Where is security on Xiaomi: hidden settings

Xiaomi smartphone owners often face a paradox: the system is full of security features, but it is almost impossible to find them without a detailed menu map. MIUI user interface and the new HyperOS hide critical settings deep in the bowels of system applications, creating the illusion of their absence. This is not an accident, but the result of a complex shell structure, where functions are scattered between standard utilities and hidden engineering menus.

Searching for a security section on Xiaomi isn’t just about finding an icon on your desktop, it’s about understanding the ecosystem’s logic: in some regions, the menu is separately displayed, in others it’s integrated into Settings, and in others it’s hidden behind regional restrictions, and it’s a maze that anyone who wants to protect their personal data from leaks and malware, which often masquerades as harmless apps, needs to understand.

In this article, we will take a closer look at all possible paths to security settings, explain the difference between visible and hidden features, and provide tools for deep system diagnostics, explaining why antivirus can keep silent about threats and how to activate modes that the manufacturer prefers not to talk about loudly.

Standard path through system application

The most obvious but often overlooked way to get into security settings is to use a pre-installed system application, which is simply called “Security” on most global firmware versions and has a green shield icon, but in some builds, especially in China or Europe, this application can be renamed Security or integrated into a shared Tools folder.

Inside this app, the lion's share of the security features available to the average user is concentrated, and it has an integrated antivirus based on Avast and AVL engines that checks installed applications and files in real time, and it also houses a Cleaner that not only frees up space, but also analyzes the performance risks associated with overheating or overconsumption of resources.

It’s important to understand that the standard security app on Xiaomi is not just an antivirus, but a comprehensive access control center, which is where you can deny a particular application access to the Internet, camera or microphone, even if the basic Android settings already give such permission, which creates an additional level of control that is often overlooked.

  • 🛡️ Antivirus: scans in real time and on schedule, checks APK-pre-installing.
  • 🚫 Blacklist: Blocks unwanted calls and SMS-messages from spammers and scammers.
  • 🔒 Privacy protection: allows you to hide applications, photos and files in a special secure space.
  • 🔋 Battery and performance: limits background activity of applications to prevent overheating and surveillance.

⚠️ Note: Xiaomi’s built-in antivirus is effective against known threats, but does not replace full protection against phishing attacks in the browser or complex Trojans masquerading as system processes.

If you can't find an app icon on your desktop, try a global search. Swipe your finger down the center of the screen (or up, depending on your navigation settings) and type in the word "Security" or "Security." The system will prompt you to run the app, even if the icon is hidden in the folder.

Hidden settings in the menu "About the phone"

There is a lesser-known way to access advanced security features that is hidden deep in the standard settings menu. The Settings → About Path contains not only information about the MIUI version, but also access to hidden security options in a particular interaction. Multiple taps on the kernel version or build number can activate the developer mode where important switches are hidden.

Developer mode, often confused with the engineering menu, includes USB debugging and app validation settings. “Check apps through Play Protect” is critical for those installing software from third-party sources, and disabling this option removes the last barrier between the system and potentially malicious code.

📊 How often do you check the permissions of the application?
Every day.
Once a week.
Only when installed
Never checked.

Particular attention should be paid to the parameter. USB-Debugging: Enabling this feature gives direct access to the file system and command line of the device when you connect to the computer. If you’re not in programming or deep diagnostics, keep this switch off to prevent intruders from remotely accessing through a charging port in public places.

  • 🔧 Debugging by USB: Allows your computer to have full access to the Android system.
  • 📱 Location emulation: allows apps to think you’re in a different place, which can be used to bypass regional locks.
  • 👁️ Show touch: visualizes on-screen clicks, is useful for creating training videos, but can reveal a pattern lock.

⚠️ Warning: Never turn on debugging mode USB It's a direct route to stealing data or installing hidden malware.

To access these settings, you need to click 7 times in a row on the build number in the About menu. After the message “You became a developer” appears in the settings menu, a new option will appear “Additional” or “Extended settings”, where these switches hide.

