Xiaomi smartphone owners regularly face suspicions of being wiretapped through a microphone or transmitting data without the userβs knowledge. These concerns are not always groundless: in 2022, researchers at Citizen Lab discovered vulnerabilities in MIUI firmware that allow third-party applications to access the microphone in the background. Even if you donβt notice clear signs of surveillance, some features by default may collect more data than you would like.
In this article, we will look at all possible channels of audio leakage on Xiaomi, Redmi and Poco phones, from system services to malicious applications. You will learn how to disable wiretapping through MIUI settings, check application permissions and block access to the microphone at the kernel level. Importantly, some methods require root rights, but we will also provide solutions for users without them.
1. Checking the active microphone resolutions in MIUI
The first step is to audit applications that already have access to your microphone, which is simplified in MIUI 14/15, but many users are unaware of the hidden settings.
Open Settings β Privacy β Permits β Microphone. Here you will see a list of all the apps with audio access.
- π System services (e.g. com.miui.voiceassist β Xiaomi voice assistant)
- π± Social networks (Facebook, TikTok, Viber) β they often request a microphone just in case")
- π‘οΈ Antivirus and VPN (Some, like 360 Security, scan audio streams)
Turn off all suspicious applications, and if a program stops working after that, you should consider removing it.
π‘
MIUI 15 has a single resolution feature for the microphone, activate it in the privacy settings so that applications request access every time they try to record.
2. Disconnection of system services of wiretapping
Xiaomi integrates several services into firmware that can theoretically use a microphone:
- XiaoAI (com.miui.voiceassist) β works even when the screen is locked.
- MIUI (com.miui.player) - analyzes sounds for contextual clues.
- Speech recognition service (com.iflytek.speechsuite) β used for voice input.
To turn them off:
- Go to Settings β Applications β Application Management.
- Find each service by the name of the package (use search).
- Select Disable (do not "Delete Updates!").
- Confirm the action β some services will require you to enter a password from your Mi Account.
Disable XiaoAI (voice assistant)| Disable MIUI | Disable the voice recognition service iFlytek | Check active processes in Task Manager-->
β οΈ Warning: Disabling com.iflytek.speechsuite may disrupt voice dialing in the Gboard keyboard and some banking applications. If you need this feature, keep the service active, but limit its access to the microphone through permission settings.
3. Malware and spyware applications check
Even if you havenβt installed suspicious programs, some apps from Google Play may contain hidden listening modules, such as the 2023 fake βbattery optimizersβ that recorded audio every 15 minutes were discovered.
How to check your phone:
- π‘οΈ Install Malwarebytes or Bitdefender and perform a deep scan.
- π Check the list of installed applications in Settings β Annexes β All applications. Look for programs with names like com.system.cleaner com.battery.saver.pro com.security.master.
- π Use NetGuard (without root) or AFWall+ (root) to see which applications are transferring data to suspicious servers.
V 2026 The most dangerous applications are those that request permission. RECORD_AUDIO together ACCESS_FINE_LOCATION and READ_CONTACTS. This combination is characteristic of spyware.
Social networks (Facebook, TikTok)|Messengers (WhatsApp, Telegram)|Games with microphone access|Xiaomi System Services|Other-->
4. Set up firewall to block audio data transmission
Even if an application has access to a microphone, it cannot transmit records without an Internet connection, and blocking network traffic for suspicious programs is an effective way to protect.
No root rights:
- Install NetGuard from F-Droid (not from Play Market!).
- Enable Block Wi-Fi and Block mobile data for applications that donβt need internet (such as a flashlight or calculator).
- For instant messengers, only allow access to trusted domains (e.g. *.whatsapp.net for WhatsApp).
With root rights:
- Use AFWall+ to block your network access completely.
