Xiaomi is facing allegations of threatening the safety of its users, with security firm eScan outlining MIUI’s flaws in a 36-page report.
eScan’s report concentrates on Xiaomi’s uninstall feature and Mi Mover app.
While the uninstall process poses a threat to third-party security and Android for Work apps, the second involves Mi Mover, the company’s migration assistant tool which helps move data from an old handset to a new Xiaomi one.
eScan claims the Mi Mover app overrides the Android sandbox, which means that a person would already be signed in to an app on their new smartphone. The firm goes on to state that any phone can be cloned using Mi Mover without having to root the handset.
Xiaomi has responded strongly to the accusations, denying the existence of any loopholes in its system.
Xiaomi has pointed out that attackers can only pose a threat if they somehow gain access to an unlocked smartphone. If a person simply uses a PIN, pattern unlock, or fingerprint authentication no one will be able to do anything with the handset in the first place. Furthermore, Mi Mover requires a password at the start.