delete this APK per TWRP filemanager on every build of xiaomi.eu and never had any problem! So xiaomi.eu can do that, too! This is NO paranoia my friend...
 

Igor Eisberg

Developer
Staff member
Oct 6, 2016
4,034
322
I delete this APK per TWRP filemanager on every build of xiaomi.eu and never had any problem! So xiaomi.eu can do that, too! This is NO paranoia my friend...
Where is the evidence? That tweet you linked from 2017 only presents stuff that can be found inside the code. Where is the evidence that anything is actually being sent to any of the mentioned URLs? As far as I've seen, the Uploaders are not being called at all.
 

Lecterr

Members
Apr 6, 2018
24
15
Where is the evidence? That tweet you linked from 2017 only presents stuff that can be found inside the code. Where is the evidence that anything is actually being sent to any of the mentioned URLs? As far as I've seen, the Uploaders are not being called at all.
Can you say 100% that there will no data send to china server all the time? I don't think so...
 

Conus

Members
Feb 5, 2019
81
30
I tried to prove MIUIdaemon, but didn't found anything...

It's much better to examine then to speculate. Therefore I recorded the last weeks the complete traffic of my smartphone using tcpdump tool.
My device is a Redmi 5 Plus with originally global Xiaomi ROM 7.1, updated in January to Xiaomi.eu's latest stable ROM 8.1. Cloud service apps are frozen.

I found a hidden root backdoor from Facebook: https://xiaomi.eu/community/threads/facebook-root-backdoor-in-xiaomi-service-framework-module.49083/

The only "unusual Chinese traffic" are some harmless DNS queries to Baidu: 114.114.112.0/21 and 180.76.64.0/18. These adresses are hard coded, because system DNS is fixed by vendor to Google (8.8.8.8). The built-in adresses in MIUIdaemon never had been connected (see above).

Immediately after being connected to internet, the smartphone sends a single HTTP POST-request to an Alibaba cloud server in Singapore: http://data.mistat.intl.xiaomi.com/mistats/v2

The request contains the following telemetry data:

app_id={ 19-digit number }
app_key={ 13-digit number }
bc=S
channel=default+channel
client_config=1057
device_id={ 32-digit hex UID }
id_type=0
interval=90000
mistatv=5
network=WIFI
policy=0
sdk_version=2.1.1
sign={ SHA1 hash ? }
size=64
stat_value={ ~10 kB hex coded binary data }
version=8.11.07.800002


I think that's not worldshaking. Google Service Framework snoops much more data. And with AdAway or Blokada it's easy to prevent any unwanted traffic.
 

Lecterr

Members
Apr 6, 2018
24
15
@Conus : One phone, one week, in one country...very impressive statistic...NOT!

Can you prove the opposite? I don't think so...
This post is the reason I will never use xiaomi.eu ROM! Thanks a lot for showing your way solve problems and questions. It shows me and others how professional this ROM is - or even not! My statement! Bye!
 

ingbrzy

Xiaomi.eu ROM leader
Staff member
Feb 11, 2012
9,968
322
@Conus : One phone, one week, in one country...very impressive statistic...NOT!



This post is the reason I will never use xiaomi.eu ROM! Thanks a lot for showing your way solve problems and questions. It shows me and others how professional this ROM is - or even not! My statement! Bye!
Please complain at miui.com forum.. We don't care about your paranoia... Or buy Google device.. You are free and Donald needs you..
 
  • Like
Reactions: Igor Eisberg