How to disable the installation of applications from unknown sources on Xiaomi

Modern Xiaomi smartphones, which are based on MIUI shells or the new HyperOS, have a flexible permission system that sometimes requires user intervention. One of the key security features is control over the installation of applications outside the official Google Play Store. By default, the system often blocks such actions or requests confirmation, but in some cases, settings can be changed, which opens up access to potentially malware.

Disabling the installation from unknown sources is an important step to protect personal data and financial information, especially if the device is used by children or elderly people who may accidentally download an ad virus. The process of deactivating this permission is not complicated, but requires care, since the settings menu in different versions of firmware may differ in the location of items.

In this guide, we will take a detailed look at the algorithm of actions to block third-party installers, explain the difference between a global ban and permission for specific applications, and also look at the nuances of Google Play Protect. You will learn to fully control which programs can be installed on your gadget, minimizing the risks of infection.

Why block the installation of third-party applications

The main reason to restrict installation of programs from unknown sources is to protect the Android operating system from malicious code.The official Google Play store undergoes a multi-step security check, while the Android operating system is protected from malicious code. APK-files downloaded from a browser or received through messengers may contain hidden threats, blocking this feature creates a necessary barrier to accidental installation of viruses.

In addition, limiting the source of installation helps prevent so-called “intrusive advertising” and the installation of unwanted software, which is often disguised as useful utilities, many users are faced with a situation when after visiting a certain site, the phone begins to offer to install an “update” or “antivirus”, which is a sign of an attempt to introduce malicious code.

⚠️ Warning: Disabling the installation capability from unknown sources does not give 100% security, but eliminates the most common attack vector – human factor and accidental consent to install dubious software.

Parental controls are also worth mentioning, and if you hand over your phone to your child, pre-setting the bans on installing new games or programs will help avoid unforeseen costs and preserve the desktop structure. MIUI allows you to flexibly configure these settings, separating rights for system components and user applications.

📊 How you usually install applications?
Only Google Play.
Sometimes APKs from sites
I'm always downloading fashions and patches.
I use third-party stores (RuStore, GetApps)

Difference Between Global Ban and App Permissions

It is important to understand the architectural difference between security settings in Android from version 8 and above, which are actively used in Xiaomi smartphones. APK-In modern versions of the operating system, the approach has changed to a more detailed one.

Now, permission is given individually for each installer app, so for example, you can allow the installation of files through Google Chrome, but you can not allow it for Telegram or File Manager Explorer, which means that even if you download it, you can also download it. APK-file through the browser, the system will not allow it to run if the browser itself is not given the appropriate permission.

The global “ban everything” switch may not be explicitly included in the new menus, because security is built on the principle of “ban everything that is not explicitly allowed.” However, by resetting the permissions for all browsers and messengers, you actually implement a complete ban. This is a more secure approach, because it allows you to quickly access a specific trusted application if necessary without compromise for the entire system.

Why can a button be gray?
If the permission slider is inactive (gray), it may mean that the device has activated Advanced Protection mode or restrictions enabled via Google Family Link that block the user from changing their security settings.

Instructions: how to close access for browsers and messengers

To prevent the installation of applications, you need to go through the customization path and find permissions for specific programs through which you usually download files, most often browsers (Chrome, Yandex, Mi Browser) and instant messengers (Telegram, WhatsApp), the algorithm of actions is the same for all versions of MIUI and HyperOS.

First, open the Settings menu on your smartphone. In the list, find Application Protection or go to Apps → App Configurement. In some versions of the firmware, the desired item is in the Privacy → Special. features (although most often the permission settings are in the application menu).

☑️ Checking security settings

Done: 0 / 5

Once you log into the Install Unknown Apps menu, you'll see a list of all the programs that could theoretically initiate the installation. Your task is to find all browsers and file managers on this list. Click on the name of the application, such as Chrome, and turn the Allow Installation from this source to "Switch off." Repeat the procedure for all suspicious or frequently used programs for downloading.

It is also important to check the settings of the file manager itself. MIUI (The conductor. Often users forget that it is through it that downloaded APK-If you turn off the permission for Explorer, even if there is a file in the phone's memory, the system will give an error when you try to run it, requiring a reconfiguration, which is a great defense mechanism.

