Hidden bookmarks in Xiaomi smartphones are one of the most talked-about topics among privacy-conscious users, even though the manufacturer has officially denied having undocumented tracking features in the firmware. MIUI, Independent experts regularly find suspicious processes, atypical network connections and hidden services.This article is not intended to blame a brand, but offers practical methods to check your device for potentially dangerous components.
It is important to understand that the term βbookmarkβ is used here in a broad sense β it can be either intentionally implemented spyware modules (which is unlikely for mass devices), and residual system services that continue to work after resetting, or even legitimate functions. MIUI, We'll look at all the options, from basic diagnostics to deep firmware analysis.
The methods in the article are relevant for devices on MIUI 14/15 (including Xiaomi 13/14 series, Redmi Note 12/13, POCO F5/X5) Start with simple steps, and your suspicions may turn out to be false alarms.
1. Signs of possible presence of hidden bookmarks
Before proceeding with the technical check, note the indirect signs that may indicate unauthorized activity:
- π Unexplained battery consumption in standby mode (e.g, 10-15% overnight with background processes switched off).
- π‘ Active traffic over a mobile network or Wi-Fi when all applications are closed (checked in Settings) β SIM-maps and mobile networks β Traffic).
- π Unknown processes in Task Manager (e.g., com.miui.analytics or com.xiaomi.midrop even if you are not using Mi Drop).
- π± Spontaneous reboots or hangs, especially after updates MIUI.
- π Extraneous sounds during calls (interference, echo) - may indicate interception of the audio stream.
One or two of the signs on the list is not a cause for panic: for example, com.miui.analytics is a legitimate anonymous statistics service that you can turn off, but if you see a combination of symptoms, you should do a deep diagnosis.
β οΈ Note: Some suspicious processes are actually part of the Xiaomi ecosystem, such as com.xiaomi.xmsf for syncing with Mi Account, and com.miui.systemAdSolution for blocking ads.
2. Basic verification through settings MIUI
Start with standard system tools. Many of Xiaomiβs hidden features are actually poorly documented, but they can be detected and disabled without root rights.
Open Settings β Applications β Application Management and follow the following steps:
- Go to the All Apps tab and sort the list by installation date. Pay attention to programs with a date prior to your purchase of the device.
- Check the "System Applications" section (in some versions) MIUI It's hidden -- tap 3 times to access the free space in the app list. Look for unfamiliar names with prefixes like com.miui., com.xiaomi. or com.qualcomm..
- In each suspicious app, open βResolutionsβ and see what features it uses (microphone, camera, location).
Pay special attention to the following services (they may be legitimate, but often run in the background without the userβs knowledge):
| Title of the process | Appointment | Can I turn it off? |
|---|---|---|
| com.miui.analytics | Collection of anonymous usage statistics | Yes, through Settings. β Memory. β Auto-start |
| com.xiaomi.midrop | Transfer of files via Wi-Fi Direct | Yes, but you'll lose the Mi Drop feature. |
| com.miui.systemAdSolution | Blocking Advertising in System Applications | No, he's in charge of security. |
| com.qualcomm.qti.telephonyservice | Working with a modem (Qualcomm) | No, critical for communication. |
| com.miui.hybrid | Integration with Xiaomi services | Partially (limit permissions) |
π‘
If you see the process com.android.cts.ctsshim is not a bookmark, but part of the test infrastructure of Android (CTS). It cannot be removed, but it is not dangerous.
3. Checking network activity
Hidden bookmarks often manifest themselves through atypical network connections, and use built-in tools or third-party apps to identify them.
Method 1: Built-in traffic monitor
Go to Settings. β SIM-maps and mobile networks β Traffic and turn on the "Limit background traffic" option:
- Open Traffic Usage and see which apps were consuming data in the background.
- Note the processes with names like miui.daemon, xiaomi.ipc or qualcomm.qti, which can transmit data without your knowledge.
- If you see suspicious activity, block background traffic for that app.
Method 2: Analyzer applications (NetGuard, GlassWire)
Install one of the traffic monitoring apps from Google Play:
- π‘οΈ NetGuard β Blocks Internet access for individual applications without root.
- π GlassWire β shows detailed connection statistics with indication IP-address.
- π PCAPdroid β allows you to capture network packets (requires technical knowledge).
With these tools, you can:
- See which apps connect to Xiaomi servers in China (api.io.mi.com, data.mistat.xiaomi.com).
- Find connections with strangers IP-Addresses (check them through services such as VirusTotal).
- Block suspicious connections directly from the application interface.
4. Analyze system files without root rights
Even without superuser rights, you can check some critical areas of the system for suspicious files, and you will need a file manager with access to system folders (for example, a file manager with access to the system folders, FX File Explorer or Solid Explorer and enabled debugging mode USB.
