Slashdot Mirror

← Back to Stories (view on slashdot.org)

Xiaomi Can Silently Install Any App On Your Android Phone Using A Backdoor (thehackernews.com)

Posted by BeauHD on from the constantly-reappearing dept.

Xiaomi, the Chinese smartphone manufacturer many refer to as the "Apple of China," can silently install any app on your device, according to a Computer Science student and security enthusiast from the Netherlands. Thijs Broenink started investigating a mysterious pre-installed app, dubbed AnalyticsCore.apk, that constantly runs in the background and reappears even if you try and delete it. The Hacker News reports: After asking about the purpose of the AnalyticsCore app on the company's support forum and getting no response, Thijs Broenink reverse engineered the code and found that the app checks for a new update from the company's official server every 24 hours. While making these requests, the app sends device identification information with it, including the phone's IMEI, Model, MAC address, Nonce, Package name as well as signature. If there is an updated app available on the server with the filename "Analytics.apk," it will automatically get downloaded and installed in the background without user interaction. Broenink found that there is no validation at all to check which APK is getting installed to a user's phone, which means there is a way for hackers to exploit this loophole. This also means Xiaomi can remotely and silently install any application on your device just by renaming it to "Analytics.apk" and hosting it on the server. Ironically, the device connects and receives updates over HTTP connection, exposing the whole process to Man-in-the-Middle attacks."

5 of 97 comments (clear)

  1. Not actually an example of irony. by Narcocide · · Score: 5, Insightful

    Ironically, the device...

    I think you mean predictably.

  2. Shocker... by Anonymous Coward · · Score: 4, Insightful

    ... who would expect something like that from a company in china... also Google can do the *exact* same thing...

  3. Is anyone surprised? by macs4all · · Score: 2, Insightful

    That's what you get from a wholly-Chinese company.

    And no, using Chinese Contract Manufacturing is NOT the same. Contract Manufacturers don't control the firmware, nor have the signing keys or software distribution abilities.

  4. Why can't you write-protect your goddamned phone!? by kheldan · · Score: 1, Insightful

    Why isn't there user-controlled write-protect on phones to prevent this sort of thing? You don't need to be able to install software on your goddamned phone so often that it needs to be in read/write mode all the time.

    Of course my question is rhetorical and the answer is obvious: smartphones are just surveillance and data collection devices. Read my new sigline, it says it all.

    --
    Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
  5. Re:Why can't you write-protect your goddamned phon by Nemyst · · Score: 3, Insightful

    1) Android's system partition is, indeed, write-protected. Users can never write to it. However, there has to be a partition with RW rights for data storage, and that's also where all userland apps reside. This is important because users do, in fact, install software regularly, and also updates are pushed out fairly consistently. Having to remount the drive every time would be way more hassle than it's worth if you wanted it to be actually secure in any fashion.

    2) All of this is besides the point because the manufacturer is doing it. They could embed that behavior in the motherboard, in a hardware chip separate from the main CPU, they could put it in the firmware, they can do anything. Your "solution" is for a problem completely orthogonal to the issue at hand.