You have an Android smartphone made by Xiaomi?

Online now: ukimalefu
Post Reply
"Xiaomi Can Silently Install Any App On Your Android Phone Using A Backdoor".

Xiaomi--based in China--is one of the largest smartphone makers in the world. Their Android smartphones come pre-installed with AnalyticsCore.apk which will get re-installed after any attempts to uninstall it. From behavior it appears to be Xiaomi's own silent updater (meaning that the user will receive no notification that new software is being installed) but it can be exploited by man-in-the-middle attacks to get it to install malware.

No one from Xiaomi has responded to any requests for ANY information about AnalyticsCore.apk.
Pithecanthropus Roast Master
User avatar
I think of things like this every time I hear someone say that the Android is "superior" to the iPhone.
juice Inadvertently correct
User avatar
Pithecanthropus posted:
I think of things like this every time I hear someone say that the Android is "superior" to the iPhone.

I've heard that from people here. Maybe the "walled garden" isn't so bad after all... ;)

Although I think the lesson here is don't buy no-name electronics, especially electronics that carry so much of your personal information.
dv
User avatar
juice posted:
Pithecanthropus posted:
I think of things like this every time I hear someone say that the Android is "superior" to the iPhone.

I've heard that from people here. Maybe the "walled garden" isn't so bad after all... ;)

Although I think the lesson here is don't buy no-name electronics, especially electronics that carry so much of your personal information.

It's not a no-name brand to people outside North America. It's just business as usual in certain countries we shouldn't be stick fiddling emulating so much.
maurvir Perfectly balanced - mostly
User avatar
dv posted:
juice posted:
Pithecanthropus posted:
I think of things like this every time I hear someone say that the Android is "superior" to the iPhone.

I've heard that from people here. Maybe the "walled garden" isn't so bad after all... ;)

Although I think the lesson here is don't buy no-name electronics, especially electronics that carry so much of your personal information.

It's not a no-name brand to people outside North America. It's just business as usual in certain countries we shouldn't be stick fiddling emulating so much.


This.

Android is just an operating system. The problem here is buying from a sketchy Chinese company that is very likely in bed with their government. IOW, this isn't all that different from the NSAKey scandal Microsoft had back in the 90's.
Xiaomi is a major Chinese brand, and if Xiaomi is sketchy, then all Chinese brands are. If there were any you could trust, it would be Xiaomi, Huawei, and Lenovo.

Xiaomi is also aggressively pushing to expand their product lines and market share, including recent laptop and other hardware releases that tend to be very aggressively priced.

The Taiwanese government has already issued warnings that government officials and other people with important government information or trade secrets should avoid devices made by Chinese manufacturers over data security concerns.
maurvir Perfectly balanced - mostly
User avatar
MacAddict4Life posted:
Xiaomi is a major Chinese brand, and if Xiaomi is sketchy, then all Chinese brands are. If there were any you could trust, it would be Xiaomi, Huawei, and Lenovo.

Xiaomi is also aggressively pushing to expand their product lines and market share, including recent laptop and other hardware releases that tend to be very aggressively priced.

The Taiwanese government has already issued warnings that government officials and other people with important government information or trade secrets should avoid devices made by Chinese manufacturers over data security concerns.


China isn't like the US or Europe, or countries which are more culturally similar to the west. You, of course, likely realize this better than any of the rest of us, but China doesn't have the sharp divisions between public, civil government, and military we are used to. That isn't to say they are a lawless nation, but it is important to keep in mind that Chinese corporations are often seamlessly integrated into military and government programs and agendas. It isn't even necessarily forced, either. Nationalist pride often encourages Chinese companies to voluntarily comply with Chinese government demands. (This isn't necessarily bad, but there aren't the checks and balances we theoretically have in the west)

Thus, I am a bit leery of anything built in China that wasn't done on an OEM basis. I'm not sure I would even trust an ODM design unless it was something trivial. Thus, Apple's use of Foxconn doesn't really scare me too bad, but Lenovo, Xiaomi, and Huawei are a little suspect.
Foxconn is a Taiwanese company, not a Chinese company, and actually has factories all over the world (including one in the United States).

