Security in MIUI


Jan 5, 2019
8
2
5
#1
I like MIUI very much because of the user experience it gives you and the look and feel - it is a really fancy flavour of android. But there is a lot of negative news from the past about xiaomi and the spyware they had put on their phones.
Some say xiaomi isn't collecting more information of the users then other companies do. But there is still the fact that they have to corporate with the chinese government.
So please don't hate or post dumb comments, i just want to start an informative discussion about MIUIs security and if we can trust it at least as much as we trust western companies and their mobile operating systems.
It would be cool if the developers of the xiaomi.eu Roms could tell a bit about their experiences and knowledge in this kind of topic.
 

Igor Eisberg

Patch/Mod Developer
Staff member
Oct 6, 2016
1,451
1,105
297
#2
There's a lot of information sent back and forth to Xiaomi servers, and disabling that would break the features. What Xiaomi does with that information, or whether it's even stored on their servers at all, is not information that we have.
 
Jan 5, 2019
8
2
5
#3
There's a lot of information sent back and forth to Xiaomi servers, and disabling that would break the features. What Xiaomi does with that information, or whether it's even stored on their servers at all, is not information that we have.
Thanks for your fast reply and your insider information.
I maybe want to support the project in that kind of security aspect.
At least collect and provide informations with this question/topic/discussion.

But do you know for sure that these data are no sensitive data like passwords encrypted or decrypted?

Or what kind of data is that in general?

Are there ideas of working around those needs of data transfers or tries to minimize them in the xiamoi.eu roms to get at least a more secure OS then the original Xiaomi global rom?
 

Igor Eisberg

Patch/Mod Developer
Staff member
Oct 6, 2016
1,451
1,105
297
#4
No, we don't interfere with Xiaomi online services. I'm not aware of any passwords being transfered. However, IMEI is being commonly sent to Xiaomi servers.
Most of Xiaomi Analytics stuff is disabled for international users.
 
Dec 2, 2017
702
184
82
#5
You can install a firewall app like Netguard, which let's you selectively enable network access for apps, even system apps.

You can even see which apps contact which ip adresses, and selectively restrict even these, if I recall correctly.

If you restrict the wrong things, you might be able to brick your phone, so be careful.
 

Stirf

Members
Aug 24, 2015
7
0
13
#6
You can install a firewall app like Netguard, which let's you selectively enable network access for apps, even system apps.

You can even see which apps contact which ip adresses, and selectively restrict even these, if I recall correctly.

If you restrict the wrong things, you might be able to brick your phone, so be careful.
Where can I find information about which restrictions are harmless. I don't have any idea.
 
Dec 2, 2017
702
184
82
#7
Where can I find information about which restrictions are harmless. I don't have any idea.
That's the main problem.

I tried this a few years ago on an old retired Doogee phone running Android 5.

Nothing bad happened, various things stopped working of course, depending on what I turned off.

One Google system app could access my mobile data even when it was turned off.

After that I realized what Android actually is.

MIUI is significantly more complicated, you have the Mi Account, etc.

I've never tried this full bore on a Xiaomi phone, just work with obfuscation, etc.

If you want maximum security, move to some open source AOSP rom, or buy a secured "feature phone", there are companies that specialize in these I think.
 
Last edited:
Likes: Stirf
Dec 2, 2017
702
184
82
#9
Thank you for your answer.
One more question. There are some modules in magisk. Do you have any experience with those?
No experience with Magisk.

Magisk is otherwise interesting, run entirely by one colledge student if I recall correctly.
But I see no reason to root my android phones, for now.
 
Aug 24, 2015
7
0
13
#11
Thanks again for answering.
I'm using magisk for adaway and Titanium. Especially Titanium is a useful app.
Anyone else having experience with the magisk tools?