How to turn off unknown sources on Xiaomi Android: the complete guide

Modern smartphones Xiaomi, Redmi and POCO This allows users to customize their applications beyond the official Google Play Store, but opens the door to potential threats if they don’t control the permissions of the system. Unknown Sources (or Installation through the USB/External sources ” is a critical gateway through which malware, miners and Trojans can penetrate the Android operating system.

Device owners often forget to disable this setting after installing the desired one. APK-The file, leaving the gadget vulnerable. MIUI And the new HyperOS mechanism for managing these permissions has been significantly redesigned to improve security, so you can't just tick the global "Allow All" box, but you need to be tailored to each installer application. Understanding how to properly deactivate these rights is a basic digital hygiene skill.

In this guide, we will take a detailed look at the algorithm for different firmware versions, explain the difference between global shutdown and selective rights limits, and cover hidden security settings, explain why the system can block installation even after all switches are turned off, and how to use the built-in Security security tools to monitor suspicious activity.

Why you should disable the installation from unknown sources

The main reason for restricting third-party app install rights is because of the Android security architecture. The operating system only trusts verified applications from Google Play Protect by default. When you allow installation from unknown sources, you are effectively telling the system, "Trust any code that comes through this particular data channel." Most often, browsers (Chrome, Mi Browser), instant messengers (Telegram, WhatsApp) or file managers are such channels.

⚠️ Warning: Constantly activated installation from unknown sources in the browser can lead to automatic download and installation of adware when visiting even slightly suspicious sites.

Attackers often disguise malicious code as useful utilities, game mods, or hacked versions of paid programs. If the installer app has permission to install the file at the time it launches, the virus can penetrate deeper into the system by gaining access to contacts, SMS And by disabling this feature right after you use it, you're reducing the risk of an accidental installation to zero, because even when you download a malicious one, you're not going to be able to do it. APK-The file system will not let it run.

In addition, Xiaomi devices with MIUI shells have additional protection that scans installation files through cloud databases. However, this protection works more effectively when the door to external sources is closed. System permissions are the last line of defense. If you use a device for online banking or storing important work correspondence, minimizing attack surfaces by disabling unnecessary rights is a mandatory procedure.

  • 🛡️ Preventing Automatic Installation of Advertising Applications in Accidental Link Switching.
  • 🔒 Protecting personal data from spyware masquerading as useful utilities.
  • ⚡ Reducing the load on the processor, as background processes of miners will not be able to start without installation rights.
  • 📉 Retaining battery power, which is often consumed by hidden advertising modules.

Distinguishing global configuration from application permissions in MIUI

In older versions of Android, there was a single Unknown Sources setting that turned on or off for the entire system at once. In modern versions of MIUI 12, 13, 14 and HyperOS, Google changed the approach to security. Now rights management has become granular (detailed).

For example, if you installed an application on Chrome, you have to take the rights away from your browser. If you installed it on Telegram, you have to take it from your messenger. The MIUI file manager also has its own independent installation rights, so that even if one application is compromised, it can't use the rights of the other. Understanding this difference is critical: finding one common "Stop All" button in the new firmware won't get you anywhere, because it's not there.

Why does the security settings have a warning when everything is off?
Sometimes the security indicator shows the risk, even if you disable the rights of all applications, this happens if the system has left “tails” from remote programs or if the function “Search for unknown sources” is enabled in the settings of Google Play, and a warning may appear if you are debugging over USB with installation rights.

There's also the concept of Special Options, which is often confused with app installation: Some viruses require access rights to intercept screen control, it's a separate settings section, but it's closely related to overall security, and make sure you don't give suspicious apps permission to control the screen while you're looking at the installation sources.

Step-by-step: how to disable the installation through the Settings menu

The most reliable and correct way to manage permissions is through the system settings menu. The interface may vary slightly depending on the version of MIUI or HyperOS, but the logic remains the same. Below is an algorithm that is relevant to most modern smartphones Xiaomi, Redmi and POCO.

First, open the main settings menu for your device. Find a section called Apps (or Apps and Notifications). In some firmware versions, this item may be called Application Management. Inside this section, you'll need to find a section related to access rights, which can be called Permissions, Special Permissions, or Additional Permissions.

☑️ Security check

Done: 0 / 6

In the list of “Install Unknown Applications” (or “External Sources”), you will see a list of programs that have or had the right to install. APK-You're usually looking at browsers, messengers, and file managers, and your job is to go through this list and make sure that the switches in front of all the apps are off (gray). If you see an application that you do not use to install programs, or that you do not know, its rights must be revoked immediately.

The alternative way to search for settings is often faster. There's a search bar at the top of the settings screen. Type in the phrase "unknown" or "external." The system will prompt you to go to the desired menu section. This is especially convenient if the menu items have been renamed in your firmware version. Once you click on the link from the search, you will immediately be placed in the list of installers.

