A lot of our readers will remember that Xiaomi was part of a huge controversy last year when a few Xiaomi smartphones were found stealing user data and sending user data to Chinese servers. Well, it looks like yet another controversy awaits Xiaomi as Bluebox, a San Francisco based mobile-security company has found that Xiaomi’s Mi4 flagship smartphones includes not one but several malware apps out of the box.
Bluebox found that the Mi4 imported from China includes several malware and adware apps such Yt Service, PhoneGuardService, and AppStats. The first one is an adware that displays intrusive ads on the device. PhoneGuardService and AppStats have been found to be a lot riskier and are actually Trojans. PhoneGuardService malware could allow your Xiaomi Mi4 smartphone to be hacked easily while the AppStats app is a riskware that can attract more malware on to your device.
Bluebox also found the Mi4 to be vulnerable to all seven known Android vulnerabilities. These are likely due to the fact that Xiaomi uses its own MIUI Android build that doesn’t get certified directly by Google. What’s worse is the fact the Mi4 is a pre-rooted device, which means all the rogue apps can easily infect your device. So if you were thinking of ordering a Xiaomi Mi4, you may have to think again now.
Xiaomi hasn’t yet made any comment but we expect an official response on the matter from the company to be released in a few days. The full analysis can be accessed at the source link below.
UPDATE: The Bluebox report page now states: “Xiaomi is fixing their response process and the device we tested appears to have been tampered in the distribution/retail process by an unknown 3rd party which we’re researching. We’re still working with Xiaomi to gain clarification on some findings. ” An updated report is likely to be published in the near future.