How to disable installation from unknown sources on Xiaomi

Modern smartphones Xiaomi, Redmi and POCO, shell-operated MIUI HyperOS, or the new HyperOS, offer users a wide range of customization options, but at the same time require special attention to security settings. One of the most critical features, which often stays on by default or is activated by users accidentally, is the permission to install applications from unknown sources. APK-Files not received from the official Google Play Market Store.

Many device owners activate this feature temporarily to install a particular application, and then forget to deactivate it, which creates a serious vulnerability. Malware masquerading as useful utilities can access your data without knowing. In this article, we will detail the process of disabling this permission to protect your device from potential threats and keep the operating system stable.

The security of your gadget depends on how closely you monitor the sources of the software you install, a basic digital hygiene rule that every Android ecosystem user should know: Below are step-by-step instructions that are relevant to the various firmware versions that are relevant in 2026.

Risks of installation APK-file-based

Before we get into technical settings, it’s important to understand why Android and the MIUI shell block app installation by default.The security mechanism, known as Google Play Protect, constantly scans the device for threats, but its effectiveness is greatly reduced when the user independently authorizes installation from unverified sources, which opens the door to Trojans, spyware and ad malware.

When the function is activated, any application, even a simple calculator or flashlight downloaded from a browser, has the theoretical ability to request permission to install other programs. Install from unknown sources system mechanism in modern versions of Android is not connected globally to the system, but individually to each installer application, which means that the permission given to the browser does not apply automatically to the file manager or messenger.

⚠️ Warning: A permanently activated installation option from unknown sources in the browser may result in automatic downloading and attempting to install malware immediately after you navigate to an infected advertising site, even without your explicit consent to launch. APK-file.

Attackers often use social engineering to persuade users to download Flash Player updates or antiviruses, which are actually encryption viruses. If the browser has the right permissions at that point, the lock may not work, so managing those permissions must be strictly selective and temporary.

Step-by-step disabling instructions in MIUI 14 and HyperOS

The security interface of Xiaomi shells may vary depending on the Android version and regional firmware. Current versions of MIUI 14 and the new HyperOS have more unified algorithms, but menu names may vary. The main path is through the general system settings, not through the Security app, as was the case in older versions.

To start, you need to open the main settings menu on your smartphone, find the privacy and data protection section, which is often classified in a separate category or integrated into the Apps block, and you need to find the Privacy Protection or Privacy section.

Next, you'll find a subsection related to application rights management, which is usually called Special Options or Special Access Rights, and this is where you hide the APK installation management, select Install Unknown Applications, and you'll see a list of all the programs that have the technical ability to initiate installation.

β˜‘οΈ Security checklist

Done: 0 / 4

In the list that opens, you'll see browsers (e.g. Chrome, Mi Browser), file managers (Enabler, ZArchiver) and instant messengers (Telegram, Viber), and your task is to find those applications that have the "Allow Application Installation" switch on. Click on any suspicious or unnecessary application and turn the switch to the "Open" position.

Managing permissions for specific applications

A unique feature of modern Xiaomi-based Android versions is granular rights management, which means that you don't just turn off the "general" feature, you stop a particular app from being an installer, which allows you to, for example, only allow installation for Google Chrome when you download files from a trusted source, but you can also prevent this from Telegram or Mi Video.

So let's look at a detailed algorithm for a specific source application, like a browser, and when you click on the browser icon in the "Install Unknown Apps" list, the system shows a screen that gives you a detailed description of the risks, and there's a switch that allows that source to install the apps, and that's what you want to deactivate.

It is important to note that when attempting to install APK-The system will request confirmation each time a global ban is not set, or redirect you to those settings if the rights are taken away. This creates an additional layer of protection known as interactive confirmation.

  • πŸ” Browsers: The main attack vector. It is recommended to keep the resolution off at all times, turning it on only at the time of downloading and installing a specific file, if there is an urgent need for this.
  • πŸ“‚ File Managers: Often used for installation APK, If you don't use third-party conductors, disable the rights for standard Explorer.
  • πŸ’¬ Messengers: Telegram and WhatsApp are often used for transfers APK-The installation permission is convenient but risky because the file can come from contact with a compromised account.
  • πŸ“Ί Media services: Apps like YouTube or video players should not be allowed to install software.