I'm not sure my presence in Taiwan would give the kind of insight into China you are alluding to. Most knowledge of Chinese culture, society, and politics for me comes from my background in political science (I did some coursework focused on China specifically), people from China I have known (far more of whom I met in the US than in Taiwan), and the little bit of useful insight that is gleaned from local newspapers here. Oh, and from talking to a large number of people in China via Skype for job interviews, before I decided that I would not be going for certain.

The bias (and often times prejudice) against mainland Chinese common in Taiwan would probably have led to a distorted view if I had not already known so many Chinese from mainland China when I lived in the US.

That said, I think you are greatly oversimplifying a massive and complex culture. And I definitely think there are more seams, and in general more complexity, than you seem to think there are. One look at the relationship between the Chinese central government and Hong Kong (or Taiwan) would make that clear. For that matter, a huge number of Taiwanese travel to China to work for Taiwanese companies that operate there.

I also don't see any actual evidence that the company has done anything at the government's request. It's certainly possible, but it is also possible that Xiaomi just wanted the degree of control of user experience that they believed they could get from this backdoor. A company simply failing to worry about an individuals right to make that kind of decision wouldn't surprise me at all.

That is plausible because of what is, to me, one of the larger cultural differences. In Taiwan (and other nearby asian countries) uniforms are far more common than in the US, on workers as well as students. For example, all the banks I've been in require uniforms. Further, companies require demonstration models and spokesmodels to wear a sticker with the company name. I don't mean wear a t-shirt with the company name on it; I mean there will be a model at a booth meant to demonstrate a product, and she will be wearing a fancy dress and fancy shoes and then on her arm or just below her collarbone there will be the company or product name. If the clear tape (or whatever it is) they use weren't shiny, it would look like a tattoo. When I expressed surprise over this, local friends just didn't see why that would be a big deal at all. And based on all I know, this attitude is likely just as prevalent in China.

Further, there is (at least here) an ingrained cultural idea that something is a problem only after someone complains. Parking illegally? Nobody cares unless someone complains. Running some sort of illegal business or establishment? No complaints, no problem. Sometimes this manifests as implementation of solutions that seem convenient, but are not necessarily the right way to do something. It seems to me entirely possible that this is a simple of "it gives us an easy way to fix or ensure this, and as long as nobody finds out, nobody will complain, so lets just do this."
maurvir Perfectly balanced - mostly
User avatar
First off, I didn't mean to imply I don't have a great deal of respect for Chinese culture and history, I do. Yes, they have had some rough periods, particularly during the communist revolution, but there is a tremendous depth to Chinese society that goes back further than anything in the west. Thus, I don't really have a prejudice against China, though I will admit to having a sense of wariness.

You are correct that it is more complex than I stated, but it's a bit hard to make that clear in in a couple of paragraphs. :p My point is that they are culturally different from what most people in the west are used to, and that there aren't sharp delineations in government the way we expect in our countries. I don't think anyone would believe that every corner of China is like every other, as is evident in the way the coastal regions are very much different than the northern regions, and especially in the Tibetan region.

I will admit that I forgot Foxconn is based in Taiwan; though, of course, the Chinese consider that part of China. Come to think of it, they think of pretty much everything around them as China too, but that's a different story.
juice posted:
Pithecanthropus posted:
I think of things like this every time I hear someone say that the Android is "superior" to the iPhone.

I've heard that from people here. Maybe the "walled garden" isn't so bad after all... ;)

Although I think the lesson here is don't buy no-name electronics, especially electronics that carry so much of your personal information.


