Millions Of Xiaomi Phones at Risk Of Remotely Installed Malware

Zack Whittaker, reporting for ZDNet: Millions of Xiaomi phones are vulnerable to a flaw that could allow an attacker to remotely install malware. The vulnerability, now fixed, was found in the analytics package in Xiaomi's custom-built Android-based operating system. Security researchers at IBM, who found the flaw, discovered a number of apps in the package that were vulnerable to a remote code execution flaw through a man-in-the-middle attack -- one of which would allow an attacker to run arbitrary code at the system-level. In other words, an attacker could inject a link to a malicious Android app package, which is extracted and executed at the system level.

Re:News but few here probably have such phones

A lot of people import Xiaomi phones from China. They offer outstanding value for money and are amazingly high quality for the price.

Overall, I really can't understand why more people don't import Xiaomi phones since an equivalent phone in the UK would be about 2.5x to 4x the price.

Because they come with built in root kits?