Analytics (or Analytics.apk ) is an application that is factory installed on Xiaomi devices. Spend active all the time on mobile. In case of being deleted by the user, it automatically reappears after a while. It can also be called AnalyticsCore.apk or com.miui.analytics .
Thijs Broenink, a computer science student and security enthusiast, reverse-engineered the code for the Analytics app. He detected that it looks for an update on Xiaomi’s servers, every 24 hours. If found, the new package was automatically downloaded and installed in the background. This means that it was installed without the user even suspecting it.
The student assumes that another application with greater privileges on the device performs this installation in the background. However, he found no proof of this within the Analytics code.
He also found no evidence that the APK installed on the device was verified. If so, this operation could be exploited by a hacker to install any malicious or spy app.
Analytics is a back door installed by Xiaomi itself
In his investigation, Broenink found no evidence on the real purpose of the Analytics app. For the website thehackernews.com , this is nothing more than a backdoor or “backdoor” installed on the millions of Xiaomi devices. And as they affirm right there, “there is no back door to which only its creator has access.”
According to a Xiaomi company spokesperson, Analytics (or AnalyticsCore) is part of the MIUI system. It’s there for “data analysis purposes to improve the user experience.” For example, to analyze errors in the system.
This representative indicated that this package does indeed have an “auto-update” function, as it is “key to ensuring a better user experience”. He indicated that during the auto-update process the signature of the app to be installed is verified. This is done so that only the official APK Analytics is installed on the device and no other. He also said that as of MIUI 7.3 HTTPS connection is enabled. This technology prevents data interception through a “man-in-the-middle” attack.
Xiaomi preferred to remain silent regarding its ability to automatically install applications on their devices, without the user knowing.
The temporary “solution”
Although at least one user in the xda-developers.com forum states that Analytics can be removed / frozen without problems with root access (under the responsibility of each user, as it could generate a “bootloop” problem), this will surely reappear. . The temporary alternative would be to block the connection of the device with Xiaomi servers or any domain name related to the company. For this you can install a Firewall app on the device. This, however, could block system updates sent by the company.
«Msa», another application that Xiaomi pre-installs on your devices
msa is an application in charge of displaying advertising on the device, in the form of notifications that appear automatically (although it may have other purposes). Although the user can disable these notifications from the system settings, they are enabled again on their own.
Source : thehackernews.com
Related articles :
10 mysterious APPS that come pre-installed on your Samsung phone
How to easily view APK information (Windows)
5 hidden menus on the Xiaomi MI 5 that perhaps you have not yet discovered (Opens in a new browser tab)
Receive updates: SUBSCRIBE by email and join 10,000+ readers. Follow this blog on Facebook and Twitter.