Millions of xiaomi phones had Pre-installed security flaw in security app and browsers

Security Flaw in security app

If you are xiaomi mobile user your device must run on Miui. Although Miui have lot of new features it have some bugs as well.The pre-installed security app called Guard provider,the app uses antivirus scanners from avast,avl and tecent to detect malware present on your phone.

Android malware find different ways to enter to your phone the recent researches found that the guard provider update through unsecured http connections that means anyone  can modify the apk and insert malware on it through a man in the middle(MITM) attack.

As long as you on the victim network you are on danger,so don't use public wifi.

Security Flaw in Browser

A new vulnerability has reportly discovered in Xiaomi pre-installed browser and mint browser.This vulnerability takes control your Url displayed on address bar.The vulnerability has been allegedly been listed on Common Vulnerabilities and Exposures (CVE) database.It was discovered by the security researcher arif Khan.The bug is privately reported to xiaomi but yet not fixed it.

The CVE-2019-10875 vulnerability is said to be a spoofing issue inside the address bar that exists because of a flaw in the browsers' interface. The vulnerability exists both in the in-built Mi Browser on Xiaomi devices and in the Mint browser as well. Mint Browser can also be downloaded via Google Play by non-Xiaomi phone users. The Hacker News reports that the flaw can dupe users to thinking that they are visiting a trusted website, when they are actually visiting a site that served phishing or malicious content. This URL spoofing vulnerability allows hackers to bypass basic verifying indicators like URL and SSL.
This vulnerability only affects international variants of both the browsers, and the China variants do not contain this vulnerability. "The thing that struck me most was that only their overseas or, international versions were having this security bug and not their Chinese or, domestic versions. Was it done deliberately thus? Are Chinese device manufacturers intentionally making their OS, applications, and firmware vulnerable for their international users?