Xiaomi trackers and backdoors (Update)

In my last post, I had described how I had found a constant tcp connection in the background that I suspected of being a backdoor or tracking app. Further to this, I investigated this matter more by rooting my tablet and running the netstat command in super-user mode to check what processes (apps) were actually listening on these connections.

Of course, I should mention credits to this xda-developers post that thoroughly explains how to remove some pre-installed bloatware from the MIUI such as Analytics-core app that constantly leeches your network and others like Live wallpaper themes that I’m not personally interested in.

Anyways, after removing all this bloat, the tcp connections in background didn’t go entirely, but were reduced to a substantial degree:

miui-tracker

As you can see, the established connections were from three apps specifically. Two of them were from Google which unfortunately we can’t do anything about. Since a lot of software and services are depending on Google (including the Android OS itself), Google surveillance is something that we have to accept as part of our life.

The third process, however, is not of Google. It belongs to com.xiaomi.xmsf or in other words, the Xiaomi Service Framework.  This is one of the core system apps in the MIUI, so you can’t just disable it in a firewall – if you do that, none of the other apps will be able to access internet. In other words, this Xiaomi service is pretty much like the Windows 10 telemetry, you can’t do anything about it.

In any case, I am glad that at least I’ve reduced some bloatware on my tablet and also reduced the network overhead to some degree.

If you want, you can try this yourself and let me know in the comments below.

Advertisements

9 thoughts on “Xiaomi trackers and backdoors (Update)

    1. > speek for yourself. It’s not part of my life

      Indeed, but what can you do about it? In the digital age, I cannot live without smart-phones, that’s one constraint. Android OS itself is made by Google. If you switch to iPhone, then you are in the hands of Apple, If you switch to Nokia, you are in the hands of Microsoft and so on. In fact, it wouldn’t be incorrect to say that surveillance is a part of digital life itself.

      Like

  1. I confirm that disabling Xiaomi Service Framework (com.xiaomi.xmsf) does not seem to cause any problems, and the phone keeps working normally.

    When enabled, com.xiaomi.smsf regularly phones home to:

    resolver.msg.xiaomi.net:80
    sdkconfig.ad.intl.xiaomi.com:443
    api.ad.xiaomi.com:80
    update.miui.com:443
    data.mistat.xiaomi.com:80
    file.market.xiaomi.com:80
    ccc.sys.miui.com:443
    abtest.mistat.xiaomi.com:80

    Disabling it made all those connections disappear while the phone keeps working without problems (I am not using any of the xiaomi cloud apps).

    If you have root you can disable via titaniumbackup or run the following in an adb shell:

    pm disable com.xiaomi.xmsf

    The full list of packages that can be disabled:

    pm list packages -d
    package:com.xiaomi.xmsf
    package:com.google.android.googlequicksearchbox
    package:com.securespaces.android.sscm.service
    package:com.android.documentsui
    package:com.xiaomi.payment
    package:com.miui.backup
    package:com.google.android.setupwizard
    package:com.miui.personalassistant
    package:com.miui.bugreport
    package:com.android.fileexplorer
    package:com.miui.home.launcher.assistant
    package:com.miui.cloudbackup
    package:com.android.cellbroadcastreceiver
    package:com.google.android.webview
    package:com.miui.klo.bugreport
    package:com.dsi.ant.server
    package:com.miui.enbbs
    package:com.miui.mipub
    package:com.xiaomi.midrop
    package:com.miui.cloudservice
    package:com.android.dreams.phototable
    package:com.securespaces.android.ssm.service
    package:com.miui.miwallpaper
    package:com.miui.analytics
    package:com.android.email
    package:com.securespaces.android.agent
    package:com.securespaces.android.settings

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s