Or the lesson is don't put personal information on a friggin phone.
juice Inadvertently correct
User avatar
:eyeroll: Some of it is on there by default.
maurvir Perfectly balanced - mostly
User avatar
Farmerkev posted:
juice posted:
Pithecanthropus posted:
I think of things like this every time I hear someone say that the Android is "superior" to the iPhone.

I've heard that from people here. Maybe the "walled garden" isn't so bad after all... ;)

Although I think the lesson here is don't buy no-name electronics, especially electronics that carry so much of your personal information.


Or the lesson is don't put personal information on a friggin phone.


That's a smidgen difficult these days, given that most people use their phone more than their PC, if they even have another computer at all.
ukimalefu Wasn't me
User avatar
Can't you just root (or whatever it's called) those phones?
maurvir posted:
Farmerkev posted:
juice posted:
Pithecanthropus posted:
I think of things like this every time I hear someone say that the Android is "superior" to the iPhone.

I've heard that from people here. Maybe the "walled garden" isn't so bad after all... ;)

Although I think the lesson here is don't buy no-name electronics, especially electronics that carry so much of your personal information.


Or the lesson is don't put personal information on a friggin phone.


That's a smidgen difficult these days, given that most people use their phone more than their PC, if they even have another computer at all.


Just because other people are stupid doesn't mean you have to be too.
mmaverick my steady systematic decline
User avatar
Farmerkev posted:
maurvir posted:
Farmerkev posted:
juice posted:
Pithecanthropus posted:
I think of things like this every time I hear someone say that the Android is "superior" to the iPhone.

I've heard that from people here. Maybe the "walled garden" isn't so bad after all... ;)

Although I think the lesson here is don't buy no-name electronics, especially electronics that carry so much of your personal information.


Or the lesson is don't put personal information on a friggin phone.


That's a smidgen difficult these days, given that most people use their phone more than their PC, if they even have another computer at all.


Just because other people are stupid doesn't mean you have to be too.


Out of curiosity, where should I have this information? Should I just memorize it and burn it? leave everything in a safety deposit box? What do you consider information that's ok to have on a phone? Should I keep contact information in it? my calendar? Is it safe to have my CC information in my phone? or is my CC safer in my wallet?

I mean, if I had my ID's and CC's only in my phone, I wouldn't have been a victim of identity theft/CC fraud a couple years ago so it's not a black and white issue here.
mmaverick posted:
Farmerkev posted:
maurvir posted:
Farmerkev posted:
juice posted:
Pithecanthropus posted:
I think of things like this every time I hear someone say that the Android is "superior" to the iPhone.

I've heard that from people here. Maybe the "walled garden" isn't so bad after all... ;)

Although I think the lesson here is don't buy no-name electronics, especially electronics that carry so much of your personal information.


Or the lesson is don't put personal information on a friggin phone.


That's a smidgen difficult these days, given that most people use their phone more than their PC, if they even have another computer at all.


Just because other people are stupid doesn't mean you have to be too.


Out of curiosity, where should I have this information? Should I just memorize it and burn it? leave everything in a safety deposit box? What do you consider information that's ok to have on a phone? Should I keep contact information in it? my calendar? Is it safe to have my CC information in my phone? or is my CC safer in my wallet?

I mean, if I had my ID's and CC's only in my phone, I wouldn't have been a victim of identity theft/CC fraud a couple years ago so it's not a black and white issue here.


I don't store anything important on a phone, no cc, no ssn and such.
You want to hack in my phone and see excel spreadsheets for chemical batch mixes or variety/field information I couldn't care less, ask and I'll show them to you and save you the trouble.
You want to see my contact list of people and business go right ahead.
Nothing in my calendar, tried it a few times and was more bother than it's worth. I already remember important dates and appointments.
I never allow places i buy from online store the cc, ever.
If I didn't have a mac I wouldn't have anything important on my computer.
Subsequent topic  /  Preceding topic
Post Reply

You have an Android smartphone made by Xiaomi?