Xiaomi: Are the Chinese Manufacturer’s Phones Easy to Spy On?

Xiaomi: Are the Chinese Manufacturer’s Phones Easy to Spy On?

Chinese phone manufacturer Xiaomi has been involved in many controversies over the last few years. The Lithuanian government is the latest to criticize Xiaomi and other Chinese phone manufacturers over privacy issues.

The government urged its citizens to dump Xiaomi phones. Due to the lack of privacy the phones offered. The National Cyber Security Centre of the Lithuanian Defense Ministry evaluated smartphones from several manufacturers and discovered that the Xiaomi Mi 10T 5G has built-in censoring capabilities.

The technology looked up to 449 phrases, including “Free Tibet,” “Long live Taiwan independence,” and “democracy movement,” and restricted them from Xiaomi’s phone system apps, including the browser.

According to the National Cyber Centre’s study, the Xiaomi phone transferred encrypted phone usage data to a server in Singapore. A security weakness was discovered in Huawei’s (HWT.UL) P40 5G phone, while none was discovered in the phone of another Chinese manufacturer, OnePlus.

The functionality in Xiaomi’s Mi 10T 5G phone software had been disabled for the “European Union region,” but could be enabled remotely at any moment, according to the assessment from the Defense Ministry’s National Cyber Security Centre.

Is Xiaomi innocent or guilty?

Xiaomi has risen to become the world’s second-largest smartphone manufacturer, surpassing Apple in the process, thanks to a broader market rebound and Huawei’s troubles. The allegations might jeopardize efforts to get a greater piece of the European market.

Xiaomi, however, maintains its innocence. Xiaomi claims it has never restricted or blocked any personal behaviors of its smartphone users. It claimed that users have complete transparency over features such as searching, calling, accessing the web, or using third-party communication applications. The company also retired that it will maintain the same privacy in the future.

Xiaomi has a notorious track record regarding user privacy and its handling. Xiaomi gathered personal information from millions of users and stored it on servers in China and Russia last year.

Gabi Cirlig, a security specialist, realized that his Redmi Note 8 had tracked his online activities. The data got sent to faraway servers in Russia and Singapore, but the names they housed were registered in Beijing. They are the property of Alibaba. Xiaomi had leased the Alibaba servers.

Cirlig also felt that Xiaomi every time he accessed an app, a part of the data got transferred to a distant server. Another researcher who has examined Xiaomi devices, while being bound by an NDA to remain anonymous, said they had observed the phone capture similar information.

According to the Forbes investigation, popular Chinese web browsers like the Mi Browser Pro, Mint Browser, and the one provided by default all collected data. Even Google and DuckDuckGo browsers tracked users’ online behavior, even if they browsed in incognito mode.

Xiaomi didn’t just monitor users’ online activity. The phone company also collected the phone’s information, such as unique numbers used to identify the device and its Android version. People might think the company has developed a separate app to spy on Xiaomi devices. They are wrong. All of this occurs via the phone’s internal operating system.

But Xiaomi isn’t the only culprit. Most Android phones and even iPhones can be monitored easily.

Many governments can hack smartphones

Smartphones are much more unsecured than computers. Their popularity and ease of use attract nefarious actors wanting to exploit their vulnerabilities. Even powerful governments across the globe have dived into the dark side of phone monitoring.

News stations all over the world covered Pegasus, an Israeli spyware tool. Hackers would contact users over WhatsApp and install Pegasus on their phones. Even if the phone owner did not answer the anonymous phone call, hackers had access to their data.

While WhatsApp has released a Pegasus patch, there is no guarantee that history will not repeat itself. Pegasus chose WhatsApp because the odds of a person of interest using the app are significantly high. NSO Group, the developers behind Pegasus, designed Pegasus specifically to be sold to governments around the world.

It focused on governments of countries having lax human rights and wanting to monitor their citizens. Phishing attempts and cybercrime may affect iPhones, too, just like any other operating system. Pegasus zero-click iMessage hack is a recent example. Pegasus got installed on iPhones running iOS 14.6, thanks to the vulnerability.

