Xiaomi: Difference between revisions

(7 intermediate revisions by 5 users not shown)

Line 26:

For devices with a broken bootloader, recovery typically involves re-flashing firmware through {{Wplink|Qualcomm EDL mode|Emergency Download (EDL) mode}} (for Qualcomm-based devices) or Download Mode (for MediaTek-based devices). While [[Qualcomm]] and [[MediaTek]] provide software for these modes, they are only distributed internally to repair centers. However, open-source alternatives exist that can perform similar functions.

Despite this, Xiaomi implemented additional restrictions in 2020 by requiring online authentication, which is exclusively provided to authorized repair centers. This prevents users from restoring their own devices in cases of severe software failure.<ref>{{Cite web |last=Siddiqui |first=Aamir |title=Xiaomi needs a better way to unbrick its devices instead of Authorized Mi Accounts |url=https://www.xda-developers.com/xiaomi-edl-unbrick-authorized-mi-accounts/ |website=XDA |date=29 Feb 2020 |access-date=12 Feb 2026 |url-status=live |archive-url=https://web.archive.org/web/20200229132629/https://www.xda-developers.com/xiaomi-edl-unbrick-authorized-mi-accounts/ |archive-date=29 Feb 2020}}</ref>

Despite this, Xiaomi implemented additional restrictions in 2020 by [[Forced account|requiring online authentication]], which is exclusively provided to authorized repair centers. This prevents users from restoring their own devices in cases of severe software failure.<ref>{{Cite web |last=Siddiqui |first=Aamir |title=Xiaomi needs a better way to unbrick its devices instead of Authorized Mi Accounts |url=https://www.xda-developers.com/xiaomi-edl-unbrick-authorized-mi-accounts/ |website=XDA |date=29 Feb 2020 |access-date=12 Feb 2026 |url-status=live |archive-url=https://web.archive.org/web/20200229132629/https://www.xda-developers.com/xiaomi-edl-unbrick-authorized-mi-accounts/ |archive-date=29 Feb 2020}}</ref>

===Electric vehicle conditional serialization===

Line 35:

===Advertisements in system apps===

[[File:Mi Video ~~Scareware~~.jpg|thumb|268x268px|A "scareware" advert is shown in Mi Video when media playback is paused.]]

[[File:Xiaomi device Mi Video scareware ad.jpg|thumb|268x268px|A "scareware" advert is shown in Mi Video when media playback is paused.]]

Xiaomi devices come with several pre-installed first-party apps that contain advertisements, including full-screen deceptive {{Wplink|scareware}} ads urging users to install malware. Workarounds exist to disable ads in some apps, including Mi File Explorer, Mi Browser, MIUI Downloads, MIUI Security, Mi Music, Mi Video and MIUI Themes.<ref>{{Cite web |author=jihad.ptk1

|title=Turn off ads on Xiaomi smartphones & MIUI using simple settings |url=https://c.mi.com/bd/post/10086 |website=Xiaomi |date=1 Mar 2021 |access-date=12 Feb 2026 |url-status=live |archive-url=http://web.archive.org/web/20250708193043/https://c.mi.com/bd/post/10086 |archive-date=8 Jul 2025}}</ref> In many of their phones such as the cheaper Poco phones, a system app that can't be searched through normal means called "MSA" should also be revoked or uninstalled via ADB as it introduces ads most of the time a user opens up the phone.<ref>{{Cite web |author=maricthehedgehog |title=Revoking "msa" is the best decision in my phone |url=https://old.reddit.com/r/miui/comments/15jadut/revoking_msa_is_the_best_decision_in_my_phone/ |website=[[Reddit]] |date=5 Aug 2023 |access-date=12 Feb 2026 |url-status=live |archive-url=http://web.archive.org/web/20250212160509/https://old.reddit.com/r/miui/comments/15jadut/revoking_msa_is_the_best_decision_in_my_phone/ |archive-date=12 Feb 2025}}</ref>

