Malware Spotted In Xiaomi Mi4 Smartphones
The Xiaomi Mi4 is arguably one of the hottest Android smartphones on the market. Featuring a 5-inch display with 1080 x 1920 pixel resolution, Qualcomm MSM8974AC Snapdragon 801 processor, 3GB RAM, 16/64GB storage, 13-megapixel primary camera and an 8-megapixel secondary camera, it’s a powerful handset with a budget-friendly price tag. However, the Xiaomi Mi4 packs something else: malware, and lots of it.
According to a recent report published by the security firm Bluebox, the Xiaomi Mi4 contains pre-installed malware, adware that mimics the function of a Google application, and numerous vulnerabilities. To make matters worse, the Android operating system used on the Mi4 isn’t certified by Google, compounding the device’s security issues.
Among the security vulnerabilities spotted in the Xioami Mi4 is an adware program called DarthPusher, which security experts say is used to deliver ads to the device. The actual adware is named “Yt Service,” and the developer changed the package name to make it appear as if it was developed by Google. Of course, DarthPusher was not developed by Google, nor does Google have any stake in the program. But it’s found on the Xiaomi Mi4 nonetheless, and users are forced to run it by default.
“One particularly nefarious app was Yt Service. Yt Service embeds an adware service called DarthPusher that delivers ads to the device among other things. This was an interesting find because, though the app was named Yt Service, the developer package was named com.google.hfapservice (note this app is NOT from Google). Yt Service is highly suspicious because it disguised its package to look as if it came from Google; something an Android user would expect to find on their device. In other words, it tricks users into believing it’s a “safe” app vetted by Google,” wrote Andrew Blaich of Bluebox.
What’s really interesting is that the Xiaomi Mi4 appears to be running a non-certified version of Android, which presumably is responsible for its massive array of security vulnerabilities. According to Blaich, it’s a combination of KitKat and an older version of Android. Bluebox says this non-certified version of Android plays the privacy and security of its users at risk, and therefore, the Xiaomi Mi4 is not ready for consumer use.
Do you think Xiaomi should do more to protect the integrity of its smartphones? Let us know in the comments section below!