Xiaomi smartphones collect vast amounts of data about users, from location history to app usage habits, which the manufacturer argues is โimproved services,โ but in practice, most telemetry is sent to China without the ownerโs explicit consent. Even after disabling the obvious options in the settings MIUI Surveillance continues through hidden services, advertising SDK and system utilities.
This article provides a complete analysis of all data leak channels on Xiaomi, Redmi and other sites. POCO, And we've done this with little-known methods of disabling telemetry that are not described in the official documentation. MIUI 14/15 (Android 13/14) And we found out which settings actually work and which ones only create the illusion of privacy.
1. Basic privacy settings in MIUI
Start with the obvious: disable all the data collection options Xiaomi offers in the interface. Most users are limited to this step, but it only blocks. 20-30% Telemetry, though, is the basis.
Go to Settings. โ Confidentiality โ Special permits and follow the following steps:
- ๐ Location: Turn off "Precision Accuracy" and delete history in Settings โ Location โ Location history, even off. GPS can transmit approximate coordinates through Wi-Fi networks and cell towers.
- ๐ Analytics MIUI: Deactivate โSending Error Reportsโ and โImprovingโ MIUI" In Settings โ The phone. โ Version. MIUI โ Three points (โฎ) โ Update settings.
- ๐ฏ Advertising Personalization: In Settings โ Confidentiality โ Disable all switches, including "Personalized Recommendations" and "Advertising" ID".
- ๐ Sync with Mi Account: Delete your Mi Account in Settings โ Accounts. โ Mi Account or at least disable synchronization of contacts, notes and call history.
After this manipulation, the phone will stop sending explicit data about your actions, but hidden telemetry (such as through msa, mipush and analytics) will continue to work.
๐ก
If after the advertising is disabling ID you continue to see targeted ads, clear the cache of the com.miui.systemAdSolution application through Settings โ Annexes โ Application management โ Three points (โฎ) โ Show all the processes.
2.Blocking system surveillance services without root
Xiaomi has integrated into MIUI Dozens of background services that collect data even when privacy settings are disabled, and they can't be removed without root, but you can block Internet access through a built-in firewall or third-party utilities.
List of key โspyโ services Xiaomi (relevant to the MIUI 14/15):
| Name of service | Package name (package name) | Function | Can I turn it off? |
|---|---|---|---|
| MIUI Analytics | com.miui.analytics | Collection of statistics on the use of the system | Yeah (network lock) |
| MSA (Mi Service Framework) | com.xiaomi.msa.global | Sending telemetry to China | Yes (critical for push notifications) |
| Mi Push Service | com.xiaomi.xmsf | Notifications and background synchronization | Partially (breaks some notifications) |
| Miui Daemon | com.miui.daemon | Collection of system logs | Yes (may affect stability) |
| Xiaomi Cloud Service | com.miui.cloudservice | Synchronization with Mi Cloud | Yes (unless you use the cloud) |
For lockdown:
- Install NetGuard (free, no root) or TrackerControl (requires) ADB).
- Manually add to the blacklist all packages from the table above.
- For com.xiaomi.msa.global and com.miui.analytics, set the rule "Block Wi-Fi" + mobile".
Install NetGuard or TrackerControl|Add packets to the blacklist|Check the locking rules|Reboot the phone-->
Important: Blocking com.xiaomi.xmsf will disable push notifications for all applications, including instant messengers. Alternatively, use MicroG with an open Push service.
3. disable Google surveillance (for phones with GMS)
If your Xiaomi came with Google services (GMS), besides MIUI Google Play Services collects data, and this telemetry includes:
- ๐ Location history (even when switched off) GPS Google Location Accuracy)
- ๐ Search history and activity in the Chrome browser
- ๐ฑ Data on installed applications and their use time
- ๐ค Voice recordings (if you use Google Assistant)
To minimize leakage:
- Go to Settings. โ Google โ Managing a Google Account โ Data and personalization.
- Disable: Location History, Web Search and Application Activity, Ad Personalization, Google Services Improved with Location History
- B Settings โ Annexes โ Google Play Services โ Permissions disable location, microphone and contacts.
- Remove or freeze (through) ADB) applications: com.google.android.gms (Google Play Services โ donโt delete, only limit permissions) com.google.android.gsf (Google Services Framework) com.google.android.apps.messaging (Messages)
Yeah, all included.|Just necessary (Play Market, Gmail)|Shut down most of it.|Completely removed GMS|I don't know.-->
For a radical approach, it can be removed. GMS completely and switch to alternative services (e.g. MicroG or Huawei Mobile Services), which requires unlocking the bootloader and installing custom firmware.
4. ADB-deep-switching telemetry
Hidden settings MIUI, Inaccessible through a graphical interface, can be modified by ADB (Android Debug Bridge: This method doesnโt require root, but it does require debugging activation. USB.
Turn on the debugging:
- Go to Settings. โ About the phone and 7 times click on "Version" MIUI", to unlock the Developer Mode.
