Have you noticed a suspicious โUnknown Sourcesโ item in your Xiaomi or Redmi settings with permissions enabled for applications you didnโt install? Itโs not just a system bug โ it often indicates potentially dangerous changes in the security of your device. 80% of these records appear after installation APK-files from third-party sources, using modified firmware or even after virus attacks.
In this article, we will discuss all possible causes of unknown sources on Xiaomi devices (including models on the device). MIUI 14/15 We will also give you step-by-step instructions for removing them, from simple shutdowns in settings to deep cleaning of the system, and we will pay special attention to cases where unknown sources are not deleted by standard methods and require intervention through the use of a system. ADB or reset to factory settings.
What are Xiaomiโs โunknown sourcesโ and why are they dangerous?
The Unknown Sources feature was originally created by Android to install apps outside of Google Play. On Xiaomi, this mechanism works differently: the system maintains a separate permission log for each application that has been granted the right to install APK. The problem is that this log can contain entries from long-deleted programs or even malware.
Main risks:
- ๐ด Virus Vulnerability: Apps with the right to โunknown sourcesโ can install malware without your knowledge.
- ๐ด Data Leakage: Some programs use this permission to collect information about your installed applications.
- ๐ด Advertising inserts: Often through such sources, adware modules are distributed that show annoying advertising.
- ๐ด System malfunction: Conflicts between permissions can lead to lags and sudden reboots.
On MIUI and HyperOS, unknown sources may appear even after resetting if malware has managed to integrate into system files. For example, some modified firmware (Custom ROM) automatically add permissions for their services, which are not removed through the standard interface.
How to check the list of unknown sources on Xiaomi
Before you delete anything, you need to understand which apps have dangerous permissions, and Xiaomi does this through a hidden security menu:
- Open Settings โ Applications โ Application Management.
- Slip on the three dots in the upper right corner and select Special Access.
- Scroll down and find Install Unknown Applications (HyperOS may call Permissions to Install).
- You will see a list of all applications that are allowed to install APK from the outside.
Pay attention to:
- ๐ Apps with Chinese names (e.g. com.miui.analytics) โ it is best not to touch them unless absolutely necessary.
- ๐ Programs that you deleted long ago, but their permissions remained.
- ๐ Unknown services with random names (for example, a1b2.c3d4.update).
If there are suspicious entries in the list, but you are not sure of their origin, you can use VirusTotal to check the package name.
๐ก
On HyperOS, the path to settings may be different. If you don't find "Special Access," try searching for "unknown sources" in your settings.
Method 1: Standard disabling of permission
The simplest method is to revoke permission to install unknown sources from unnecessary applications, which will not delete the records themselves from the system, but will block their activity.
Instructions:
- Go to Settings โ Applications โ Application Management โ Special Access โ Install Unknown Applications.
- Slip on the application you want to disable.
- Transfer the slider to the Off position for the Allow installation from this source.
- Confirm action if the system requests a password or fingerprint.
After disabling the application will lose the ability to install APK-files, but the entry itself will remain in the list. If you need to completely remove the item from the menu, proceed to the following ways.
Check the list of permissions in the settings
Backup of important data
Remember the names of suspicious packages
Connect the device to charging (in case of long operations)-->
Method 2: Remove via ADB (for power users)
If unknown sources are not removed through the interface, you can use the Android debugging bridge (ADB), which requires connecting the device to a computer and basic command line knowledge.
Step-by-step:
- Turn on Developer Mode on Xiaomi: Go to Settings โ About Phone. Tap 7 times on MIUI Version (or HyperOS Build Number). Go back to the basic settings and open the Developer option that appears. Activate USB Debugging.
File transfer
ADB Tools
cmd
ADB
adb devicesMake sure your device is listed.
adb shell pm revoke PAKET NAME android.permission.REQUEST_INSTALL_PACKAGESReplace the PAKET NAME with a real name (e.g. com.android.browser).
To massively remove all unknown sources, you can use the script:
adb shell pm list packages | grep -Eo 'package:[^ ]+' | cut -d: -f2 | while read package; do adb shell pm revoke "$package" android.permission.REQUEST_INSTALL_PACKAGES; doneโ ๏ธ Note: Some system applications (com.miui.securitycenter, com.android.packageinstaller) may stop working correctly after the permission is revoked. If the device starts to glittle after the command, return the permission to the command: adb shell pm grant PAKET NAME android.permission.REQUEST_INSTALL_PACKAGES
Method 3: Resetting security settings
If unknown sources have appeared after installing suspicious applications or changing system files, a partial reset of security settings will help, which does not affect user data, but returns all permissions to factory values.
