How to completely remove unknown sources on Xiaomi: 5 proven ways

Have you noticed a suspicious โ€œUnknown Sourcesโ€ item in your Xiaomi or Redmi settings with permissions enabled for applications you didnโ€™t install? Itโ€™s not just a system bug โ€” it often indicates potentially dangerous changes in the security of your device. 80% of these records appear after installation APK-files from third-party sources, using modified firmware or even after virus attacks.

In this article, we will discuss all possible causes of unknown sources on Xiaomi devices (including models on the device). MIUI 14/15 We will also give you step-by-step instructions for removing them, from simple shutdowns in settings to deep cleaning of the system, and we will pay special attention to cases where unknown sources are not deleted by standard methods and require intervention through the use of a system. ADB or reset to factory settings.

What are Xiaomiโ€™s โ€œunknown sourcesโ€ and why are they dangerous?

The Unknown Sources feature was originally created by Android to install apps outside of Google Play. On Xiaomi, this mechanism works differently: the system maintains a separate permission log for each application that has been granted the right to install APK. The problem is that this log can contain entries from long-deleted programs or even malware.

Main risks:

  • ๐Ÿ”ด Virus Vulnerability: Apps with the right to โ€œunknown sourcesโ€ can install malware without your knowledge.
  • ๐Ÿ”ด Data Leakage: Some programs use this permission to collect information about your installed applications.
  • ๐Ÿ”ด Advertising inserts: Often through such sources, adware modules are distributed that show annoying advertising.
  • ๐Ÿ”ด System malfunction: Conflicts between permissions can lead to lags and sudden reboots.

On MIUI and HyperOS, unknown sources may appear even after resetting if malware has managed to integrate into system files. For example, some modified firmware (Custom ROM) automatically add permissions for their services, which are not removed through the standard interface.

๐Ÿ“Š How often do you set up APK third-party?
Never.
Rarely (1-2 times a year)
Frequently (once a month)
All the time (weekly)

How to check the list of unknown sources on Xiaomi

Before you delete anything, you need to understand which apps have dangerous permissions, and Xiaomi does this through a hidden security menu:

  1. Open Settings โ†’ Applications โ†’ Application Management.
  2. Slip on the three dots in the upper right corner and select Special Access.
  3. Scroll down and find Install Unknown Applications (HyperOS may call Permissions to Install).
  4. You will see a list of all applications that are allowed to install APK from the outside.

Pay attention to:

  • ๐Ÿ“Œ Apps with Chinese names (e.g. com.miui.analytics) โ€“ it is best not to touch them unless absolutely necessary.
  • ๐Ÿ“Œ Programs that you deleted long ago, but their permissions remained.
  • ๐Ÿ“Œ Unknown services with random names (for example, a1b2.c3d4.update).

If there are suspicious entries in the list, but you are not sure of their origin, you can use VirusTotal to check the package name.

๐Ÿ’ก

On HyperOS, the path to settings may be different. If you don't find "Special Access," try searching for "unknown sources" in your settings.

Method 1: Standard disabling of permission

The simplest method is to revoke permission to install unknown sources from unnecessary applications, which will not delete the records themselves from the system, but will block their activity.

Instructions:

  1. Go to Settings โ†’ Applications โ†’ Application Management โ†’ Special Access โ†’ Install Unknown Applications.
  2. Slip on the application you want to disable.
  3. Transfer the slider to the Off position for the Allow installation from this source.
  4. Confirm action if the system requests a password or fingerprint.

After disabling the application will lose the ability to install APK-files, but the entry itself will remain in the list. If you need to completely remove the item from the menu, proceed to the following ways.

Check the list of permissions in the settings

Backup of important data

Remember the names of suspicious packages

Connect the device to charging (in case of long operations)-->

Method 2: Remove via ADB (for power users)

If unknown sources are not removed through the interface, you can use the Android debugging bridge (ADB), which requires connecting the device to a computer and basic command line knowledge.

Step-by-step:

  1. Turn on Developer Mode on Xiaomi: Go to Settings โ†’ About Phone. Tap 7 times on MIUI Version (or HyperOS Build Number). Go back to the basic settings and open the Developer option that appears. Activate USB Debugging.

File transfer

ADB Tools

cmd

ADB

adb devices

Make sure your device is listed.

adb shell pm revoke PAKET NAME android.permission.REQUEST_INSTALL_PACKAGES

Replace the PAKET NAME with a real name (e.g. com.android.browser).

To massively remove all unknown sources, you can use the script:

adb shell pm list packages | grep -Eo 'package:[^ ]+' | cut -d: -f2 | while read package; do adb shell pm revoke "$package" android.permission.REQUEST_INSTALL_PACKAGES; done

โš ๏ธ Note: Some system applications (com.miui.securitycenter, com.android.packageinstaller) may stop working correctly after the permission is revoked. If the device starts to glittle after the command, return the permission to the command: adb shell pm grant PAKET NAME android.permission.REQUEST_INSTALL_PACKAGES

Method 3: Resetting security settings

If unknown sources have appeared after installing suspicious applications or changing system files, a partial reset of security settings will help, which does not affect user data, but returns all permissions to factory values.

How to do this:

  1. Open Settings โ†’ Memory โ†’ Clean (or Settings โ†’ Additional โ†’ Security on HyperOS).
  2. Select Reset App Settings or Reset Permissions.
  3. Confirm action. The device will restart.

