Where and how to prohibit installation from unknown sources on Android Xiaomi: full instructions

Installing apps from unknown sources is one of the most common causes of Xiaomi smartphones getting infected with viruses, spyware and advertising software. APK-A file from a โ€œreliableโ€ site, the risk of getting a built-in miner or Trojan remains high. The manufacturer by default allows installation from external sources for some applications (for example, browsers or file manager), but this creates a security breach. In this article, we will analyze where this function is disabled in different versions. MIUI, Why a standard ban on security settings is not enough, and how to block the installation of uncertified security settings APK.

Xiaomi has a feature of duplicating security settings across multiple menus, such as MIUI 14, where you can block installation globally, but individual applications (like Files or Downloads) will still ask for permission, and we'll show you how to turn that off at the system level without having to root-right, and what to do if you reset after updating MIUI, and why some of the "instructions" from the Internet don't work on new versions of the firmware and how to get around the manufacturer's limitations.

Why Xiaomi canโ€™t just turn off โ€œUnknown Sourcesโ€ in its security settings

Unlike pure Android, where you just need to switch one switch to the Settings โ†’ Security menu, Xiaomi has a different system. The manufacturer has implemented application control: each application (browser, messenger, file manager) can request permission to install APK regardless of global settings, which means that even if you turn off the option in the main security menu, Google Chrome or Mi File Manager will still be able to offer to install the downloaded file.

The second problem is that in MIUI 13 and later, settings are reset after major firmware updates. Users often find that after upgrading to a new version of MIUI, previously blocked sources become active again. This is not a bug, but a feature: Xiaomi tries to maintain compatibility with old applications, but actually creates a vulnerability. In addition, in some regional firmware (for example, for India or China), security options may differ or be hidden.

  • ๐Ÿ” Application control: Each application has its own switch for installation APK, Even if the global setting is disabled.
  • ๐Ÿ”„ Reset after updates: Security settings reset when you upgrade to a new version MIUI (Especially relevant for 13.โ†’14โ†’15).
  • ๐ŸŒ Regional differences: Security menus may look different in different countries.
  • ๐Ÿ›ก๏ธ Bypassing restrictions: Some applications (such as APKMirror Installer) can bypass the lock through the use of a security device. ADB.

To actually disable installations from unknown sources, it's not enough to disable one switch, you have to go through all the applications that could potentially request permission and lock them manually, and below we'll show you how to do it correctly.

๐Ÿ“Š What version? MIUI You're using it?
MIUI 12
MIUI 13
MIUI 14
MIUI 15
I don't know.

Where is the main menu "Unknown sources" in MIUI 12-15

Starting with the basic path that works on most Xiaomi, Redmi and POCO devices, the menu may vary slightly depending on the MIUI version, but the overall logic is maintained:

  1. Open Settings (the gear icon on the main screen).
  2. Go to the Appendix section โ†’ Application management.
  3. In the upper right corner, press three dots (โ‹ฎ) and select Special Access.
  4. Slip on the item Install unknown applications (in some versions โ€“ Install from unknown sources).

Here you'll see a list of all the apps that are allowed to install APK, and it's usually the default:

  • ๐ŸŒ Browser (or Google Chrome)
  • ๐Ÿ“ Files (Mi File Manager)
  • ๐Ÿ“ฅ Downloads (Downloads)
  • ๐Ÿ’ฌ Messengers (Telegram, WhatsApp โ€“ if downloaded through them) APK)

Your task is to turn off the permission for each application manually, tap the application name and move the slider to the position of Prohibit (or Disabled). Note that MIUI 14/15 may display a warning after disabling, "This may interfere with some functions." This can be ignored - it is about the ability to install APK, not the basic functionality of the application.

โ˜‘๏ธ What to check in the menu "Unknown sources"

Done: 0 / 4

How to prevent APK installation via ADB (for power users)

If you find that settings are reset after the update, or some applications ignore the lock, you can use the ADB commands. This method is suitable for users who have already enabled USB Debugging and have access to a computer. The advantage of the method is that it works at the system level and does not reset after MIUI updates.

You'll need:

  • ๐Ÿ–ฅ๏ธ Computer with installed ADB Fastboot (you can download from the official Android website).
  • ๐Ÿ“ฑ Xiaomi smartphone with enabled debugging USB (Settings โ†’ The phone. โ†’ Version. MIUI โ†’ 7 times to tap the assembly number โ†’ return to โ†’ For developers โ†’ Debugging by USB).
  • ๐Ÿ”Œ USB-cable (preferably original).

