Bluebox, a software security company that tests mobile devices for security and malware threat, got their hands on a Xiaomi Mi 4 for testing. The results were not good. Bluebox claims that there were malicious software installed on the device, with some of those even mimicking Google applications. Xiaomi has since replied to the accusation, but it still leaves questions on the security of the phone and the integrity of the brand itself.
Bluebox found all manner of trojans and malware installed on the phone, some that allowed hackers to access the device. There were also adware that mimicked the look of a verified Google application. Bluebox declared that they found the device "vulnerable to every vulnerability we scanned for." A good question to ask next is if the phone was genuine in the first place.
Bluebox said that they were able to buy the phone from a retailer in China, and that they were not sure if the phone was tampered with by a third party before sale, or if it was some sort of test model – since the operating system was a mixture of Android 4.4.4 KitKat with some older elements from older OS versions included.
Xiaomi’s VP for International Hugo Barra has since replied to the accusation. He points out that the device Bluebox tested was "inot using a standard MIUI ROM, as our factory ROM and OTA ROM builds are never rooted and we don’t pre-install services such as YT Service, PhoneGuardService, AppStats etc." Barra says that Bluebox may have received a tampered device. He added that Xiaomi recommends people to buy their phones through its official online store and selected carriers, and not from third-party resellers. The full content of Xiaomi’s official reply to the accusation can be found at the source link (see below).
That said, Bluebox lead security analyst Andrew Blaich says that he is not convinced of the answer, saying that there were still holes in the whole shipping process from China to international where devices can still be tampered with. It raises a lot of questions about buying phones from China at street level, where there is a very lively market for cheaply priced devices. Sadly, this is also not the first time Xiaomi has been accused of putting out devices that have security flaws.