Xiaomi, Redmi and POCO MIUI-based smartphones automatically store dozens of passwords, from Wi-Fi networks to application accounts. But where exactly is that data stored in the system? Can it be retrieved without root rights or resetting? In this article, we will go into detail all the hidden mechanisms for storing passwords in MIUI firmware, including versions 12, 13 and 14, and show legal ways to export and protect them.
Controlling saved passwords is important not only for convenience but also for security, for example, when selling a phone or switching to a new device, many users face data portability problems, and if you lose access to your Mi Account, password recovery can be a non-trivial task, and we analyzed system files, settings menus, and even hidden MIUI features to gather relevant information โ without general phrases and outdated tips.
1. Where Xiaomi stores Wi-Fi passwords: system files and settings menu
Passwords from Wi-Fi networks in Xiaomi are stored in encrypted form in the system file /data/misc/wifi/WifiConfigStore.xml. Access to it is possible only with root rights, but there are also legal ways to view, for example, through the settings menu:
- Open the Settings. โ Wi-Fi.
- Click on the name of the connected network and select Share.
- The system will request confirmation by PIN-code, print or pattern lock.
- After confirmation, it will be displayed. QR-code with network data, including password.
If the phone is not rooted, this is the only official way to see the password. MIUI 14 adds a feature to export all the stored networks to the file, but it only works when you log in to Mi Account and sync is enabled.
For advanced users, there is an alternative method through ADB (no root):
adb pull /data/misc/wifi/WifiConfigStore.xml
adb shell "cat /data/misc/wifi/WifiConfigStore.xml"However, this method requires an unlocked bootloader and may not work on the latest versions of MIUI due to enhanced protection.
โ ๏ธ Note: Attempts to modify the file WifiConfigStore.xml manually without root rights will cause a failure of the Wi-Fi module. You can restore the working capacity only through resetting the network settings.
2.App and Account Passwords: The Role of Mi Account and Google Smart Lock
Passwords from installed applications (e.g., VK, Instagram, banking services) in Xiaomi are stored in two places:
- ๐ Google Smart Lock โ If you use a Google account, passwords are synced to the cloud and are available at passwords.google.com.
- ๐ฑ Local storage. MIUI โ file-wise /data/system/users/0/accounts.db (It's where the authorization tokens are stored, but not the passwords themselves.
- ๐ Mi Account โ synchronizes data only for system applications (Theme, Cloud, Mi Browser).
Itโs important to understand that MIUI doesnโt have its own password manager for third-party applications. Unless youโre using Google Smart Lock or third-party solutions like 1Password, passwords are stored only in the memory of specific programs (such as in the Chrome cache or Mi Browser).
| Password type | Storage area | Access without root | Synchronization |
|---|---|---|---|
| Wi-Fi | /data/misc/wifi/WifiConfigStore.xml | Through the Share menu. | Mi Cloud (if enabled) |
| Applications (Google) | Google Cloud | Yes, through passwords.google.com | Automatic. |
| System accounts (Mi) | /data/system/users/0/accounts.db | No. | Mi Account |
| Browser (Mi Browser) | /data/data/com.android.browser/databases/webview.db | Through browser settings | Mi Cloud |
To view passwords from Mi Browser go to Browser Settings โ Passwords. This will show you the data you saved for the sites, but only after you type in. PIN-lock-code.
3. Hidden folders and files: where to search for passwords manually
If you have root access, you can manually extract passwords from the following locations:
- ๐ /data/misc/wifi/ โ all Wi-Fi networks (file) WifiConfigStore.xml).
- ๐ /data/system/users/0/ โ System accounts (accounts.db).
- ๐ /data/data/com.android.providers.settings/databases/settings.db โ some security settings.
- ๐ /data/data/com.miui.securitycenter/ โ security-center MIUI.
Youโll need Root Explorer or Total Commander with root plugin to work with these files. Note that the files are encrypted โ youโll need specialized tools like MiXplorer with SQLite Editor to decrypt them.
Unlocked loader|Root rights (Magisk or SuperSU)|File Manager with Root Support|Knowledge of file structure MIUI-->
Example of a command to retrieve the account database through ADB:
adb shell "su -c 'cat /data/system/users/0/accounts.db'" > accounts.dbThis file can be opened in DB Browser for SQLite, but most of the data will be encrypted.
โ ๏ธ Note: Modifying files in /data/data/ Without a backup, it can cause system applications to crash. For example, a damage to settings.db will cause a cyclical reboot of the phone.
4. How to export passwords without root: official and non-obvious ways
If you do not have root rights, but you need to transfer passwords to a new phone, use these methods:
- Sync with Mi Cloud: Activate Settings โ Xiaomi Account โ Mi Cloud โ Sync โ Wi-Fi passwords. On the new device, log in to the same Mi Account and enable sync.
- Export via Google: Open passwords.google.com on PC. click โฎ โ Password export (requires a password from your Google account).
QR-wifi:
- Generate QR for each network through Wi-Fi Settings โ Share.
- Scan the codes on your new phone.
๐ก
If you want to transfer passwords to your iPhone, use the Mi Mover app (available on the App Store) that supports Wi-Fi transmission over your iPhone. QR-rootless.
5.Security: How to protect saved passwords from leakage
Password storage in MIUI has vulnerabilities that can be minimized:
- ๐ Turn off autocomplete: Go to Settings โ Passwords and security โ Autocomplete and remove unnecessary services.
- ๐ Change regularly PIN-code: Passwords in WifiConfigStore.xml coded PIN-The lock code, changing it automatically re-encrypts the data.
- โ๏ธ Set up two-factor authentication (2FA): For Mi Account and Google Account, enable confirmation by SMS or an authenticator application.
- ๐ซ Limit access to files: In Settings โ Annexes โ Permits โ Disable access to files for suspicious programs.