Next, follow the following steps:

  1. Connect the phone to the computer and confirm the debugging permission on the smartphone screen.
  2. Open the command line (or Terminal on Mac/Linux) in the platform-tools folder.
  3. Enter the command to check the connection: Adb devices must appear serial number of your device.
  4. Ban installation from unknown sources globally: adb shell settings put global install_non_market_apps 0
  5. For reliability, block the installation through specific applications (example for the browser): adb shell appops set com.android.browser INSTALL_PACKAGES Replace com.android.browser with the batch name of the desired application (you can find out through adb shell pm list packages).

Once you've done the commands, restart your smartphone. Now, even if you accidentally give permission to an application through a GUI, the system will ignore it because of the fact that you're not using it. ADB-Attention: this method does not work on devices with locked bootloader and some regional firmware (e.g, MIUI China).

How to find out the package name of the application?
To find a batch name (e.g. com.android.chrome), connect the phone to ADB and type the command: adb shell pm list packages | grep "application name" For the browser, this can be com.android.browser or com.android.chrome, for Files - com.android.fileexplorer.

Hidden security settings: where else can you block APK installation

In addition to the main menu, Install Unknown Apps, there are a few more places in MIUI where you can increase protection, many users overlook them, but they are critical for full lockdown:

  1. Developer Settings: Go to Settings โ†’ Additionally. โ†’ For developers and find the option to Disable the installation through USB (or USB-This will prevent installation. APK When connecting to your computer via adb install.
  2. Mi Security: In the Security app, go to Settings โ†’ Privileges โ†’ Install applications. Here you can see the list of applications that are allowed to install and revoke permissions.
  3. Google Play Protect: While it doesnโ€™t block installation, enabling scanning in the Play Store โ†’ Play Protect will help detect malicious APKs once installed.This wonโ€™t replace full locking, but will add a layer of protection.

The Mi File Manager app, which often ignores global settings, can set APKs even after the permissions in the Special Access menu are turned off, to block them completely:

  1. Open Settings โ†’ Applications โ†’ Application Management.
  2. Find the Files and tap it.
  3. Select Permissions โ†’ Additional โ†’ Install unknown applications.
  4. Set the switch in the position to Prohibit.

If after this manipulation you still see a request for installation APK, So the app uses workarounds, and in this case, only removing the problem software or using it will help. ADB-teams (described above).

๐Ÿ’ก

If you frequently install APKs for testing but want to limit the risks, create a separate user on your phone (Settings โ†’ System โ†’ Multiplayer) and install uncertified apps only there.

What to do if the settings reset after the MIUI update

One of the most common problems is automatic permission resets after a firmware update, which is because Xiaomi resets some of its security settings โ€œpre-fabricatedโ€ when it upgrades to majors (e.g., switching from MIUI 13 to MIUI 14) to avoid this:

  1. Back up your settings: Use the Settings app โ†’ Additional โ†’ Backup and Reset โ†’ Local Backup. Select System Settings and save the file. Restore it after the update.
  2. Use it. ADB-As described above, the adb shell settings put global install_non_market_apps 0 Not reset after updates if the bootloader is unlocked.
  3. Turn off automatic updates MIUI: Go to Settings. โ†’ The phone. โ†’ Updating the system โ†’ Settings (โ‹ฎ) โ†’ Auto-update and turn off the option.This will give you time to prepare before the update.

If the update has already occurred and the settings are reset, follow the following steps:

  1. Check the Install Unknown Applications menu (the path described above) and turn off all permissions again.
  2. Remove the Security app cache (Settings โ†’ Applications โ†’ Application Management โ†’ Security โ†’ Storage โ†’ Clear the cache).
  3. Restart the device โ€“ sometimes the settings are applied only after the reboot.

โš ๏ธ Note: If after the update you see unknown applications in the list of allowed installations APK, This could be a sign of malware. Immediately scan the device through Google Play Protect or Malwarebytes.

Table: Where to look for settings on different versions of MIUI

To make it easier to search, we have compiled security menu paths for different versions of MIUI. Please note that item names may vary slightly depending on the regional firmware.

