Chinese phone manufacturer Xiaomi may be enjoying warm market embrace with the exponential growth in Mi 4 sales, but that might change following discovery of malware that has been allegedly preinstalled in the device.

Security firm Bluebox, which tested a Xiaomi Mi 4 device, also raised red flag on a myriad other security dilemmas with the phone. For example, the device is found to have been deliberately altered under the hood to allow third-party access to the system. In light of reports on government surveillance programs worldwide, most notably the United States, this is alarming.
There could be no doubt as to the identity of the phone that was tested, as security researchers first performed an identity check using the Xiaomi Mi Identification app. The malware detected during Bluebox’s test included adware that purports to be a legit Google app and Trojans.
The incident spells high risks for existing and future users of Xiaomi Mi 4, which is growing in sales across the world. They face not only the danger of losing control of their Xiaomi phone to hackers with the presence of potential Trojans, they also risk having their sensitive information such as email address, passwords and financial data stolen.
Another example of Xiaomi Mi 4’s vulnerability is found in its operating system. According to Bluebox, Xiaomi’s OS has not been certified as a forked version of Android, thus illegitimate and open to several security loopholes. Fortunately this does not affect new releases of Android and only the older versions are subject to such flaw. Specifically, Bluebox’s researchers found that the affected Xiaomi OS is a combination of KitKat 4.4.4 and an older iteration.
The sheer number of vulnerabilities found in this particular Xiaomi product makes you wonder whether it was meant for sale to customers or for testing only. The Chinese phone maker would not probably risk jeopardizing its credibility by recklessly releasing a flawed product.
In a statement, Xiaomi said the device that Bluebox ran into security check was not using the company’s standard MIUI ROM since Xiaomi’s ROM builds are not rooted nor are they pre-installed with third-party apps. The company went on to discredit Bluebox’s findings by claiming that Bluebox’s tested device could not have probably been purchased via an accredited Xiaomi retailer as the Chinese firm is not in the habit of selling phones via third-party stores, but only via its online channels and carriers.
Which backfires at Xiaomi itself. The statement gives the presumption that, indeed, it is easy to alter Xiaomi’s device in the retail chain or even as it moves up the marketing chain.