Google Play Protect and Scanning

Even if you do not install from unknown sources, an additional measure of protection is the built-in system Google Play Protect, which automatically scans the device for malware, even if they were installed in some way, bypassing standard restrictions, and you can verify its activity through the settings of the app store.

Open the Play Store app, click on the profile icon in the top right corner, and select Play Protection, which displays the status of the check and the latest scan time, and it is recommended to enable the "Improving Threat Detection" option, which allows Google to analyze the data on installed applications to identify new types of threats.

Protection functionWhere to find out.Default statusRecommendation
Installation of unknownsSettings → ApplicationsOff (for each)Keep it off.
Google Play ProtectPlay Market → ProtectionIncluded.Scanning on.
Installation checkGoogle Settings → SecurityIncluded.Don't turn it off.
Searching for devicesGoogle Settings → Find theIncluded.Keep active

Also in the Google account settings, in the Security section, check if the "Check Apps Before Installation" option is enabled, which blocks the installation of apps that could harm your device even if you try to install them from a trusted source, but the app's (digital signature) is suspicious to Google's algorithms.

💡

Tip: Periodically (once a month) go to the Install Unknown Apps menu and check the list. After system updates or new browsers are installed, permissions may reset or new items that require attention appear.

Restrictions for children and guest mode

If the purpose of disabling app installation is to restrict access to a child, then simple permission settings may not be enough, as a child can ask for a password or find a way to circumvent the ban. In such cases, it is advisable to use the Second Space profile or Google Family Link feature on Xiaomi smartphones.

The second space creates an isolated environment on the phone, similar to a new smartphone, in which you can not install browsers or app stores at all, leaving only games and educational programs, while the parent profile remains protected by a password or fingerprint, and the child will not be able to go to the main menu to change the security settings.

Using Family Link allows you to remotely manage permissions, and you can set up a rule that requires a child to request permission from a parent to install any new app (even from Google Play), giving you complete control over what appears on the device, and completely eliminating the possibility of quietly installing malware from unknown sources.

⚠️ Note: When using the Guest or Second Space mode, remember that permission settings for installing unknown applications there may be reset to standard (allowed) when you create a new profile.

Possible problems and solutions

During the setup process, users may encounter a situation where the system behaves unpredictably, such as you disabled the permission, but when you try to open it, you can use the system to open it. APK-The phone still suggests installing it, which may be because the file is opened by the wrong application you've blocked it from. Android can automatically select another file manager or service to open the file.

Another common problem is with device administrator rights. Some applications (especially antivirus or enterprise clients) may have administrator rights and block changing security settings. In this case, you need to go to Settings → Passwords and Security → Device administrators and check if there are any third-party programs that manage security policies.

If you can't install the legal application you want after all the manipulations (like a banking application that isn't in the Play Market or specialized software), you'll have to temporarily refund the permission. It's critical that once you install the right application, you turn off the permission for the source that installed it again. Don't leave that port open just in case, because that nullifies all the protection.

💡

Xiaomi’s smartphone security is based on the principle of minimal privileges: no application should be allowed to install other programs without your explicit and one-time need.

Frequently Asked Questions (FAQ)

Can I completely remove the installation option? APK-file-level?
You can't completely remove this feature without getting root rights, because it's a basic feature of the Android operating system. However, by disabling permissions for all source applications (browsers, explorers), you effectively block this feature for the average user. Even if the file is downloaded, the system won't find an application that is allowed to run it.
Does the shutdown of unknown sources affect the official GetApps store?
No, it doesn't. The GetApps store (formerly the Mi Store), which is pre-installed on Xiaomi smartphones, is a system application and has its own certificates. It works regardless of permission to install from unknown sources for third-party applications. However, if you download the GetApps installer from your browser, you will need permission to install it initially.
What if the "Allow" button is grey and not pressed?
This can happen for several reasons: (1) Advanced Protection Mode is enabled in Xiaomi’s security settings. (2) The device is under corporate profile or Family Link. (3) Malware with administrator rights blocks changes. In the first case, you need to disable extended protection, in the second, remove restrictions through your parent’s account, in the third, remove a suspicious application from the administrator list.
Is it safe to only enable permission for installation time?
Yes, this is the right strategy. If you need to install an app outside the store, turn on the permission for a specific browser or explorer just before you install it. Immediately after you successfully install and run the program, return the switch to "Off" position, which minimizes the time window in which the device is vulnerable to attacks.