MIUI versionThe path to settingsFeatures
MIUI 12Settings โ†’ Applications โ†’ Application Management โ†’ Special Access โ†’ Installation of Unknown ApplicationsThe menu can be called "Installation from Unknown Sources." There's no separate control for USB.
MIUI 13Settings โ†’ Annexes โ†’ Application management โ†’ Three points (โ‹ฎ) โ†’ Special access โ†’ Installation of unknown applicationsControls have been established for USB-installation in the Developer's settings.
MIUI 14Settings โ†’ Applications โ†’ Application Management โ†’ Special Access โ†’ Installation of Unknown ApplicationsAdded integration with Mi Security, settings can be reset after updates.
MIUI 15 (Global)Settings โ†’ Applications โ†’ Permissions โ†’ Installation of unknown applicationsSimplified interface, but retained application control, in the Chinese version, the path may be different.
POCO LauncherSettings โ†’ Applications โ†’ Application Management โ†’ Special AccessIt is similar to MIUI 13, but with a different menu design.

If your version of MIUI is not listed in the table, try searching by settings (the magnifier icon in the upper right corner of Settings) and entering the "Install unknowns" query.

What happens if you leave the installation from unknown sources on

Many users neglect to block, believing that they โ€œneatly download APKs only from trusted sites.โ€ However, even popular resources like APKMirror or APKPure do not guarantee 100% security.

  • ๐Ÿฆ  Malware: Trojans, cryptocurrency miners, spies to steal bank card data, for example, in 2023 through fake APK WhatsApp spreads FluBot virus stealing SMS.
  • ๐Ÿ“ฑ Advertising viruses: Apps that display ads on top of all windows, even when you're not using them, often only remove them through resetting.
  • ๐Ÿ” Surveillance: Some APK Collect location history, contacts, photos and send them to the servers of the attackers.
  • ๐Ÿ’ธ Subscriptions and SMS-Fraud: Viruses can be secretly sent SMS to pay numbers or sign you up for services.

According to Kaspersky Lab statistics, in 2023 year 38% Mobile device infections occurred through installation APK And yet, Xiaomi is in the top.-3 The brands whose users are most likely to be victims of such attacks (along with Samsung and Huawei).

Even if you are sure of the APK source, remember:

  • ๐Ÿ”— Download links can be replaced through phishing sites.
  • ๐Ÿ“ฆ Legitimum APK They can be modified (for example, malicious code is embedded in them).
  • ๐Ÿ”„ Pirate apps updates often contain viruses.

โš ๏ธ Warning: If you have already installed a suspicious app, it is not enough to simply delete it. Some viruses create "sleeping" services that are activated after a reboot. In this case, only a complete reset of the phone to factory settings will help (Settings) โ†’ Additionally. โ†’ Backup and reset โ†’ Resetting settings).

๐Ÿ’ก

Even just allowing APKs to be installed for your browser or messenger makes your smartphone vulnerable, and locking them completely reduces the risk of infection by 90%.

FAQ: Frequent questions about blocking unknown sources on Xiaomi

Can I completely ban APK installation without root rights?
Yes, but with reservations, standard means. MIUI You can manually disable permission for all applications (as described above).However, some system applications (such as Files) may ignore the lock. ADB-team-right.
Why does the MIUI update require the APK installation again?
This is a feature of Xiaomi: in major updates (for example, from 13 to 14 version), some security settings are reset to factory. ADB-commands or back up settings before the update.
How do I know which app asks for permission to install APK?
Go to Settings โ†’ Applications โ†’ Application Management โ†’ Special Access โ†’ Install Unknown Applications. This will list all active resolution applications. You can also use the adb shell dumpsys package for the detailed log.
What if an unknown application appears in the Unknown Sources list?
This is a warning sign that you're likely to have malware installed on your device. Immediately: Revoke permission for this application. Delete it through Settings โ†’ Apps. Scan your phone with an antivirus (Malwarebytes, Dr.Web). If the application doesn't get deleted, reset to factory settings.
Can I install APK if installation from unknown sources is prohibited?
Technically, but with limitations: Through ADB: the adb install route to file.apk can work even when blocked. Through SAF (Storage Access Framework): some file managers can bypass restrictions. On root-right devices: you can temporarily disable verification through Magisk. However, for an ordinary user without special knowledge, the installation will be blocked.