Pegasus actively tracked 50,000 persons of interest who owned either an Android or an iPhone device.

Private Monitoring Tools and Xiaomi’s defense 

Pegasus is just one example of a private company making monitoring tools for consumers. Even if those consumers happen to be some of the most powerful entities in the world. Private software firms are diving into the coveted world of remote monitoring.

Phone manufacturers now pack their smartphones with their security suites to curb the spread of malware attacks. Samsung released its Knox security framework in March 2021. It is an enterprise-level security solution built within the Android phone’s hardware. 

Knox isolates the operating system to separate compromised data from the rest of the environment. It checks the data’s integrity and ensures it is secure. Xiaomi made a similar attempt to Samsung, but it failed. Xiaomi’s preinstalled security suite known as Guard Provider was found to be vulnerable to malware attacks. 

Guard Provider offered users three different antivirus brands to choose from Avast, AVL and Tencent built within the app. Users could choose any one of these antivirus engines as the primary protection for their phones.

From a security point of view, the app had poor construction. A security flaw in one antivirus could compromise the security of others. Also, the private storage data of one antivirus can be shared and viewed by another.

A threat actor could launch a Man-in-the-Middle (MiTM) attack, using the same Wi-Fi network as the victim. He could then deactivate malware protections and could launch an attack like data theft, keylogging, or ransomware. He would access the SDK and then install any rogue code he wanted as part of a third-party SDK file. 

These attacks were made possible due to the unprotected route of the network traffic to and from the Guard Provider. So Xiaomi phones are much vulnerable than other Android phones, especially Samsung’s. 

But Samsung Knox’s tight-knit security protocols can be overrun by private remote monitoring tools. And XNSPY is one such example. It is not only an app to spy on Xiaomi devices but can remotely monitor Samsung Galaxy phones, too. 

The app can work despite Knox’s sandbox-style isolation protection, whether it be a worried parent who wants to remotely monitor their child’s online activity or a jealous spouse looking for signs of cheating.

And if it can overcome Samsung’s complex web of security protocols, Xiaomi will be a walk in the park. 

Consumers are looking for a quick and easy solution, and these companies know how to provide them. Parents worried about their kids’ online habits, employers worried about how employees use company resources and intellectual property, and spouses suspicious of their partner cheating. They are just some of the types of customers of remote monitoring tools.

XNSPY is one such app to spy on Xiaomi devices and other Android and iPhone devices. The app is surprisingly easy to install and works in stealth mode, making it harder for the device owner to detect it.

This feature is quite sought after in remote monitoring apps since discretion is required. The app is available for anyone to use who buys a subscription. Most remote monitoring tools are used for personal use or by other private organizations that want to secure their intellectual property and data.

These apps are created on a much smaller scale compared to Pegasus. These apps are not meant for grand scale espionage either. The intention behind these apps is much simpler and meaningful.

XNSPY offers a quick and easy solution for genuine issues discussed earlier.

Are private monitoring apps hard to install?

In the case of XNSPY, the app has a quick installation procedure.

  • First, buy an XNSPY subscription.
  • Customers will be emailed their credentials and a link to download the XNSPY app.
  • XNSPY’s online web portal will be the control center of the entire operation. Users can observe the monitored smartphone’s calls and texts within the Dashboard.
  • After downloading the file, users can click the link to install it.

If a user wants to use XNSPY to monitor their kid’s social media activities, they can log in to their Dashboard and click on the Screen Record option. Users can view snapshots of the monitored screen display over several iterations.

This feature allows users to monitor a phone screen remotely. Thus, gathering all the needed information regarding their kid’s safety in real-time.

The future of spy apps

Spy apps are here to stay and it is very little anyone can do about it. Individuals can take personal responsibility, and try not to fall in the loop of obliviousness. If they are on the internet or using any app on their phone, there is a high chance their privacy is at risk. It is just a price to pay to live in this interconnected world.

There are several necessary uses of remote monitoring apps. It makes them a necessity rather than a burden. The quicker people adapt to this fact the better.