Shortly after his European debut, Xiaomi can prepare for embarrassing questions from its new customers. Software expert Robert Baptiste took a closer look at the firmware of the global version of the Mi 6. Just like OnePlus or Wiko before, Xiaomi also left a monitoring app on the end device intended for developers, which should not go into free trade. User telemetry data is sent to the headquarters in China without being asked. We still have no answer for Xiaomi.
- Elliot fs0c131y Alderson shows: Everyone is spying and Google is watching
- OnePlus: Oxygen OS collects this data
When you follow Robert Baptiste on Twitter, you ask yourself, “What the hell is going on?” One well-known smartphone manufacturer after another catches his eye; either through incorrectly implemented software or through apparently intentionally left behind software that can be used for monitoring.Elliot Alderson@fs0c131y · Replying to @fs0c131y and 2 others
To check if you have this app:
open Settings -> Apps -> Menu -> Show system apps and search MiuiDaemon (com.miui.daemon) in the app list to checkElliot Alderson@fs0c131y
So @xiaomi I have some questions:
– Why this super intrusive app is present in an user build?
– Do you really need all this data?
– Any way to opt out from this data collection?80Twitter Ads info and privacy21 people are talking about this
What had happened? The Miui Deamon app (found in Settings -> Apps -> Menu -> Show system apps ) on some Xiaomi smartphones – including the Mi 6 we tested – collects user data without being asked . Specifically, it is …
- the length of time you watch your screen.
- the RAM.
- the internal memory.
- how much internal memory is free.
- the IMEI.
- Battery statistics.
- GPU statistics.
- Process statistics.
- Bluetooth.
- Boat.
- Wireless.
- Events that turn on the screen.
Hi @xiaomi ! Can we talk about your MiuiDaemon application?
This application is monitoring among other things Bluetooth, boot, broadcast, package, screen on events. Of course, all this data is sent to a China server.
This application contains also a package called “performance”. This package is able to collect activity stats, battery stats, graphics stats, proc stats…
82Twitter Ads info and privacy21 people are talking about this
This data is not only collected, but to make matters worse, it is also sent. Unfortunately, the collection is designed in such a way that it can be traced back to you personally.Elliot Alderson@fs0c131y
Hi @xiaomi ! Can we talk about your MiuiDaemon application?
This application is monitoring among other things Bluetooth, boot, broadcast, package, screen on events. Of course, all this data is sent to a China server.
500Twitter Ads info and privacy345 people are talking about this
Xiaomi has not yet commented on this. Since it is a system app, you cannot do anything about the data collection without much effort. The manufacturer would have to roll out a software update that removes the app. Otherwise, the only way would be via a custom ROM, which luckily is not too complicated to install on the Xiaomi devices. Then at least the eavesdropping methods in the system partition are eliminated.
Wiko is also unpopular
Fellow countryman Baptiste also examined a device from Wiko, the very popular low-cost smartphone manufacturer in France. Similar to OnePlus, he discovered that Wiko devices can be rooted with a maintenance app overlooked by quality assurance.
Another adb root backdoor on the @WikoMobile U Feel Prime…
To obtain adb root on your Wiko U Feel Prime:
1. Plug your phone to your pc
2. Open a terminal
3. adb shell setprop persist.tinno.debug 1
4. adb shell
5. You’re root!
92Twitter Ads info and privacy64 people are talking about this
Several other Wiko devices were rooted using this scheme. In this way, protected information can be read from the memory, which can be expensive. And not only that…Elliot Alderson@fs0c131y
<Thread> Hi @WikoMobile ! Let’s talk about the Wiko Freddy phone.
This phone was released October 2016 and is now selling for 99.99€.
Because of the @WikoMobile and Tinno negligence, I’ll show you how your data can be stolen even if your phone is protected by a lock screen. 1/
118Twitter Ads info and privacy92 people are talking about this
The lock screen on Wiko smartphones is also easier to bypass due to the sloppy software implementation than with other devices. And Wiko is certainly not known for the rapid or even long-term delivery of software updates to close such security gaps.
On top of that. Wiko not only poorly protected the lock screen and root access. The manufacturer also has nothing to do with privacy. The system app System updates sends your IMEI to a US server and a number of private usage data to tinno.com, whose IP address jumps from country to country.
Authorities are required
Legislators and consumer associations must now take action. It cannot be that even at the app level, i.e. in front of our nose, such activities are possible on the over-the-counter devices. Previous control mechanisms do not seem to work; be it due to a lack of man power or due to a lack of know-how.Opinion by Eric Ferrari-HerrmannA boycott is not enough here. The legislator has to take action!Do you agree?5050536 participants
It is one thing that we voluntarily say goodbye to our billions of dollars with Facebook, WhatsApp and Google. After all, these services are free to use; Your financing model is based on our consent to return a piece of ourselves.
However, the fact that we are also shaded by those whose products we bought with hard money without being asked is a completely different dimension of cheek. And this has to stop soon.