Why Xiaomi can listen and how to detect it
Xiaomi smartphones are among the most popular in Russia due to their price-to-function ratio. But as sales increase, so do rumors about eavesdropping users. In 2023, Roskomnadzor repeatedly warned of the risks of data leakage through Chinese devices, and security studies (such as from Kaspersky and Dr.Web) confirmed the presence of vulnerabilities in MIUI firmware. But how to distinguish paranoia from a real threat?
The problem is that wiretapping isnβt always obvious: modern spyware can run in the background, masquerading as system processes, and in Russia, this is complicated by the fact that many applications (including banking) require advanced permissions that attackers exploit. For example, the Cerberus Trojan, discovered in 2022, could record sound through a microphone even when the screen was off.
In this article, 7 proven ways to test Xiaomi (including Redmi Note 12, POCO X5, Mi 11 and other models) for wiretapping, taking into account Russian features: from network traffic analysis to hardware modules. All methods work on Android 10-14 and do not require root rights (although with them the efficiency is higher).
1. App permissions check: who has access to the microphone
The first thing to do is to check which apps have access to the microphone, and even legitimate programs (like VKontakte or SberBank Online) can abuse permissions. MIUI It's done this way:
- Open Settings β Applications β Application Management.
- Click on the three dots in the top right corner and select Application Resolutions.
- Slip on the Microphone - here you will see a list of all programs with access.
Look for apps that don't have to use the microphone because of the logic of the work, like:
- π΄ Games (e.g. Genshin Impact or PUBG Mobile β They donβt need a microphone unless youβre streaming.
- π΄ Lanterns or calculators β a classic feature of spyware.
- π΄ Unknown apps with Chinese characters in the title (e.g. com.duokan.phone).
β οΈ Note: In Russia, some banking applications (e.g. Tinkoff or Alpha-Click) request a microphone for voice authentication.
If you find a suspicious app, revoke permission and observe the behavior of the phone. If there are problems after that (for example, spontaneous reboots), this may indicate hidden root access β see section 5.
2. Network Traffic Analysis: Who Is Transmitting Your Data
Spyware often sends data to remote servers, and to detect this, you need to analyze network traffic.
- π NetGuard (free, no root) β shows which programs are transmitting data.
Instructions for verification:
βοΈ How to analyze traffic on Xiaomi
Dangerous signs:
| Sign. | What does it mean? | Action. |
|---|---|---|
| The app transmits data at night (when the phone is not in use) | Spyware or botnet | Remove the application, check for viruses |
| Traffic's on. IP-addresses in China, Hong Kong or the United States | Leakage of data outside the Russian Federation | Use Whois to Verify IP Owner |
| Unknown app consumes >100 MB per month | Hidden audio/video transmission | Check the permissions and delete |
In 2023, Kaspersky Lab researchers found that some Xiaomi models (including the Redmi 9A) were sending data to api.io.mi.com servers even when cloud services were disabled, and if you see this domain in traffic, itβs not always wiretapping, but you should turn off sync with Mi Account.
3. Checking the microphone at the physical level
If you are concerned about hardware wiretapping (for example, through a built-in microphone), you can check its activity without software.
- Turn off the phone (hold the power button and select Turn off).
- Bring it to your ear in a quiet room.
- If you hear a slight noise, crackling or echo, the microphone can be activated.
A more accurate way to do this is to use a radio tester (like an RF Explorer), but it's expensive.
- π± Call from another phone to a verifiable Xiaomi.
- π If extraneous noises or echoes are heard during a conversation, this may indicate an interception of the audio stream.
- π Check the microphone heat (near the bottom of the phone) β if itβs warm for no reason, itβs suspicious.
β οΈ Attention: On Xiaomi models 12T and newer noise reduction system used AI Noise Cancellation, which can make background noises. It's not wiretapping, but if it's even when the noise cancellation is off, it's a cause for concern.
π‘
If you suspect hardware wiretapping, try using your phone in flight mode for 1-2 days. If the noise disappears, it's a software problem, if not, it's possible that the phone has a bug installed.
4. Search for hidden applications and spyware
Many of the eavesdropping programs are disguised as system processes, so that they can be found:
- Install an antivirus with Android base: Dr.Web Light, Kaspersky Mobile or Malwarebytes.
- Start a deep scan (not fast!).
- Note apps with names like com.android.system.update (fake system service), com.google.update (if you donβt have Google services) com.qualcomm.telephony (may be legitimate but often faked)
Also check the list of running processes:
- Install Simple System Monitor from Google Play.
- Open the Processes tab and sort by CPU or Memory.
- Look for high-consumption processes that shouldnβt work (like mediaservers with the player turned off).
How to check:
- Install Root Checker from Google Play.
- Run the check. If the result of the Root access is not properly installed, it's clean.
- If root is found but you havenβt installed it, itβs a 100% sign of hacking.
What to do if root is found:
- π‘οΈ Reset your phone to factory settings (Settings) β The phone. β Resetting settings).
- π‘οΈ Before reset, save important data (photos, contacts) to an external drive and check them with antivirus.
- π‘οΈ After reset, do not restore data from the backup β it may contain malicious code.
β οΈ Note: Some Xiaomi models (e.g. Redmi Note 10 Pro) have a hidden data partition after the reset. Use the command in Fastboot: fastboot erase userdata fastboot erase cache for complete cleanup!
6. Verification of hardware modules: can wiretapping go through SIM-map
In rare cases, wiretapping is carried out at the hardware level - through:
- πΆ SIM-Card (built-in chip to intercept calls).
- π‘ Module Wi-Fi/Bluetooth (Transferring data to nearby devices).
- π Battery (in old models could install bugs under the cover).
How to check:
- SIM-Card: Try calling with another SIM β If the noises are still there, the map is not the problem. IMSI Enter ##4636## and select Phone Information.
Wi-Fi/Bluetooth:
- Disable both modules and check if suspicious activity remains.
- Use Wiggle Wi-Fi Analyzer to find hidden networks near your phone.
In 2022, Russia recorded cases of phones being fitted with hardware bugs via a charging connector, and if you noticed that the phone was heating up when the screen was turned off or quickly discharged in flight mode, this could be a sign of such a device.
π‘
If you suspect hardware wiretapping, the best way to take the phone to the official Xiaomi service center in Russia. mi.com/ru/service. Donβt use informal workshops β they can be a problem!
7.Additional measures: how to protect yourself from future wiretaps
Even if the check does not identify threats, follow these rules to minimize the risks:
- π Turn off unnecessary permissions: go to Settings β Confidentiality β Permissions and disallow microphone, camera and location access for all applications except as required.
- π Use an alternative firmware: for example, LineageOS or Pixel Experience (requires unlocking the bootloader).
- π Set up a firewall: NetGuard or AFWall+ (Requires root to block suspicious traffic.
- π Check your phone regularly: scan for viruses and analyze traffic once a month.
For users in Russia, it is especially important:
- π΅ Don't install it. APK from unknown sources (even if they are hacked versions of popular apps).
- π΅ Disable sync with Mi Account if you do not use Xiaomi services: Settings β Xiaomi account β Synchronization.
- π΅ Use Russian. DNS To block suspicious domains: C Settings β Wi-Fi β Additionally. β DNS Please specify 77.88.8.8 (Yandex) or 8.8.8.8 (Google).
If you often work with sensitive information, consider buying a phone with a FSTEC certificate (like a BQ Aquaris or Fly FS506).They are less vulnerable to wiretapping, but also cost more.