While Xiaomi's security application is designed to keep your devices and data secure, researchers at security company Check Point have found they are doing just the opposite.
An application called Guard Provider uses antivirus scanners that make Avast, AVl and Tencent hack to detect potential malware. And considering that Android malware regularly finds new ways to end up on phones, Xiaomi installs its application on all phones that produce it.
However, the researchers discovered a serious flaw within it – the mechanism for the appendix.
Judging by none, the Guard Provider receives applications over an unprotected HTTP connection. This means that hackers can abuse the Avast Update APK and insert malware, as long as they are on the victim's own Wi-Fi network.
In addition to malware, security experts say this path can be a ransomware and tracking applications.
Attackers may even discover the name of the application to make the software seem more incomprehensible.
As each Xiaomi phone comes with a Guard Provider application, millions of devices are affected by this security problem.
However, Xiaomi said he was aware of the problem and was working on his solution.