|title=Turn off ads on Xiaomi smartphones & MIUI using simple settings |url=https://c.mi.com/bd/post/10086 |website=Xiaomi |date=1 Mar 2021 |access-date=12 Feb 2026 |url-status=live |archive-url=http://web.archive.org/web/20250708193043/https://c.mi.com/bd/post/10086 |archive-date=8 Jul 2025}}</ref> In many of their phones such as the cheaper Poco phones, a system app that can't be searched through normal means called "MSA" should also be revoked or uninstalled via [[wikipedia:Android_Debug_Bridge|ADB]] as it introduces ads most of the time a user opens up the phone.<ref>{{Cite web |author=maricthehedgehog |title=Revoking "msa" is the best decision in my phone |url=https://old.reddit.com/r/miui/comments/15jadut/revoking_msa_is_the_best_decision_in_my_phone/ |website=[[Reddit]] |date=5 Aug 2023 |access-date=12 Feb 2026 |url-status=live |archive-url=http://web.archive.org/web/20250212160509/https://old.reddit.com/r/miui/comments/15jadut/revoking_msa_is_the_best_decision_in_my_phone/ |archive-date=12 Feb 2025}}</ref>

Most of the aforementioned apps can be substituted for {{Wplink|Free and open-source software|FOSS}} alternatives, but they cannot be uninstalled without advanced methods such as ADB.

Line 46:

Most of the data is sent to servers in Singapore which belong to Chinese tech giant [[Alibaba]] Cloud. Users can verify themselves which connections are made by using the connection log feature in an app such as No Root Firewall, [https://github.com/M66B/NetGuard NetGuard] or [https://f-droid.org/packages/net.kollnig.missioncontrol.fdroid/ Tracker Control]. This shows the phones sometimes suddenly becoming very "chatty", even in the middle of the night.

The only way to mitigate this is to [[~~Bootloader unlocking~~|~~use a~~ custom ROM]] such as [https://www.e.foundation /e/] or [~~https~~:~~//www.lineageos.org~~ LineageOS]. Users who do not have the technical skill to do this should use an app like [https://f-droid.org/packages/net.kollnig.missioncontrol.fdroid/ Tracker Control] from the F-Droid store to limit connections and use an alternate browser such as [[Firefox]] (Google Play Store) or [https://f-droid.org/de/packages/org.mozilla.fennec_fdroid/ Fennec] (F-Droid store). Built-in applications should be avoided as much as possible.

The only way to mitigate this is to use a [[wikipedia:List_of_custom_Android_distributions|custom "ROM"]] such as [https://www.e.foundation /e/] or [[wikipedia:LineageOS|LineageOS]]. Users who do not have the technical skill to do this should use an app like [https://f-droid.org/packages/net.kollnig.missioncontrol.fdroid/ Tracker Control] from the F-Droid store to limit connections and use an alternate browser such as [[Firefox]] (Google Play Store) or [https://f-droid.org/de/packages/org.mozilla.fennec_fdroid/ Fennec] (F-Droid store). Built-in applications should be avoided as much as possible.

===Links to the Chinese government===

Line 56:

===Pre-installed bloat on smartphones===

Xiaomi smartphones out-of-the-box run on their custom version of Android known as HyperOS (formerly MIUI), which comes bundled with a plethora of [[Bloatware|pre-installed]] first- and third-party apps. The pre-installed third-party apps can be easily uninstalled with a few clicks whereas the same is not applicable for the pre-installed first-party apps. The option to uninstall them is either grayed out or just outright missing, requiring advanced methods such as ADB to uninstall.<ref>{{Cite web |last=Shukla |first=Rakesh |title=Xiaomi Bloatware List (2025) – Debloat HyperOS (Guide) |url=https://technastic.com/xiaomi-bloatware-list-miui/ |website=Technastic |date=6 Jun 2025 |access-date=12 Feb 2026 |url-status=live |archive-url=http://web.archive.org/web/20260113083620/https://technastic.com/xiaomi-bloatware-list-miui/ |archive-date=13 Jan 2026}}</ref>

===Distribution of fake news through notifications===

In March 2026, German consumer organization Stiftung Warentest reported that Xiaomi phones had distributed system notifications posing as news from [[wikipedia:Tagesschau_(German_TV_programme)|Tagesschau]], Germany's highly regarded public broadcast news programme, which also has a popular app which has the ability to send notifications for breaking news.

