Some Chinese handset makers have come under fire over the past years for sending user data to Chinese servers, but that story stopped a while ago, as the security hole was plugged. Now there’s a new problem, as the Xiaomi Mi4 handset has been found to somehow include malware on board.
The Xiaomi Mi4 is a top selling device in China and apparently it comes with built in malware and a vulnerable version of Android on board. Bluebox, a San Francisco security company scored a Mi4 LTE from China and did extensive tests on it. It appears that the device had at least 6 dubious apps. 3 of them were actually pretty dangerous.
The first name mentioned was Yt Service, that includes a piece of adware, known as DarthPusher. This will fill the device with intrusive ads, all over the software. The problem is that Yt Service tricks the handset into believing it comes straight from Google. Then there’s PhoneGuardService, that’s a trojan and then there’s AppStats, which is “riskware”.
The vulnerabilities may come with the MIUI build of Android, that has not been certified by Google. Xiaomi has not yet responded to the problem, but we’re sure Hugo Barra will take a stand soon.