Managing Rights through Application Manager

If you prefer not to search for general settings, but to manage the rights point by point for each application, you can use the Application Manager, which is convenient when you know exactly which program you downloaded a file from and want to quickly close it. For example, after installing an APK via Telegram, you can immediately go to the settings of the Telegram itself and take away the rights.

To do this, go to Settings → Apps → All Apps. Find the program you want (like Chrome or Mi Browser) on the list. Click on it to open the app card. From the menu, find “Other Permissions” or immediately switch to the “Allowances” tab. From the list, find “Install Unknown Apps” and disable it.

The good thing about this is that you can see the context: you're inside the settings of a particular application and you know what rights it's given. In HyperOS, when you try to access an unknown source installation, the system can suggest that you go to the settings and disable that right if you think it's suspicious. Always agree to those security offers.

  • 📲 Open the settings of a specific source application (browser or messenger).
  • 🔍 Go to the section "Permissions» → «Additionally».
  • ❌ Find the item “Install unknown applications” and set a ban.
  • ✅ Repeat the procedure for all applications through which you download files.

Security settings in Google Play Protect

Beyond settings for the MIUI shell itself, Google’s built-in protection plays an important role. Play Protect scans your device for malware and can block app installation even if you’ve given permission, but sometimes users need to turn off Play Protect to install specific modified apps and then turn it back on.

To check the status of protection, open the Google Play Store app. Click on your profile icon in the upper right corner. In the drop-down menu, select Play Protection (or Play Protect). Here you will see scan status and the ability to check the device right now. In the settings of this section (cogs), you can turn off or turn on App Check.

ParameterRecommended valueSafety impact
Checking applicationsIncluded.High (blocks known viruses)
Improve detectionIncluded.Average (sends data to Google)
Do not give warningsOff.High (warning of dangerous applications)
Allow installation from PlayIncluded.Basic (allows the operation of the store)

It is important to understand that completely disabling Play Protect reduces the level of protection of the device. If you disable Unknown Sources in the Android settings, but turned off Play Protect, you still risk if you accidentally launch the script or take advantage of a system vulnerability. The optimal configuration is to allow installation only for trusted file managers for a short time and keep Play Protect active.

💡

Periodically (once a month) check the list of applications with installation rights. Often after system updates or the applications themselves, settings may be reset or changed, returning the default rights.

Problem Solving: If the menu item is inactive or hidden

In some cases, users are faced with a situation where the menu item “Unknown sources” is blocked, hidden or highlighted in gray and it cannot be changed. This is often found on devices provided by carriers or on corporate firmware versions where the administrator has restricted the installation of software. This is also possible if the device activates superuser rights (Root) or enabled debugging. USB parameterized.

If the menu item is not available, try turning off Developer Mode. Go to Settings → Advanced Settings → Developer Settings and turn off the master switch at the top. Sometimes having USB debugging enabled blocks some security settings from being changed because the system thinks the device is being controlled by a computer.

⚠️ Note: If you use third-party launchers or memory cleanup applications (Clean Master and similar), they may have hidden permissions that conflict with system security settings.

Another reason could be the presence of active job profiles or corporate policies (MDMs). If the phone was issued by an employer or corporate certificates were installed on it, the administrator could block the installation of applications from the outside. Check for profiles in the Passwords and Security section → Privacy → Device Administrators. If there are unknown administrators, disable them.

📊 Have you ever had a security lock on Xiaomi?
Yes, the settings were gray/inactive
No, everything switched freely.
I have a Root and I change through the terminal.
I only use Google Play, I don’t need it.

Frequently Asked Questions (FAQ)

Can I completely remove the installation option? APK-file-only?
You can't completely remove the Package Installer system component without getting Root rights and deep system modifications. It's a critical component of Android. However, you can make sure you're as safe as possible by disabling the Installation of Unknown Apps rights for all user applications (browsers, instant messengers), in which case no program can initiate the installation except for the Google Play Store itself.
Why does the phone still warn you of danger after all sources are turned off?
This may be due to the work of Google Play Protect, which scans already installed applications and finds potential code in them. Also, a warning may appear if the system has installer files (.apk) in the download folder, which the system periodically scans.
Is it safe to use third-party app stores like Aptoide or RuStore?
Using alternative app stores always carries a slightly greater risk than the official Google Play, as moderation there may be less strict. However, large alternative stores (like RuStore or Galaxy Store) are generally considered safe. The main rule is: after installing the app store itself, disable the right to Install Unknown Apps unless it requires it to be constantly available for updates to work (although most work through their internal update mechanism).
What if the virus requires the administrator’s rights and prevents you from disabling unknown sources?
If a malicious application has blocked access to settings, try entering Safe Mode (usually by pressing the turn off button on the desktop, then long pressing the Turn off icon). In Safe Mode, third-party applications do not start. There you can remove the virus application through settings and regain control of the system.

💡

The main principle of security on Xiaomi: let the right installation APK-Files only for the duration of one particular operation and select them immediately after installation is complete.