The notifications in question was emitted by Xiaomi's system Browser app and led users to a replica of the original Tagesschau website, which contained an investment scam.

Stiftung Warentest cites Xiaomi representatives stating the incident was being taken seriously and investigated internally. They also state that Xiaomi is "working with a series of global content providers, which my vary by region or country, to deliver push messages to users".<ref>{{Cite web |date=2026-02-27 |title=Fake News auf Xiaomi-Handys [Fake news on Xiaomi phones] |url=https://www.test.de/Smartphones-Fake-News-auf-Xiaomi-Handys-6284169-0/ |archive-url=https://archive.ph/8Wf82 |archive-date=2026-03-03 |access-date=2026-03-06 |website=Stiftung Warentest}}</ref>

The incident raises concerns about Chinese state actors having the ability to distribute fake news or propaganda in other countries via phone notifications. However, there is currently no evidence of this actually being exploited in practice.

Users can only reasonably protect themselves by moving to an open source operating system (custom ROM), provided that their device allows for [[bootloader unlocking]] and is supported by the respective operating system.

===Xiaomi Home===

Line 64:

Line 75:

Xiaomi has a series of smart watches and fitness bands. While watches are expected to be used alongside a phone, requiring {{Wplink|Bluetooth}} synchronization therefore activation, fitness bands such as the Mi Band series or Redmi Band series could be expected not being used with a phone for sports functions such as heart rate monitoring, steps counting and more. But they need pairing to be first turned on. Pairing requires installing the Mi Fitness app, agreeing to its terms and services and creating an account in order to use the device.

==='''Xiaomi Air Purifier'''===

Xiaomi forces you to buy their proprietary air filter, otherwise the air purifier doesn't work. Wasn't always like that, it came with an update and today you cannot use your air purifier without Xiaomi's original parts. A solution has been proposed [https://www.hackster.io/news/unethical-info-fights-back-against-forced-filter-replacement-with-a-xiaomi-air-purifier-drm-guide-c484be7db7a7 here].