Step 1: Enable debugging over USB
Go to Settings. β About the phone and 7 times tap on the item "Version" MIUI", To activate the developer mode. Then go back to Settings. β Additionally. β For developers and include:
- π§ Debugging by USB
- π Unlocking OEM (If you are planning to manipulate further)
- π± Do not turn off the screen during charging (convenient for long checks)
Step 2: Check the key system folders
Open the file manager and go to the following directories (some may be hidden β turn on the display of hidden files in the manager settings):
/system/app/ (system-application)|/system/priv-app/ (privileged applications)|/data/app/ (user-apps)|/system/bin/ (binary)|/vendor/ (production-driver)-->
Look for files with suspicious names:
- π Files with.soap,.dex or.jar extension in atypical folders.
- π Symlinks to unknown paths (checked through ls) -l into ADB).
- π΅οΈ Folders with names like backdoor, debug, test or hidden.
β οΈ Note: Delete or modify files in /system root-free can lead to a device blink (complete failure).If you are not sure about the purpose of the file, it is better to make a backup before any actions.
5. Deep analysis by means of ADB
Android Debug Bridge (ADB) β It's a powerful diagnostic tool that allows you to execute commands at a low level, and it can test running processes, installed packages, and even a dump of system partitions.
Preparation:
- Download ADB Tools for your OS.
- Connect Xiaomi to your computer by USB And let me debug the phone.
- Open the command line (or Terminal) and check the connection with the command: Adb devices should appear the name of your device.
Key commands for finding bookmarks:
- π List of all installed packages: adb shell pm list packages -f Look for packages with unfamiliar names or suspicious paths (e.g, /data/local/tmp/).
- π List of running processes: adb shell ps -A Pay attention to the name processes zygote64_32, mediaserver (they can mask malicious activity).
- π‘ Active network connections: Adb shell netstat -tuln Check if there are connections to strangers IP-Addresses on non-standard ports (e.g, 4444, 5555, 7777).
- π Search for suspicious files: Adb shell finds /system -name ".soap" -o -name ".Dex: This will find all files with extensions often used to implement code.
Critical point: if you see packets with a flag in the output of the adb shell dumpsys package command HIDDEN or PRIVILEGED, which should not be on your device (e.g. com.xiaomi.mitv.tvpush on your smartphone), this is a reason for a deeper check.
Example of suspicious inference ADB
6. Check for hardware bookmarks
In addition to software bookmarks, there are hardware tracking methods that are harder to detect, and they can be implemented at the level of:
- π± Modem (intercept) SMS/call through the base station).
- π‘ Wi-Fi/Bluetooth-Module (hidden beacons or traffic sniffering).
- π Power controller (in rare cases used to transmit data through energy consumption).
How to check:
- Modem test: Install Network Signal Guru and check if your device connects to unauthorized cells (in the "Connecting Stations" menu). SIM-map.
- Wi-Fi check: Turn on the plane mode, then manually activate Wi-Fi. Run the Wifi Analyzer and see if unknown networks with names like this appear on the air. Xiaomi_Service_XXXX.
- Bluetooth Diagnostics: Open Settings β Connected devices β Bluetooth and check the list of associated devices. Delete all unknown gadgets.
For advanced testing, you can use USB-Analyzer (such as USBDeview on PC) to see if unknowns are connecting to your Xiaomi USB-devices in the background (this may indicate a hardware keylogger).
β οΈ Note: If you suspect a hardware bookmark, do not update the firmware through OTA β This can erase the activity. Instead, make a full memory dump through the ADB or contact the service center with a requirement to check the device for modifications.
7 What to do if you find suspicious activity
Do you find something wrong? Don't panic -- first make sure it's not a false alarm.
- Check for legitimacy: Type the name of a suspicious process or package into a search engine with the words site:xda-developers.com or site:miui.com. MIUI.
- Disable Network Access: Through NetGuard or built-in settings, block the internet for a suspicious app.
- Backup: Use Mi Mover or Swift Backup to save important data.
- Perform reset: Go to Settings β The phone. β Reset settings and select "Erase all data." This will delete all user applications and settings, but save the firmware.
- Install custom firmware: If suspicions remain, consider switching to LineageOS or Pixel Experience (requires unlocking the bootloader).
If you are sure you have found the bookmark, report it:
- π’ XDA-Developers Forum (Section Xiaomi).
- π‘οΈ Xiaomi Support Service via Official Website.
- π VirusTotal Virus database (download suspicious) APK-file).
π‘
Even if you find suspicious activity, it doesn't always mean there's a bookmark" MIUI are associated with optimization for the Chinese market and can be disabled without harming the device.