Xiaomi responds to eScan’s MIUI security hole claims

Xiaomi is facing allegations of threatening the safety of its users, with security firm eScan outlining MIUI’s flaws in a 36-page report. The brand has responded strongly to the accusations, denying the existence of any holes in its system.

The controversy began with an eScan report that talked about 2 major problems concerning MIUI. One involves Xiaomi’s uninstall process, with the former stating that it posed a threat to third-party security and Android for Work apps. The second involves Mi Mover, the company’s migration assistant tool which helps move data from an old handset to a new Xiaomi one.

eScan claims that Mi Mover overrides the Android sandbox. The sandbox isolates individual app data, so going over it would mean people would still be signed into an application on their new device. The firm also states that phones can be cloned without having to root the device. Plus, work and personal profiles can’t be told apart.

Xiaomi Redmi 3S Prime Gold

Xiaomi has rebutted the findings of the report by pointing out that attackers can only pose a threat if they somehow gain access to an unlocked smartphone. If a person simply uses a PIN, pattern unlock, or fingerprint authentication no one will be able to do anything with the handset in the first place. Furthermore, Mi Mover requires a password at the start.

Also Read: Xiaomi Mi 5X set to hit India in September

Even Facebook agrees with this point of view, stating that the scenario painted above is a theoretical bug. The only solution would be to stop the phone from getting stolen and unlocked. eScan’s report does have a response to this though, questioning what security measures a person has to take when handing over their device at service centers.