⚠️ Note: After updating the system or individual applications (such as Chrome or Telegram updates), permission settings may be reset or changed by the security system.

πŸ“Š How you usually install applications?
Only through the Play Market
Through APK from sites
Through APK from Telegram
Cable on the computer.

Use of the "Security" mode in the Security application

Xiaomi smartphones have a pre-installed system app called Security that duplicates some of the Android settings features but adds its own heuristic checks. Although installation rights management is now in system settings, the module plays an important role in monitoring installation attempts.

With the scan enabled, the Application Installer in MIUI can block APK from running even if the permission is formally given if the signature of the application is suspicious. However, you should not rely on this alone. In the Security app, you can find the Security Scan section, where sometimes warnings about the installation capability turned on from unknown sources are displayed.

If you are faced with a situation where the system does not allow you to turn off permission (the switch is active but does not respond), this may be a sign of the presence of administrator rights in a malicious application or the operation of a specific system process. In such cases, it is recommended to check the list of device administrators in the Passwords and Security section β†’ Device Administrators.

Also available in the Security app is Optimization, which, when launched, can suggest fixing "security issues" such as active installation from unknown sources. Automatic optimization is a quick way to bring settings to a safe state.

Comparison of settings in different versions of Android

The logic of permissions has changed with the release of new versions of the operating system, and understanding these differences helps you navigate the menu faster if you recently upgraded your smartphone or switched from another model. Below is a table showing the evolution of this mechanism.

Android versionType of managementLocation of the menuFeatures
Android 7-8Global switchSettings β†’ SecurityOne switch for the whole system
Android 9-10Page managementSettings β†’ Applications β†’ Special AccessThere is a division by application
Android 11-12Contextual permissionsSettings β†’ ConfidentialityIncreased control, added warnings
Android 13-14+Implicit authorizationsSettings β†’ Protection of privacyAutomatic resetting of rights after installation

The most recent versions of HyperOS, which are based on Android 14 and later, introduce an automatic permission revocation feature, and if an application has not been used for a long time to install an APK, the system can disable this access on its own, but manual verification remains the most reliable way to control it.

Additional protection measures for Xiaomi devices

Disabling the installation from unknown sources is just one step in building a defensive perimeter for your smartphone. Xiaomi’s ecosystem offers a number of additional tools that should be activated for comprehensive protection, primarily the Device Search and Mi Account protection feature.

It is recommended to activate the feature Improved Protection in the settings of Google Play, which runs in the background and checks the applications even after they are installed, analyzing their behavior. If the program begins to behave suspiciously (for example, trying to send SMS to a paid number or encrypt files), the service blocks its operation.

Also worth paying attention to settings MIUI+ or similar functions of interaction with the PC. If you do not use the broadcast of the phone screen to the computer, it is better to disable these services to exclude the possibility of remote installation of applications through vulnerabilities of communication protocols. Regular update of the system through the About system closes security holes through which attackers can circumvent the prohibition on installing APK.

Frequently Asked Questions (FAQ)

Can I completely remove the ability to install APK from my phone?
You can't completely remove the Package Installer system component without root rights and deep modifications, because it will disrupt the Play Market store and install system updates, but you can deny access to it to all user applications, which effectively blocks the installation from the outside.
Why does the installation still happen after the permission is turned off?
This can happen if you have a malicious application with administrator or access capabilities installed. Check the list of device administrators and turn off suspicious items. Also make sure you turn off permission for the exact application through which the installation is being installed (for example, for a browser or file manager).
Does this feature affect the Google Play Market?
No, Google Play Market is a trusted system application with its own privileged rights, and it continues to run as normal, download and update applications regardless of the status of the Install from Unknown Sources switch.
What if the app is not in the Play Market?
In this case, you can temporarily enable permission for a particular browser or file manager, install the application, and then immediately disable the permission again. This is a safe compromise, allowing you to get the necessary software without constant risk.
Do I need to restart my phone after changing my settings?
No reboot is required. Changes take effect immediately after switching the switch, but if you change the rights for an application that is currently trying to install something, the process will be interrupted, and the application can request permissions again on the next attempt.