- Return to Settings โ Additional โ For developers and activate โDebugging by USBโ.
- Connect the phone to the PC, confirm trust in the device.
Now run these commands in the PC terminal (click Enter after each):
adb shell pm disable-user --user 0 com.miui.analytics
adb shell pm disable-user --user 0 com.xiaomi.msa.global
adb shell pm disable-user --user 0 com.miui.daemon
adb shell pm disable-user --user 0 com.xiaomi.xmsf
adb shell pm disable-user --user 0 com.miui.cloudservice
adb shell pm disable-user --user 0 com.miui.systemAdSolution
Disable Google statistics collection (if there is a GMS)
adb shell pm disable-user --user 0 com.google.android.gms/.stats.service.DropBoxService
adb shell pm disable-user --user 0 com.google.android.gms/.chimera.GmsIntentOperationServiceThese commands freeze services, but they don't delete them. To get it back, replace disable-user with enable.
What happens if you turn it off? MSA (com.xiaomi.msa.global)?
5.Alternative firmware: full control without surveillance
If you want 100% privacy, the only solution is to install custom firmware without Xiaomi and Google services.
- ๐ฑ LineageOS is pure Android without telemetry, but requires manual MicroG installation to work with Google apps.
- ๐ก๏ธ GrapheneOS is a security-enhanced firmware, but officially supports only Pixel (Xiaomi has unofficial ports).
- ๐ DivestOS โ LineageOS fork with remote proprietary components and security patches.
- ๐ MIUI EU โ modified MIUI without Chinese services, but with the preservation of functionality.
Installation process:
- Unlock the bootloader via fastboot (the official way from Xiaomi takes over) 7-30 waiting days for the unlock code).
- Install TWRP Recovery or OrangeFox for your model.
- Sweep through the firmware and GApps (if you need Google services) or MicroG.
Warning: On some models (e.g. Xiaomi) 12/13 Unlocking the bootloader resets the encryption data, which can lead to loss of access to internal memory. TWRP before-fixing!
๐ก
Custom firmware is the only way to completely remove Xiaomiโs built-in telemetry, but it requires technical skills and can be a no-guarantee.
Additional measures: VPN, DNS and alternative services
Even after all services are shut down MIUI Google may have some data leaked through:
- ๐ DNS-requests (provider and some applications see which websites you visit)
- ๐ถ Mobile networks (the operator collects metadata about calls and SMS)
- ๐ Third-party apps (Facebook, TikTok, AliExpress) have their own surveillance mechanisms)
Recommendations for enhanced protection:
| Problem. | Decision | Tools |
|---|---|---|
| DNS-leakage | Use encrypted DNS (DoH/DoT) | 1.1.1.1 (Cloudflare), AdGuard DNS, NextDNS |
| Application traffic | Routing through VPN | ProtonVPN, Mullvad, IVPN |
| Surveillance of the operator | Use messengers with E2E-encryption | Signal, Session, Element |
| Advertising trackers | System-level locker | Blokada, RethinkDNS, TrackerControl |
For maximum anonymity:
- Install Orbot (Tor for Android) and route traffic to selected applications through it.
- Replace the standard Xiaomi apps with open-source counterparts: Browser: Bromite or Firefox with uBlock Origin Keyboard: AnySoftKeyboard or FlorisBoard Gallery: Simple Gallery or Aves
IMS-service
Settings โ SIM-maps and mobile networks โ Additionally.
๐ก
To check which apps are calling home, use PCAPdroid or NetGuard in log mode to help identify hidden connections.
7.Result check: how to make sure surveillance is off
Turning off all settings is only half the battle, and you have to verify that the data has actually stopped being sent.
- Network Traffic Analysis: Install PCAPdroid and start packet capture. Check if there are still connections to the domains:.mi.com,.xiaomi.com (Xiaomi servers).googleapis.com,.gstatic.com (Google).umeng.com,.mistat.xiaomi.com (analytics)
- Leak test DNS: Go to the site. DNS Check if you are using your phone and check if it is using your phone. DNS-provider or Xiaomi.
- Permissions verification: C Settings โ Annexes โ Permits to ensure that system services have revoked location, microphone, and contact rights.
- Advertising Tracker Test: Install AppChecker and scan apps for adverts SDK (e.g.com.google.android.gms.ads).
If after all the manipulations you still see suspicious connections, then:
- ๐ You missed a service (check the list in section 2).
- ๐ฆ You have a third-party spy app installed (often Chinese utilities or games are to blame).
- ๐ง A more radical solution is required (for example, custom firmware).
๐ก
Even after you shut down all the settings. MIUI To avoid this, block the domains ota.xiaomi.com and update.miui.com in the hosts file or through a firewall.
โ ๏ธ Note: Some Xiaomi models (e.g. Redmi Note 12 or X-ray) POCO X5) After a deep shutdown of telemetry, problems with work may occur. NFC This is because some of the features are tied to com.xiaomi.xmsf. If you encounter a bug, temporarily defrost the package through the service. ADB.