{
	"id": "672f34cc-ce15-4616-9169-33c0033a74b9",
	"created_at": "2026-04-06T00:06:10.403499Z",
	"updated_at": "2026-04-10T13:13:00.445264Z",
	"deleted_at": null,
	"sha1_hash": "04ba41a976d83b4f37bae6172d4ed9a092145f89",
	"title": "Updated: Mobile security firm claims Xiaomi Mi4 carries pre-installed malware - MEDIANAMA",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 241630,
	"plain_text": "Updated: Mobile security firm claims Xiaomi Mi4 carries pre-installed malware - MEDIANAMA\r\nBy Riddhi Mukherjee\r\nPublished: 2015-03-09 · Archived: 2026-04-05 19:53:48 UTC\r\nUpdate: Xiaomi’s response to Medianama:\r\nWe have concluded our investigation on this topic — the device Bluebox obtained is 100% proven to be\r\na counterfeit product purchased through an unofficial channel on the streets in China. It is therefore not\r\nan original Xiaomi product and it is not running official Xiaomi software, as Bluebox has also\r\nconfirmed in their updated blog post.\r\n1) Hardware: Xiaomi hardware experts have looked at the internal device photos provided to us by\r\nBluebox and confirmed that the physical hardware is markedly different from our original Mi 4.\r\n2) IMEI number: Xiaomi after-sales team has confirmed that the IMEI on the device from Bluebox is a\r\ncloned IMEI number which has been previously used on other counterfeit Xiaomi devices in China.\r\n3) Software: Xiaomi MIUI team has confirmed that the software installed on the device from Bluebox\r\nhttps://www.medianama.com/2015/03/223-mobile-security-firm-claims-xiaomi-mi4-carries-pre-installed-malware/\r\nPage 1 of 4\n\nis not an official Xiaomi MIUI build as our devices do not come rooted and do not have any malware\r\npre-installed.\r\nAs this device is not an original Xiaomi product, and not running an official Xiaomi MIUI software\r\nbuild, Bluebox’s findings are completely inaccurate and not representative of Xiaomi devices. We\r\nbelieve Bluebox jumped to a conclusion too quickly without a fully comprehensive investigation (for\r\nexample, they did not initially follow our published hardware verification process correctly due to\r\nlanguage barrier) and their attempts to contact Xiaomi were inadequate, considering the severity of their\r\naccusations.\r\nThe company also mentioned that it “takes all necessary measures to crack down on the manufacturers of fake\r\ndevices or anyone who tampers with our software.” Xiaomi also informed that it hasn’t yet received any\r\nmeaningful reports of counterfeit Mi phones outside of China. However, keeping in mind the possibility it is\r\nworking on an English version of their verification app (that certifies the authenticity of Mi hardware).\r\nEarlier: San Francisco-based mobile security company Bluebox has claimed that it found pre-installed malware,\r\nadware and spyware in Xiaomi Mi4. The company claimed that it found an app called Yt Service pre-installed in\r\nthe Mi4 it tested, which installs “an adware service called DarthPusher that delivers ads to the device among other\r\nthings.”\r\nBluebox mentions that this app disguises the adware to look like it’s a Google service and “tricks users’ to think its\r\na safe app. Besides Yt Service, some of the other suspicious apps Bluebox found pre-installed on the Mi4 included\r\nPhoneGuardService classified as a Trojan, AppStats classified as riskware and SMSreg classified as malware.\r\nIt’s worth noting that Xiaomi’s VP International Hugo Barra informed Bluebox that:\r\nWe are certain the device that Bluebox tested is not using a standard MIUI ROM, as our factory ROM\r\nand OTA ROM builds are never rooted and we don’t pre-install services such as YT Service,\r\nPhoneGuardService, AppStats etc. Bluebox could have purchased a phone that has been tampered with,\r\nas they bought it via a physical retailer in China. Xiaomi does not sell phones via third-party retailers in\r\nChina, only via our official online channels and selected carrier stores.\r\nSubsequently, Xiaomi conducted “in-depth testing” on the device Bluebox had based its report and informed that\r\nthe device is indeed a counterfeit and a “very good one at that.” In fact, it seems the counterfeit device was\r\ninitially able to pass Xiaomi’s verification app.\r\nThe question seems to be if the counterfeit is really that good and it took a mobile security company and the\r\nmanufacturer a few days to verify if it’s authentic or not, what are consumers supposed to do?