How to do this:
- Open Settings โ Memory โ Clean (or Settings โ Additional โ Security on HyperOS).
- Select Reset App Settings or Reset Permissions.
- Confirm action. The device will restart.
After the reboot:
- ๐ All installation permits APK will be disabled.
- ๐ List of unknown sources will be cleared (except system records).
- ๐ You will have to re-issue permissions to the desired applications (for example, the browser for downloading). APK).
This method is effective in 60% of cases, but does not help if unknown sources are registered in system files (/data/system/packages.xml).
What if the reset didn't help?
Method 4: Manual cleaning of system files (for advanced ones)
If previous methods failed, you can manually delete records of unknown sources from system files, which requires root rights and work with the Android file system.
Instructions:
- Get root access on your device (e.g., via Magisk).
- Install a file manager with root support (such as Root Explorer or Solid Explorer).
- Go to /data/system/users/0/ Find files: package-restrictions.xml packages.xml packages.list
Make backup copies of these files (copy to PC).
package-restrictions.xml
android.permission.REQUEST_INSTALL_PACKAGESRemove <restriction> blocks for unnecessary packets.
Save the changes, restart the device.
Example of package-restrictions.xml content before and after cleaning:
| Source file (with unknown sources) | Cleared file |
|---|---|
| <restriction package="com.unknown.app" perm="android.permission.REQUEST_INSTALL_PACKAGES" type="deny" /> | - (deleted) |
| <restriction package="com.ads.service" perm="android.permission.REQUEST_INSTALL_PACKAGES" type="grant" /> | - (deleted) |
| <restriction package="com.android.browser" perm="android.permission.REQUEST_INSTALL_PACKAGES" type="grant" /> | <restriction package="com.android.browser" perm="android.permission.REQUEST_INSTALL_PACKAGES" type="grant" /> |
โ ๏ธ Warning: Incorrect editing of system files can lead to bootloop ( looped reboot).If the device does not turn on after the changes, restore file backups through TWRP Recovery.
Method 5: Complete reset to factory settings
If none of these methods work, the last option is hard reset, which will remove all data from the device, including viruses and incorrect resolutions, and Xiaomi can do the reset in two ways:
Method 1. Through settings:
- Open Settings โ About the phone โ Reset settings.
- Choose to erase all data.
- Enter a password (if required) and confirm the action.
Method 2. Through Recovery:
- Turn off the device.
- Press the Power button + Volume up until the Mi logo appears.
- From the Recovery menu, select Wipe Data โ Wipe All Data.
- Confirm the reset and wait for the reset.
After discharge:
- ๐น All unknown sources will be removed.
- ๐น The device will return to factory condition.
- ๐น You will have to re-configure accounts and install applications.
If, even after the reset, unknown sources reappear, it means that:
- ๐ ๏ธ The device is infected with malware at the firmware level (needs flashing).
- ๐ ๏ธ Installed modified firmware with pre-registered permits.
- ๐ ๏ธ In boot or recovery sections, scripts are prescribed that restore permissions.
๐ก
Complete reset is the only reliable way to remove unknown sources if they are registered in system partitions (/system or /vendor).
How to Prevent the Reappearance of Unknown Sources
To prevent the problem from returning, follow these rules:
- ๐ก๏ธ Set up. APK only from trusted sources (e.g. APKMirror, official developer sites).
- ๐ก๏ธ Disable permission to install unknown sources immediately after use.
- ๐ก๏ธ Check the permission list in security settings regularly.
- ๐ก๏ธ Do not use modified firmware from unknown developers.
- ๐ก๏ธ Install antivirus (such as Malwarebytes or Bitdefender) to scan installed files.
HyperOS has a new feature called Private Installation Mode, which automatically revokes APK installation permissions after first use, to activate it:
- Go to Settings โ Privacy โ Special permissions.
- Enable the option to limit the installation of unknown applications.
We also recommend you disable automatic updates for system applications through the Mi App Store, as sometimes unnecessary permissions are installed along with legitimate updates.