After the reboot:

  • ๐Ÿ”„ All installation permits APK will be disabled.
  • ๐Ÿ”„ List of unknown sources will be cleared (except system records).
  • ๐Ÿ”„ You will have to re-issue permissions to the desired applications (for example, the browser for downloading). APK).

This method is effective in 60% of cases, but does not help if unknown sources are registered in system files (/data/system/packages.xml).

What if the reset didn't help?
If unknown sources remain after the reset, this means that: 1. the malware managed to obtain superuser rights (root). 2. A modified firmware with pre-registered permissions is installed. 3. System files in the /system section are infected. In such cases, only a complete flashing of the device via Fastboot or Recovery will help.

Method 4: Manual cleaning of system files (for advanced ones)

If previous methods failed, you can manually delete records of unknown sources from system files, which requires root rights and work with the Android file system.

Instructions:

  1. Get root access on your device (e.g., via Magisk).
  2. Install a file manager with root support (such as Root Explorer or Solid Explorer).
  3. Go to /data/system/users/0/ Find files: package-restrictions.xml packages.xml packages.list

Make backup copies of these files (copy to PC).

package-restrictions.xml

android.permission.REQUEST_INSTALL_PACKAGES

Remove <restriction> blocks for unnecessary packets.

Save the changes, restart the device.

Example of package-restrictions.xml content before and after cleaning:

Source file (with unknown sources)Cleared file
<restriction package="com.unknown.app" perm="android.permission.REQUEST_INSTALL_PACKAGES" type="deny" />- (deleted)
<restriction package="com.ads.service" perm="android.permission.REQUEST_INSTALL_PACKAGES" type="grant" />- (deleted)
<restriction package="com.android.browser" perm="android.permission.REQUEST_INSTALL_PACKAGES" type="grant" /><restriction package="com.android.browser" perm="android.permission.REQUEST_INSTALL_PACKAGES" type="grant" />

โš ๏ธ Warning: Incorrect editing of system files can lead to bootloop ( looped reboot).If the device does not turn on after the changes, restore file backups through TWRP Recovery.

Method 5: Complete reset to factory settings

If none of these methods work, the last option is hard reset, which will remove all data from the device, including viruses and incorrect resolutions, and Xiaomi can do the reset in two ways:

Method 1. Through settings:

  1. Open Settings โ†’ About the phone โ†’ Reset settings.
  2. Choose to erase all data.
  3. Enter a password (if required) and confirm the action.

Method 2. Through Recovery:

  1. Turn off the device.
  2. Press the Power button + Volume up until the Mi logo appears.
  3. From the Recovery menu, select Wipe Data โ†’ Wipe All Data.
  4. Confirm the reset and wait for the reset.

After discharge:

  • ๐Ÿ”น All unknown sources will be removed.
  • ๐Ÿ”น The device will return to factory condition.
  • ๐Ÿ”น You will have to re-configure accounts and install applications.

If, even after the reset, unknown sources reappear, it means that:

  • ๐Ÿ› ๏ธ The device is infected with malware at the firmware level (needs flashing).
  • ๐Ÿ› ๏ธ Installed modified firmware with pre-registered permits.
  • ๐Ÿ› ๏ธ In boot or recovery sections, scripts are prescribed that restore permissions.

๐Ÿ’ก

Complete reset is the only reliable way to remove unknown sources if they are registered in system partitions (/system or /vendor).

How to Prevent the Reappearance of Unknown Sources

To prevent the problem from returning, follow these rules:

  • ๐Ÿ›ก๏ธ Set up. APK only from trusted sources (e.g. APKMirror, official developer sites).
  • ๐Ÿ›ก๏ธ Disable permission to install unknown sources immediately after use.
  • ๐Ÿ›ก๏ธ Check the permission list in security settings regularly.
  • ๐Ÿ›ก๏ธ Do not use modified firmware from unknown developers.
  • ๐Ÿ›ก๏ธ Install antivirus (such as Malwarebytes or Bitdefender) to scan installed files.

HyperOS has a new feature called Private Installation Mode, which automatically revokes APK installation permissions after first use, to activate it:

  1. Go to Settings โ†’ Privacy โ†’ Special permissions.
  2. Enable the option to limit the installation of unknown applications.

We also recommend you disable automatic updates for system applications through the Mi App Store, as sometimes unnecessary permissions are installed along with legitimate updates.

FAQ: Frequent questions about unknown sources on Xiaomi

Can I remove unknown sources (e.g., com.miui.securitycenter)?
No, system records (com.miui.securitycenter, com.android.packageinstaller) cannot be deleted, this will cause MIUI/HyperOS to malfunction. They can only be disabled through ADB, but this is not recommended.
Why do unknown sources appear again after the dumping?
That means: The device has superuser malware installed, it uses modified firmware with permissions, it has scripts in the /system or /vendor section that restore records, and it has a solution: reflash the device through Fastboot with official firmware.
How do I know which app has been added by an unknown source?
Use the App Inspector app (available on Google Play): Install and open the App Inspector. Enter the name of the package from a list of unknown sources. The program will show which application is associated with the package. If the package is not found, it is either a remote application or a system component.
Is it safe to shut down all unknown sources?
Yes, but with reservations: โœ… You can disable permissions for third-party applications (browsers, file managers). โŒ You can not disable permissions for system components (com.miui., com.android.). If legitimate functions (for example, updating applications) stop working after the shutdown, return the permission.
Can antivirus software remove unknown sources?
No, antiviruses (Avast, Kaspersky) can only: Detect malware that has added permissions, prevent the installation of new unknown sources. The antivirus itself does not delete the entries in the settings - it needs methods from this article.