==Products==

@@ Line 26: / Line 26: @@
 For devices with a broken bootloader, recovery typically involves re-flashing firmware through {{Wplink|Qualcomm EDL mode|Emergency Download (EDL) mode}} (for Qualcomm-based devices) or Download Mode (for MediaTek-based devices). While [[Qualcomm]] and [[MediaTek]] provide software for these modes, they are only distributed internally to repair centers. However, open-source alternatives exist that can perform similar functions.
-Despite this, Xiaomi implemented additional restrictions in 2020 by requiring online authentication, which is exclusively provided to authorized repair centers. This prevents users from restoring their own devices in cases of severe software failure.<ref>{{Cite web |last=Siddiqui |first=Aamir |title=Xiaomi needs a better way to unbrick its devices instead of Authorized Mi Accounts |url=https://www.xda-developers.com/xiaomi-edl-unbrick-authorized-mi-accounts/ |website=XDA |date=29 Feb 2020 |access-date=12 Feb 2026 |url-status=live |archive-url=https://web.archive.org/web/20200229132629/https://www.xda-developers.com/xiaomi-edl-unbrick-authorized-mi-accounts/ |archive-date=29 Feb 2020}}</ref>
+Despite this, Xiaomi implemented additional restrictions in 2020 by [[Forced account|requiring online authentication]], which is exclusively provided to authorized repair centers. This prevents users from restoring their own devices in cases of severe software failure.<ref>{{Cite web |last=Siddiqui |first=Aamir |title=Xiaomi needs a better way to unbrick its devices instead of Authorized Mi Accounts |url=https://www.xda-developers.com/xiaomi-edl-unbrick-authorized-mi-accounts/ |website=XDA |date=29 Feb 2020 |access-date=12 Feb 2026 |url-status=live |archive-url=https://web.archive.org/web/20200229132629/https://www.xda-developers.com/xiaomi-edl-unbrick-authorized-mi-accounts/ |archive-date=29 Feb 2020}}</ref>
 ===Electric vehicle conditional serialization===
@@ Line 35: / Line 35: @@
 ===Advertisements in system apps===
-[[File:Mi Video Scareware.jpg|thumb|268x268px|A "scareware" advert is shown in Mi Video when media playback is paused.]]
+[[File:Xiaomi device Mi Video scareware ad.jpg|thumb|268x268px|A "scareware" advert is shown in Mi Video when media playback is paused.]]
 Xiaomi devices come with several pre-installed first-party apps that contain advertisements, including full-screen deceptive {{Wplink|scareware}} ads urging users to install malware. Workarounds exist to disable ads in some apps, including Mi File Explorer, Mi Browser, MIUI Downloads, MIUI Security, Mi Music, Mi Video and MIUI Themes.<ref>{{Cite web |author=jihad.ptk1
-|title=Turn off ads on Xiaomi smartphones & MIUI using simple settings |url=https://c.mi.com/bd/post/10086 |website=Xiaomi |date=1 Mar 2021 |access-date=12 Feb 2026 |url-status=live |archive-url=http://web.archive.org/web/20250708193043/https://c.mi.com/bd/post/10086 |archive-date=8 Jul 2025}}</ref> In many of their phones such as the cheaper Poco phones, a system app that can't be searched through normal means called "MSA" should also be revoked or uninstalled via ADB as it introduces ads most of the time a user opens up the phone.<ref>{{Cite web |author=maricthehedgehog |title=Revoking "msa" is the best decision in my phone |url=https://old.reddit.com/r/miui/comments/15jadut/revoking_msa_is_the_best_decision_in_my_phone/ |website=[[Reddit]] |date=5 Aug 2023 |access-date=12 Feb 2026 |url-status=live |archive-url=http://web.archive.org/web/20250212160509/https://old.reddit.com/r/miui/comments/15jadut/revoking_msa_is_the_best_decision_in_my_phone/ |archive-date=12 Feb 2025}}</ref>
+|title=Turn off ads on Xiaomi smartphones & MIUI using simple settings |url=https://c.mi.com/bd/post/10086 |website=Xiaomi |date=1 Mar 2021 |access-date=12 Feb 2026 |url-status=live |archive-url=http://web.archive.org/web/20250708193043/https://c.mi.com/bd/post/10086 |archive-date=8 Jul 2025}}</ref> In many of their phones such as the cheaper Poco phones, a system app that can't be searched through normal means called "MSA" should also be revoked or uninstalled via [[wikipedia:Android_Debug_Bridge|ADB]] as it introduces ads most of the time a user opens up the phone.<ref>{{Cite web |author=maricthehedgehog |title=Revoking "msa" is the best decision in my phone |url=https://old.reddit.com/r/miui/comments/15jadut/revoking_msa_is_the_best_decision_in_my_phone/ |website=[[Reddit]] |date=5 Aug 2023 |access-date=12 Feb 2026 |url-status=live |archive-url=http://web.archive.org/web/20250212160509/https://old.reddit.com/r/miui/comments/15jadut/revoking_msa_is_the_best_decision_in_my_phone/ |archive-date=12 Feb 2025}}</ref>
 Most of the aforementioned apps can be substituted for {{Wplink|Free and open-source software|FOSS}} alternatives, but they cannot be uninstalled without advanced methods such as ADB.
@@ Line 46: / Line 46: @@
 Most of the data is sent to servers in Singapore which belong to Chinese tech giant [[Alibaba]] Cloud. Users can verify themselves which connections are made by using the connection log feature in an app such as No Root Firewall, [https://github.com/M66B/NetGuard NetGuard] or [https://f-droid.org/packages/net.kollnig.missioncontrol.fdroid/ Tracker Control]. This shows the phones sometimes suddenly becoming very "chatty", even in the middle of the night.
