Xiaomi has gotten embroiled in a controversy over its MIUI software, with security firm eScan outlining the ROM’s supposed flaws in a 36-page report. The former has now hit back at the latter’s claims.
eScan’s report concentrates on Xiaomi’s uninstall feature and Mi Mover app. According to the firm, the first poses a threat to third-party security and Android for Work apps. As for the second, its access to app system data apparently poses a threat to installed apps.
Mi Mover serves as a migration assistant for users who want to transfer their old handset’s data to a new Xiaomi device. eScan claims the app overrides the Android sandbox, which means that a person would already be signed in to an app on their new smartphone. The firm goes on to state that any phone can be cloned using Mi Mover without having to root the handset.
Xiaomi has responded to eScan’s report by stating that all its security concerns are only valid if an attacker gets physical access to an unlocked smartphone. None of these issues would arise if the owner uses a PIN, pattern lock, or fingerprint authentication. Moreover, it says that Mi Mover requires a password to get started.
All-in-all, eScan’s report seems to be a lot of fury over an imaginary scenario that Xiaomi has little control over. Even Facebook responded to the report by stating that this was a theoretical bug in which the only protection would be to not allow someone to steal and unlock their phone.
eScan’s report does include this line of thought, but asks what precautions a person must take when handing over their device to Xiaomi service centers and what measures an owner should take to ensure their smartphone doesn’t get stolen. Mi Mover’s password should take care of the former scenario, while the latter is beyond the company’s purview.