Engineering menu and diagnostic codes

For users looking for security on Xiaomi at a deep level, there is an engineering menu that is accessed through a set of special features. USSD-Code ##64663## opens the menu CIT (Customer Information Test, which allows for test components but also contains information about the status of sensors and connections.

More important for security is code ##4636##. It opens the testing menu, where you can see usage statistics, battery information and, most importantly, run a Wi-Fi diagnostic, and you can see the real signal level and connection quality, which helps to detect attempts to jam the signal or connect to fake access points.

##4636##
##64663##
##8255##

Using the code ##8255##, the GTalk Service Monitor is launched, which in older versions of Android showed the activity of Google services. On modern Xiaomi with Android 10+, many codes can be blocked by the operator or the firmware itself, in which case the system will simply reset the challenge or nothing happens.

Code.FunctionLevel of accessRisk of change
*#06#IMEI displaySafe.No.
##4636##Test menuMedium.Low.
##64663##Equipment Test (CIT)High-pitchedMedium.
##7780##Resetting (Factory Reset)criticalHigh (data deletion)

Using engineering codes requires caution. Changing the parameters of a radio module or network without understanding their purpose can lead to signal loss or unstable operation of the device. Reset code ##7780## can instantly delete all data from the phone without additional confirmation, so be extremely careful when entering numbers.

Digital Well-Being and Parental Control

In modern versions of MIUI and HyperOS, security features are closely intertwined with digital well-being. Settings menu → Digital well-being and parental control allows you to not only limit the time of use, but also control which apps access the screen and at what time.

Kids Space creates an isolated environment where only authorized apps are running, blocking the ability to shop, send messages, or go online without a parent’s password, and is an effective way to keep the device safe from inexperienced users.

☑️ Parental control checks

Done: 0 / 4

Also worth noting is the “In-app Lock” feature, which allows you to set an additional password or fingerprint to run specific applications, such as bank clients, a gallery or instant messengers, and you can find this feature in the “Security” application → “App Protection”.

  • 👶 Child Mode: Completely isolates the system from the child, leaving access to games and learning applications only.
  • ⏳ Time limits: automatically blocks the application after the expiration of the set usage time.
  • 🚫 Content Filtering: Blocks access to adult websites and dangerous content through a built-in browser.

These settings are especially relevant if multiple people are using a smartphone or if the device often falls into the hands of children, and ignoring these settings leaves personal data vulnerable even if the main password unlocks the screen.

Security Mi Account and Cloud

The centerpiece of Xiaomi’s ecosystem is the Mi Account, which is where you synchronize your contacts, search for your device, and remotely lock your account, and you can find your account security settings by Settings → Mi Account → Security, and it stores your encryption keys and login history.

It is critical to activate two-factor authentication (2FA). Without it, when a password is compromised, an attacker gains full access to a cloud storage facility where copies of messages, photos, and even backups of passwords can be stored. In the Devices section, you can see a list of all the gadgets where the login is made and remotely terminate the session on the suspicious device.

Find the device should be enabled at all times, not only to track the location of the lost smartphone, but also to remotely erase data or lock the screen, but it is worth remembering that in order for this feature to work, the device must be connected to the Internet.

⚠️ Note: Never provide a confirmation code from SMS No one, even if the caller is a Xiaomi support employee, is the most common method of stealing accounts.

Regularly checking your account activity helps you detect unauthorized access early, and if you notice a sign-in from a device or location you don’t recognize, take immediate steps to protect your account.

Application permissions and confidentiality

With the release of Android 12, 13 and 14, Xiaomi has advanced permission management tools. In the Settings → Privacy Protection menu, you can see how often apps access the camera, microphone or geolocation. The system even shows indicators (green dots) in the corner of the screen when using sensors.

The special feature that deserves attention is Virtual Location or Blurred Location, which allows you to give applications not exact coordinates, but an approximate area, which protects your privacy when an application, such as a weather widget, does not need to know which house you are in.

And this section also has a Safe Shortcut, which allows you to create copies of applications with modified permissions, for example, you can create a copy of the messenger.