Red Alert for Xiaomi Users: MIUI is vulnerable

Security company, eScan warns Xiaomi users of multiple flaws in MIUI system apps which are capable of introducing unintentional vulnerabilities into end-user as well as security apps. Unlike other operating systems, MIUI OS by design has multiple security lapses. In particular, the MI-Mover App can override the application sandbox of the android OS thereby posing a significant threat to the installed apps.
Why it’s a concern for Xiaomi’s users?
In the research, eScan found the following security loopholes that need to be addressed:
  1. MI-Mover App overrides the application sandbox of the Android OS
  2. Any device-administrator app can be uninstalled without revoking its device-admin rights
  3. Unlike other smartphones, Xiaomi with MI-Mover can be cloned in few minutes without needing to root the device
  4. MIUI devices rather than deleting, hides the Work-Profile Admin app
  5. Not easy to delete the Work-Profile
  6. Workspace profiles cannot be differentiated from the personal profile posing a serious challenge from the security point of view in Enterprise Mobility Management

More details here.