\r\nWe’ve written to Xiaomi and will update once we hear back.\r\nThe Xiaomi Mi4 went on sale last month in India. In December last year, Xiaomi’s India head Manu Kumar Jain\r\nhad claimed that they had sold one million handsets in India since its launch in July. It’s also worth noting that\r\nXiaomi is working towards launching its own e-commerce store in India as well. Barra had confirmed this to\r\nLivemint in November last year, and in February Jain told PTI that the process will take “anywhere between three\r\nto nine months.”\r\nhttps://www.medianama.com/2015/03/223-mobile-security-firm-claims-xiaomi-mi4-carries-pre-installed-malware/\r\nPage 2 of 4\n\nSecurity and privacy issues with Xiaomi\r\nIn August last year, security firm F-Secure had found that Xiaomi’s MIUI-based smartphones were sending user\r\ndata – including text messages, contacts, phone numbers, ISP’s name, IMEI number and other details – back to\r\nXiaomi’s server, whether users signed up for the company’s cloud-based services or not. F-Secure also found that\r\nthis data wasn’t encrypted.\r\nAt the time, the Chinese smartphone maker had for the first time acknowledged that its phones were sending text\r\nmessages back to its servers. However, the company said that this was being done to test whether text messages\r\nsent out by a user could possibly be sent over using data connection instead of carrier’s SMS  gateway to save\r\nuser’s money. Barra also mentioned that this option is turned on by default. More on how Xiaomi deals with user’s\r\ndata here.\r\nA couple of months later, the Indian Air Force issued an alert note to its staff and their family members that\r\nwarned them against using any Xiaomi products, saying that the company was stealing not just their phone\r\nnumbers and IMEI (device identifier) number, but was also accessing their phone calls and personal text\r\nmessages. At the time, Barra told Medianama that they do not collect any information without user permission.\r\n“Users will always be notified beforehand in situations when we require your personal information, and will have\r\nto approve the request.” He also mentioned that they are also migrating their services and corresponding data for\r\nIndian users from their Beijing data centers to Amazon AWS data centers in Singapore and USA, which is\r\nexpected to be fully complete by the end of this year. The company also plans to setup a local data center in India\r\nin 2015. More on that here.\r\nFor You\r\nRead Reasoned by Nikhil Pahwa: How AI is changing our world\r\nSign up for MediaNama's Daily Newsletter to receive regular updates\r\nSponsor a MediaNama Event\r\nPost navigation\r\nNational Payments Corporation of India (NPCI) has linked 15 crore bank accounts with their Aadhar numbers\r\nunder the Pradhan Mantri Jan…\r\nhttps://www.medianama.com/2015/03/223-mobile-security-firm-claims-xiaomi-mi4-carries-pre-installed-malware/\r\nPage 3 of 4\n\nFacebook last week started rolling out changes which could affect businesses which measure their success by the\r\nnumber of likes…\r\nSource: https://www.medianama.com/2015/03/223-mobile-security-firm-claims-xiaomi-mi4-carries-pre-installed-malware/\r\nhttps://www.medianama.com/2015/03/223-mobile-security-firm-claims-xiaomi-mi4-carries-pre-installed-malware/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.medianama.com/2015/03/223-mobile-security-firm-claims-xiaomi-mi4-carries-pre-installed-malware/"
	],
	"report_names": [
		"223-mobile-security-firm-claims-xiaomi-mi4-carries-pre-installed-malware"
	],
	"threat_actors": [
		{
			"id": "aa73cd6a-868c-4ae4-a5b2-7cb2c5ad1e9d",
			"created_at": "2022-10-25T16:07:24.139848Z",
			"updated_at": "2026-04-10T02:00:04.878798Z",
			"deleted_at": null,
			"main_name": "Safe",
			"aliases": [],
			"source_name": "ETDA:Safe",
			"tools": [
				"DebugView",
				"LZ77",
				"OpenDoc",
				"SafeDisk",
				"TypeConfig",
				"UPXShell",
				"UsbDoc",
				"UsbExe"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775433970,
	"ts_updated_at": 1775826780,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/04ba41a976d83b4f37bae6172d4ed9a092145f89.pdf",
		"text": "https://archive.orkl.eu/04ba41a976d83b4f37bae6172d4ed9a092145f89.txt",
		"img": "https://archive.orkl.eu/04ba41a976d83b4f37bae6172d4ed9a092145f89.jpg"
	}
}