- In the settings, select Custom rules and add the rule: iptables -A afwall -m owner --uid-owner 10123 -j DROP (where 10123 β UID You can find out the suspicious application through the adb shell dumpsys package)
| Annex | Typical behavior | Firewall recommendation |
|---|---|---|
| Requests microphone to "improve targeted advertising" | Block access to graph.facebook.com and *.fbcdn.net | |
| XiaoAI | Activated by voice command "Xiao Ai" | Complete Internet Blockage |
| TikTok | Listens to background noise to βpersonalize contentβ | Block.byteoversea.com and.musical.ly |
| Google App | Uses a microphone for voice search | Restrict access to *.googleapis.com only |
5. Physical microphone locking (for paranoid)
If the software methods seem unreliable, you can completely shut down the microphone at the hardware level, which is a radical step, but it guarantees 100% protection against wiretapping.
Ways:
- π§ Turning off the microphone plume (requires disassembly of the phone): On most Xiaomi models, the microphone is connected via a flexible plume to the motherboard. gently disconnect the connector (usually marked as MIC or AUDIO_IN). Disadvantage: the possibility of voice calls and recording video with sound will be lost.
- π§ Using headphones with microphone off: Connect wired headphones without a built-in microphone, the system automatically switches to them, and the main microphone will be turned off.
- π‘οΈ Screened cases: Special metallized mesh covers block radio signals. Effective against remote activation of microphone through vulnerabilities in Bluetooth module.
What happens if you turn off the microphone physically?
β οΈ Attention: On Xiaomi models 13/14 series F5 Microphone integrated into Qualcomm's core audio chip WCD9385. Its physical shutdown can cause sound loss in the speakers. Before disassembling, check the scheme of your model on the Xiaomi Firmware website.
6.Alternative firmware: transition to AOSP
If you're sure that the wiretapping is MIUI, the radical solution is to install custom firmware based on the AOSP (Android Open Source Project), which is devoid of Xiaomi's proprietary services and does not contain hidden surveillance modules.
Suitable options:
- π± LineageOS is the most stable and proven firmware.
- π GrapheneOS β Focus on security and privacy.
- π‘οΈ CalyxOS β includes a built-in firewall and tracker blocker.
Installation process:
- Unlock the bootloader via fastboot oem unlock (you will need a Mi Account and wait 7 days).
- Install TWRP or OrangeFox Recovery.
- Sweep through the firmware and NikGApps (the minimum package of Google services).
- Once installed, perform a factory reset to clean up the data.
Advantages:
- There are no Xiaomi system services that collect data.
- Full control over permissions through AppOps.
- The ability to disable Google Play Services without losing functionality.
Disadvantages:
- Some camera functions, for example, AI-mode may not be operational.
- There is no support for Mi Pay and other exclusive services.
- Technical skills are required for installation and debugging.
π‘
Installing custom firmware is the only way to 100% eliminate wiretapping through Xiaomi system services, however, this voids the warranty and may result in loss of functionality (for example, wide-angle camera on some models).
7. Additional protection measures
Even after all suspicious services are shut down, there are indirect channels for audio leaks, and here's what you can do:
- π Turn off voice activation: C Settings β Voice assistant deactivate the "OK, Google" and "Xiao Ai" option. Delete the voice model data in Settings β Google β Devices and sharing β Voice Match.
- π΅ Use Do Not Disturb Aggressively: Enable Settings β Sounds and vibrations β Don't disturb. β The schedule is permanent, except for "Budilma" and "Media".
- π Reset advertising regularly ID: B Settings β Google β Click on "Reset Ad ID" to make it harder to link your data to your profile for targeted advertising.
- π‘οΈ Install. DNS-Filter: Use NextDNS or AdGuard DNS Add to the blacklist the domains sdkconfig.ad.xiaomi.com and data.mistat.xiaomi.com.
For advanced users:
- Install XPrivacyLua (requires root) to swap the data that applications send to servers.
- Use Inspeckage to analyze app traffic in real time.
- Set MacroDroid to automatically turn off the microphone when the screen is locked.