-The only way to mitigate this is to [[Bootloader unlocking|use a custom ROM]] such as [https://www.e.foundation /e/] or [https://www.lineageos.org LineageOS]. Users who do not have the technical skill to do this should use an app like [https://f-droid.org/packages/net.kollnig.missioncontrol.fdroid/ Tracker Control] from the F-Droid store to limit connections and use an alternate browser such as [[Firefox]] (Google Play Store) or [https://f-droid.org/de/packages/org.mozilla.fennec_fdroid/ Fennec] (F-Droid store). Built-in applications should be avoided as much as possible.
+The only way to mitigate this is to use a [[wikipedia:List_of_custom_Android_distributions|custom "ROM"]] such as [https://www.e.foundation /e/] or [[wikipedia:LineageOS|LineageOS]]. Users who do not have the technical skill to do this should use an app like [https://f-droid.org/packages/net.kollnig.missioncontrol.fdroid/ Tracker Control] from the F-Droid store to limit connections and use an alternate browser such as [[Firefox]] (Google Play Store) or [https://f-droid.org/de/packages/org.mozilla.fennec_fdroid/ Fennec] (F-Droid store). Built-in applications should be avoided as much as possible.
 ===Links to the Chinese government===
@@ Line 56: / Line 56: @@
 ===Pre-installed bloat on smartphones===
 Xiaomi smartphones out-of-the-box run on their custom version of Android known as HyperOS (formerly MIUI), which comes bundled with a plethora of [[Bloatware|pre-installed]] first- and third-party apps. The pre-installed third-party apps can be easily uninstalled with a few clicks whereas the same is not applicable for the pre-installed first-party apps. The option to uninstall them is either grayed out or just outright missing, requiring advanced methods such as ADB to uninstall.<ref>{{Cite web |last=Shukla |first=Rakesh |title=Xiaomi Bloatware List (2025) – Debloat HyperOS (Guide) |url=https://technastic.com/xiaomi-bloatware-list-miui/ |website=Technastic |date=6 Jun 2025 |access-date=12 Feb 2026 |url-status=live |archive-url=http://web.archive.org/web/20260113083620/https://technastic.com/xiaomi-bloatware-list-miui/ |archive-date=13 Jan 2026}}</ref>
+===Distribution of fake news through notifications===
+In March 2026, German consumer organization Stiftung Warentest reported that Xiaomi phones had distributed system notifications posing as news from [[wikipedia:Tagesschau_(German_TV_programme)|Tagesschau]], Germany's highly regarded public broadcast news programme, which also has a popular app which has the ability to send notifications for breaking news.
+The notifications in question was emitted by Xiaomi's system Browser app and led users to a replica of the original Tagesschau website, which contained an investment scam.
+Stiftung Warentest cites Xiaomi representatives stating the incident was being taken seriously and investigated internally. They also state that Xiaomi is "working with a series of global content providers, which my vary by region or country, to deliver push messages to users".<ref>{{Cite web |date=2026-02-27 |title=Fake News auf Xiaomi-Handys [Fake news on Xiaomi phones] |url=https://www.test.de/Smartphones-Fake-News-auf-Xiaomi-Handys-6284169-0/ |archive-url=https://archive.ph/8Wf82 |archive-date=2026-03-03 |access-date=2026-03-06 |website=Stiftung Warentest}}</ref>
+The incident raises concerns about Chinese state actors having the ability to distribute fake news or propaganda in other countries via phone notifications. However, there is currently no evidence of this actually being exploited in practice.
+Users can only reasonably protect themselves by moving to an open source operating system (custom ROM), provided that their device allows for [[bootloader unlocking]] and is supported by the respective operating system.
 ===Xiaomi Home===
@@ Line 64: / Line 75: @@
 <!-- This needs a re-write, especially the second sentence which I could not make sense of. -Sojourna -->
 Xiaomi has a series of smart watches and fitness bands. While watches are expected to be used alongside a phone, requiring {{Wplink|Bluetooth}} synchronization therefore activation, fitness bands such as the Mi Band series or Redmi Band series could be expected not being used with a phone for sports functions such as heart rate monitoring, steps counting and more. But they need pairing to be first turned on. Pairing requires installing the Mi Fitness app, agreeing to its terms and services and creating an account in order to use the device.
+==='''Xiaomi Air Purifier'''===
+Xiaomi forces you to buy their proprietary air filter, otherwise the air purifier doesn't work. Wasn't always like that, it came with an update and today you cannot use your air purifier without Xiaomi's original parts. A solution has been proposed [https://www.hackster.io/news/unethical-info-fights-back-against-forced-filter-replacement-with-a-xiaomi-air-purifier-drm-guide-c484be7db7a7 here].
 ==Products==